Tag: PAN-OS

Palo Alto User-ID and Terminal Server Agent Certificates

On November 18th, 2024, the certificates that the Palo Alto User-ID agent and the Palo Alto Terminal Server agent use to communicate with a Palo Alto firewall will expire, causing all communication to fail. Palo Alto Networks has made new versions of the User-ID and TS agents with updated certificates that will expire on January…

Palo Alto Terminal Server Agent Upgrade

Palo Alto Networks makes a program named Terminal Server Agent, aka the TS Agent. It is similar to the User-ID agent. However, the TS Agent is built to identify users on a multi-user system. In this post, I will show you step-by-step how to upgrade the Palo Alto Networks Terminal Server agent. Prerequisites The TS…

Palo Alto Device Certificate

Palo Alto Networks firewalls often require a device certificate. A device certificate is needed for items like device telemetry and for some of the CDSS (Cloud-Delivered Security Services) items, such as WildFire, DNS and URL filtering, and others. In this post, I show you step-by-step how to check if a device certificate is installed and…

Palo Alto Private Data Reset with HA (Active/Passive)

Sometimes, you need to do a quick factory reset on a Palo Alto Networks firewall. If you aren’t decommissioning the firewall, a Private Data Reset can be a faster way to accomplish similar results as a factory reset and can be done via CLI directly and could technically be done remotely with some coordination. In…

Securing GlobalProtect

Out of the box, you can’t just add a Security Profile to the interface that runs GlobalProtect fortunately there’s a relatively easy way to do it with minimal impact to your existing GlobalProtect setup. In this post, I will show you step-by-step how to secure GlobalProtect by adding protection with a Vulnerability Protection Profile or…

Upgrade Palo Alto HA Pair (Active/Passive) with CLI

I’m a big fan of CLI, I love to use it when I can, it always feels more complete and absolute. A while back I posted how to Upgrade Palo Alto Firewall HA Pair (Active/Passive) in that post I only covered the GUI method this post will detail how to complete everything with CLI only.…

Palo Alto Predefined IP Commit Error Fix

In this post I will detail how to resolve the Palo Alto commit error when trying to commit a predefined IP list. Below is an example of the error Validation Error:external-list -> Palo Alto Networks Tor exit IP Addresses -> type -> predefined-ip -> url ‘panw-torexit-ip-list’ is not a valid referenceexternal-list -> Palo Alto Networks…