Single AD Forest Multiple Domains with Group Mapping & Global Protect

Does anyone have any best practives on how to configure Multi-Domain authentication with Global Protect?  I see how to map/sync groups in multiple domains in my forest, but not entirely sure the process for the Global Protect end.  Right now I am usi

PAN as VPN Client ipsec psk+xauth

I am a bit new at VPN stuff - I have a PAN-500, i configured VPN for users just fine (IPSec+xauth "cisco compatible" so it works with pretty much anything), as well as static site to site IPSec tunnels.

What I cannot figure out how to do is make my

Console interface of 7.0-h2

Is there a place to test out the 7.0-h2 console interface before upgrading, offered by PA?

Cannot Change Application Risk Category Customization

I'm running 7.1.2, but the problem started after 7.1 beta update, I believe.

Setting an applicaiton risk category manually results in it showing up correctly in the application's open window details; however, the firewall will only recognize the de

Rule to block TOR Application blocks all traffic directed to Internet

Hello Community,

we have an issue when we try to block TOR application. We do a rule like the image reported below and put it on top of the rulebase:

But it seems that all Internet traffic is dropped by the rule named "Tor_Blocking".

 We see t

Sample configurations and logs for PAN-OS and Panorama for VM-Series Base Images

Dear PA,

In order to enhance my learning effect with PA products, I installed VM workstation 12 Player and downloaded and ran the PA-VM-ESX-7.1.0 Base Images in it. The PAN-OS (Play virtual machine) runs fantastic on windows 7. I enjoyed playing ar

Downloading files like exe and iso taking long time

Hi,
Downloading files like iso and exe taking long time than expected

Any help
Thanks

Captive portal user-id for all services

Hi,

I have set up a captive portal for services http and https. The captive portal works well and I get user-id/IP mapping in the logs. The rules are then applied based on the user group membership (AD). However, this user-id mapping does not work

Identify custom application

Hi,

we have created a custom application ports tcp/1524-1541, but our Palo Alto is still identifying this app as ORACLE. Why is not taking our custom app?

Regads,

Terminal Server Agent service account issue.

Configured a new TS on palo alto and installed agent on the server. Already have 2 TS configured on the PA and running fine.This new server has 2 service accounts with both needing internet access. These are adsync and centrify service accounts. I ca

Url category unknown for dropbox and msn

Hello

I'm using BrightCloud URL Filtering (at the moment I have 4792 version on my device). I'm started testing this functionality (security policy with url filtering in monitor mode).

In Monitor tab in URL filtering section I see:

How it's possib