Agentless User-ID Question

So I've been under the impression that our PA-3020s contact the ADDC servers to authenticate users every 20 minutes when it's setup to do a probe; then caches this information locally so that it isn't constantly hammering the servers with WMI request

Any guides to setup Global Protect always on(user-logon) when using Radius with RSA ?

We are using a mixed 7.0.x environment for PAN-OS  and are using GP v. 3.0.2 and I want to test out using the always-on(user-logon)  or (pre-logon)  feature with Global Protect so that when our users take their laptops home, they must sign into globa

IPSEC interoperability - PAN-VM-200 to CISCO ASA 5505

Good Day

First - Do you need a IPSEC license for a PAN-VM?

Second - Can I follow the PAN guide for - "IPSEC interoperaability between Palo Alto Firewalls and CISCO ASA"? The reason I ask is the guide show conifguration between a PAN-5060 and a AS

Software versions

Why are for example the software version 7.1.3 (29.6.2016) ready for download and update before 7.0.9 (1.8.2016)? When I look at the Software-option under Device when I am about to update my PA-3020, I get confused when I see for example version 7.1.

Does Global Protect maintain a list of MS patches

Does Global Protect maintain a list of MS patches or does it only look for the patches that you list in the HIP object? If it does maintain a list were can you see the list?

ISP Load balancing with ECMP

I have the Following Scenario on a PA-200

[ISP1]

Zone = Untrust

Eth1/1 = 192.168.7.110/24

Modem GW = 192.168.7.1/24

[ISP2]

Zone= Untrust

Eth1/2 = 192.168.5.110/24

Modem GW = 192.168.5.1/24

[Local LAN]

Zone=Trust

Eth1/3 = 10.1.1.1/24

Running DNS-Proxy and DHCP

How to filter rule by subnet

Hi there,

I'm trying to filter the rules via subnet.  Is this possible ?  I've tried copying (addr in '10.10.10.0/24') from a working log filter search and that doesn't seem to work.  There's no filter builder like the log search box so i can just u

Max number of supported tunnel VPN client to site on PA-200

Hello,

I must configure a simultaneous access VPN client to site for 60 users on the PA-200. But this firewall support only 25 tunnels vpn (datasheet PA-200). It's possible to have an extension of the number of vpn tunnel on the PA-200?

Issue after Internet Upgrade

We recently installed a new 300/300 circuit and MIS router at my workplace.  No IPs have been changed, but since the upgrade we cannot ping internet addresses, and our latency and speed results from speedtest.net are horrific (like 1000+ and less tha

Service settings in a NAT

I ran across this setting this morning- when setting up a NAT rule, you can specify a service or service group. Cool, but is there a reason to do that when a policy is necessary to open a service port?

Error Checking credentials - Gateway Timed out

Hi There,

  I have installed Minemeld on my Ubuntu Server 14.04.. And the service is up and running.. Wheneve I use the default Username and Password to logon to the console, it gives me an error "Error Checking credentials - gateway timed out".. I ha

Management server failed to send phase 1 to client dhcpd

My HA is not in sync because I am getting above error message. 

Are there like basic troublehsooting steps/docs which I can do?