Bug in password-string when using GlobalProtect with LDAP?

We had some users, who were not able to use VPN. they alway got XML parse-errors in the GlobalProtect Agent log.

We finaly found out, that this users had '<' or '>' in theire passwords. when thy changed theire passwords in some string without these

PA-VM Update Check Fails

We have recently deployed PA-VM to ESXi for testing and we have found that any attempt to upgrade the unit fails with a very vague message.

IP SLA - but not dual ISP. Receiving and Forwarding from the same Interface.

hi, I know PA doesn't have IP SLA and i've read documents that talks about using VR and PBF to handle dual ISPs.

this works with an ASA but not sure how to do it with PA.

But there's a slight difference on my implementation and it seems to fail with a

7.0.3 upgrade

I am planning on upgrading the PA 5050 os from 6.1.7 to 7.0.3. I have been reading over the changes and I think it would be beneficial to see examples instead of description of what changes are , anyone have any recommendations

Global Protect w/ OTP RE: disconnect/recovery timer tolerance?

We have implimented Global Protect with radius authentication, username/password and a second prompt for OTP, this works great most of the time.

We have noticed that when our users connect from poor WiFi, or internet connections, there are times wh

PA doesn't cover DROWN Attack?

A customer has been warned about DROWN attack (https://drownattack.com/) on one of its servers. As a server is behind PA I thought there was no risk. But searching through signature database I didn't find anything about DROWN attack. I've also checke

UserID instances

I would like to know if we can use the same UserID agent software for 2 domains in different windows machines. If we cant do it, we need to know if we can run 2 diferent instances of UserId agent in the same windows machine pointing to 2 different do

"Unusual traffic from your computer network"

Hi,

Users are often getting the message from google and they are forced to enter captcha  "Unusual traffic from your computer network",when i check palo alto it seems very normal . 

Is there a way to classify  or monitor the users who really sending

Software packet buffer depletion

We're currently observing something quite interesting:
On our highly oversized PA-5050 firewall, software packet buffer 0 is, for several hours a day exhausted.

This is the platform (pair that runs in High Avalailability A/P):
family: 5000
model: PA-5