Resolved! GlobalProtect Portal HTTP redirect

Dear all,

We're currently testing the GP VPN solution before we roll it out to our notebooks. We noticed that we can only access the portal homepage if we explicitly enter "https://<portal-url>". It doesn't work with just "<portal-url>" there HTTP wou

Resolved! maximum number of GlobalProtect VPN tunnels for PA-5450

Hello PA community ,

Our customer is looking for the maximum limit for GlobalProtect Gateways on PA-5450.

The most recent KB we found was this which covers 5250, but we would very much like to verify if it is still the same or more for 5450:
https

Resolved! IPSEC tunnel

Hi All,

Our vendors are migrating their IPSEC tunnel firewall, which is resulting  to change the tunnel gateway IP from our palo-alto firewall end as well. 

So, we are thinking just to create one more ipsec tunnel without tagging the tunnel inter

Resolved! URL Filtering - TLS 1.3 Website

Hi,

I am new to Palo Alto Firewalls and am in the middle of testing some of the functionalities provided. One of which is URL Filtering.

I have been able to clone the default URL Filtering Profile. I then added a website to the blocked list. Then assi

Resolved! Differences between URL category and address object?

We are doing some testing with a user that is running a client and needs to get out to the internet.

1. We have a policy for testing and added the required FQDN address objects to the destination. This was successful.

2. Next, we removed the address ob

Resolved! FQDN objects or URL Categories

It seems like FQDN objects and URL categories have overlapping functionality.  Can anyone provide some guidance on which is less resource intensive for something like the below please?

• http://liveupdate.symantecliveupdate.com
• http://liveupdate.symante

Resolved! SSL inspection and threat prevention

I'm considering to enable the inbound SSL inspecition on my intranet cluster.

All rules that allow traffic from untrusted network like plant, supplier etc to the DC have a security profile with vulnerability protection.
But at the moment a lot of traf

Resolved! Windows UserID agent runs on a separate server

Hello Team,

Is it recommended to install the User-ID agent on a separate Windows server because the User-ID agent is not allowed to be installed on DC servers?
can we use two separate servers in this case?

Thank You