No Linux dowload available

Hi everyone,

I’m trying to get GlobalProtect VPN up and running on Linux, but the university portal only offers Windows/macOS installers—no native Linux package. I also tried signing in on Palo Alto’s site with both my personal and CPP email addresse

PAN OS 11.1 USER ID ,POLICY BLOC GROUPS

Hi Paloalto 11.1, user ID agent configured, it's pulling users with ip. 

But using policy to block or allow the internet is not working

It blocks all users; if all domain users are allowed, the internet will be allowed. If a particular group is selec

User-ID stopped working / Failed to add group to id manager

Hi Folks,

just to let you know, since I found no KB Articel for this issue. Policy Push from Panorama respectively local Commit on the Firewalls ended in strange Error Message according Group Assignment to Policy.

vsys1
Error: Failed to add group to i

Setting up a ION device in Azure

Hello,

We have 3 branch sites and we want to deploy a virtual ION device within our Azure tenant to connect it like another branch site.

1 - Is that possible? I see PA ION devices within Azure to deploy but I am not sure if it will accomplish wha

Issue with GP Access for JIO Users on PA-820

Dear Friends,

One of our customer is facing an issue with users on PA-820. According to the customer, many users are connecting to the internet via mobile hotspot using JIO SIM cards. While they can successfully connect to GlobalProtect, but they a

Issues GP in Iphones

On iPhone, the  gw for SAML authentication does not open the system browser (Safari). It opens the embedded browser. We configured the "default browser" in APP config like YES. 

In android is working fine but no in iPhones. Why? any incompatibili

we have High Severity tickets for ALERT: Warning - AAA - [Free Disk Space

/opt/traps below servers’ issue

[root@usaz15ls128 ~]# df -h /opt
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vgRoot-lvOpt 6.0G 6.0G 20K 100% /opt

[root@usaz15ls128 ~]# du -sh /opt/traps/
5.7G /opt/traps/
[root@usaz15ls128 ~]#

[root@usaz15ls132

Policy processing order

I have a question about how policies are processed; specifically NAT vs Security Policy.

We have a NAT policy that performs destination NAT to translate all traffic to port 53 to be translated to our corporate DNS servers.

We have a security poli

Where to find information about SSL decryption is (not) required to identified traffic

Hello guys,

I want to know if there is a resource where I can find if SSL decryption is required or not to identified the APP traffic. 

I have this information inside Palo Alto Networks Content Update mail but I don't find this information in app

Problem with the DuckDNS certificate for the DDNS service.

Hi,
I'm having an issue with Palo Alto and DDNS — specifically with DuckDNS. Everything had been working fine for the past two years, but for about a month now, Palo Alto is showing an SSL certificate error.
The exact error message is:

Server response:

about https://autoassistant.paloaltonetworks.com limit issue

the customer tech tech support  file reaches 1.18GB, the maximum analyzed tsf of the website cannot exceed 800M,
Someone knows how to operate in order to use the website to analyze the file

Regarding registered email id

Hi Team,

We need to know the registered email id for this Palo alto device S/N : 023201017692

EDL server certificate authentication failed. A local copy of associated external dynamic list will be used

I'm receiving this error from our firewall every 2 minutes, I can't figure out what the cause is. The reason says "self signed certificate in certificate chain" but I don't know what self signed cert it is talking about. This has been working for yea

Set zone via CLI does not work

admin@firewall(active)# set vsys vsys1 zone test network layer3 ethernet1/17.66

Server error : layer3 'ethernet1/17.66' is not a valid reference

Unable to HTTPS or SSH into new out of the box PA440

Had a new PA440 delivered to a remote location. I am able to ping the device (192.168.1.1) but am not able to HTTPS or SSH into it. Assuming that my IT person at the remote location has the device plugged into the MGT port and in the switch, which si