How to sync Captive Portal Redirect Host in A/A - Setup ?

Hi *,

I have problems to sync Captive Portal Settings in a Active/Active HA-Setup.

I configure the CP on the active primary host as follows :

     Enable Captive Portal - checked

     Server Certificate - cp-cert

     Authenticaation Profile - company-rad

PAN agent Group cache on PAN

Hello, I'm using PAN OS 3.0.5 and doing

> debug device-server dump user-group name

followed b the tab I'm seing very old group that are not anymore in the Filter group member of the pan-agent. It seams that the PAN have cached the olds user/group relat

PA 5050 HA Failover Premeption

I have configure Active/Passive HA between two PA 5050 Firewalls. One is at high(passive) Priority and another is low(Active). I have also configure Preemtion on Active Firewall, meaning if somehow Active PA fail ,the Passive become active ,but when

blocking file-sharing subcategory

I would like to block everything in the file-sharing subcategory of the general-internet category. Currently we are allowing this subcategory.

I would like to see what the impact of a policy like this would be, so I setup a policy for this subcategory

request restart software

I had an issue where mgmt server and device srvr both where high in memory usage and commits where not taking place.

I issued the following commands

debug software restart device-server

debug software restart management-server

with no change except that

GlobalProtect OnDemand mode

Hello,

We use PAN OS 4.1.1 and GlobalProtect 1.1.0, free version of GlobalProtect.

We have configured GlobalProtect in OnDemand mode.

When the GlobalProtect software starts it connects to the PA and try's to logon with the stored credentials (Username /

Exploit:Win32/Pdfjsc.ABS will not recognized

The new PDF Exploit "Pdfjsc.ABS", which travels with a lot of Emails (for instance: "Here is the new Elster program" - Elster is the name of a german tax program), will not recognized by PAN-Firewall. Neither on Email nor on Webtraffic, so i can atta

incomplete action

hello

we have our own web server which we host web sites from

I have setup my incoming nat rule follow

source zone = untrusted

des zone = umtrusted

des address = my internet port ip

service = service-http

des tran = my local web server ip

Security rule

sou

High Dataplan CPU PA2050-4.1.6

I have only 28,000 active session at this time, which isn't a lot, and my CPU is roughly between 70-80% constantly.  We are in our summer semester at school which doesn't have a lot of users on our network. I am nervous when people return in the fall

Palo Alto 2020 doesn't close session when using AD authentication

Hi,

This might be a really easy thing I have missed but when we try to authenticate against our AD users instead of strictly by IP and zone it works fine the first person to log on. But then if you log off and someone else with less privilages logs on

Do the PA's cover this ?? Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow Spoofing

Just wondering if the PA's have this vulnerability covered and if so where do I look to find out myself.

What 's meaning of "User '' failed authentication. Reason: Thread limit reached"

Hello,

I used Captive Portal in my environment. I found log "User '' failed authentication.  Reason: Thread limit reached" show on my system some time when the Captive Poratl page fail to logging in.

Which Thread has limited by the system. Could you pr