Resolved! LDAP - Group Mapping with Child Domain users

Hi all,

We'd like to use an Active Directory group in our root domain (e.g. "company.com") to control GlobalProtect authentications. Let's name this AD group "VPN Access" (it's a "Universal" Security Group). It contains user objects from the root doma

Resolved! PAN-OS 5.0.5 :Commit failed

Hello,

I have upgrade my firewall from 5.0.1 to 5.0.5 successfully.

But when I am trying to commit. It is giving below error.

Operation

Commit

Result

Failed

Details vsys -> vsys1 -> global-protect -> global-protect-portal -> portal-tunnel -> client-confi

Resolved! Question Regarding Reporting

Hi All!

I'm responsible for Security Analysis at a Telecommunications company up in New England. We've recently deployed Palo Alto firewalls to all sites, and I am currently going through PDF Reports manually while we get Splunk installed.

One thing th

Resolved! FQDN vs NetBIOS Domain Name

Hi,

I have a PA-3020 running agentless user-id. When I examine the traffic log, some user id's are displayed as netbios_domainname\userid and others displayed as FQDN\userid.

ie:

domain\billw

vs.

domain.somewhere.com\billw

Any ideas as to why this happens?

Resolved! what is wrong with blocking firefox

Hello all together,

there something misterious for me because

to block firefox i used this document https://live.paloaltonetworks.com/docs/DOC-5028  but with this config it hasn't been working so far.

Is there a hand? My Config is:

i tried it with enable

Resolved! GP - second gateway creation problem

Hi

I have PA200 with 5.0.5 with ateway and portal licence.

On untrust interface I have /26 network

To set up another gateway I added second IP to my untrust interface. X.X.X.141 with /32 mas - is it correct?

after commit I add new gateway profile and try

Resolved! Forward DNS requests

Hi,

We are looking for a way to forward All dns requests to internal DNS ip.

Either client changes its ip address to public dns addresses it should be forwarded to internal.

Can we do that ?

We don't want to write a deny rule for public Dns requests.

We d

Resolved! GP with Host detetion and auto-connect

Hi,

PA 500 in 5.0.4 and GP client 1.2.3

Would like to be sure, I need GP auto connexion from outside of my network and no GP in my network.

Then configure my external gateway, my internal host detection. It works well.

But short question do I need the GP

Resolved! Can firewall act as VPN client?

Wondering if we can configure a lab PA-200 to connect to a VPN concentrator on the internet using IPsec, as though it were a VPN client not a site-to-site tunnel.  Not connecting to the firewall using GP, but using the firewall itself as the VPN clie