GlobalProtect multiple authentication profiles? External contractors, ldap users with certs

Hi 

Im looking for solution. I need to configure global protect to:

• Login LDAP users. For ldap users it has to check if client has machine certificate on it
• Login external contractors. They have accounts created on palo device and there is no need to

transfer license to new device

 an old PA firewall that was just RMAed---need help on transferring the licenses over to the new device

User-ID exclude OU

Can usernames within a specific OU be excluded from user-id mappings? 

We'd like to avoid mapping user's administrator account names to their workstation IP addresses which happens from time to time due to logging into shares with admin credentials

Import Panorama Configuration Into Expedition and export Device Specific configuration

Hi Experts, I am quiet new to Expedition, currently i am involved in a mass project where i have to migrate exiting Palo Alto Firewall into new. The existing firewall is managed by panorama which have tons of Network addresses and security policies w

Elastic search suddenly down

Hi,

I am writing this to ask if anyone has experience with ES suddenly down? After restart only logs become normal. I need idea on what we can check to know the root cause of ES suddenly down.

Diffie-Hellman-Groups: Why no brainpool curves?

While setting up a VPN with a Cisco ASA, I stumbled accross the quite small list of DH Groups implemented in PA firewalls.

So I wonder what the rationale was for choosing the implemented groups. As a German engineer working for goverment and other pub

How do I update OSS apps only?

Hello all,

I've found this kb: 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltxCAC

I'm trying to install the latest apps on the OSS. I've downloaded "all apps" from csp and when I'm trying to install it, I receive t

SFP & SFP+ Transceivers not automatically detected on PAN-OS 11.1.2-h3

Hello everyone!

Before we go to the main point let me just give a explanation that happened. So we have a PA-1410 fresh from the box and tried to perform a basic power on test, the device firmware version currently seated on 11.0.3, I tried to chec

MAC-in-MAC on esxi - ha_aa_pktfwd_err_decap

I've been trying to track this issue down for a month or so now and haven't had a lot of luck with any of the permutations in my vmware environment. 

I am running two 11.0.4-h2 PA-VMs in Active/Active mode. I'm using floating gateways and all is runn

TLS 1.3 has General Protocol Error

Hi all,

Fairly new to PAN OS and have just enabled decryption on my 10.2.3-h4 VM-300 firewall.  In my decryption logs, all entries for TLS 1.3 are having a 'General Protocol Error'.  When running a v11.0.1 firewall (that I had to downgrade due to dat

Certificate Expiry

Hi All,

I am trying to import the Azure SAML certificate to use it in the Identity Provider Certificate as it is expiring this Thursday. But i am getting the attached error. Does it mean do i need to delete the existing one and then import it? I have