Secondary interface on same subnet creates overlapping subnet commit failure

Hello all, I currently have a case open with support on this issue. But I am looking for some customer feedback.

We presently have *two routes* and two separate firewalls. 10.0.44.1/22 on my Palo Alto, and 10.0.45.1/22 on a legacy Cisco L3 router.

Need rest api to get mobile user details

i can get user count using API but user info not able to get using API. We have requirement to get all user info using API.

I am using prisma access. version 9.1

Inter Vsys Routing

Can someone give me some advice please. In the attached diagram is a scenario I have where I need to get traffic logs from Virtual Firewall B across to Virtual Firewall A an up to the SIEM at the x.x.x.x address. I have made the virtual systems visib

does enforceGP feature enable if GP agent is crashed

We have enabled enforce user to connect GP option in GP app setting. So endpoint traffic gets blocked when GP is in disconnected state.

Does this enforcement is enable if GP agent is crashed in machine ?

Global Protect certificate auth user/device information

Currently we have a GP vpn setup for our mobile devices.  We have are doing certificate based authentication, certificate is pushed out through an MDM.  Basically if your device has this cert, your device connects.  Is there a way to capture or pass

Doubt with Subordinate-CA Cert in PA firewall

Doubt with Subordinate-CA Cert in PA firewall

Good evening, for issues related to for example decrypt as we need a certificate type CA, we can generate a certificate Subordinate-Ca from for example our CA server enterprise windows, import in our Pa

change site access and user cred submission

Hello,

Is there an easy way to change site access and user cred submission actions (from say allow to block) for a url category on a bunch of url filters at once?

- Jisha

twistlock.sh onebox failure

The following warnings are reported when executing "twistlock.sh -s onebox"

WARNING: You're not using the default seccomp profile
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disa

IP Geolocation with Anycast IP addresses

Hi there,

I am wondering how geolocation is working with IP addresses where anycast is used.

Anycast addresses are shared by multiple server, typically with different locations.

How is such an address assigned to a particular country/region in th

Proxy IDs, NAT and IPSec VPNs

Hello,

When using IPSec Tunnels with Proxy IDs with NAT to hide source traffic, should the Proxy IDs be set to  the Hide NAT IPs and destinations or the original source and destinations?

Thanks & regards

How to find IP address of user connecting to GlobalProtect VPN

Hi, 

can someone tell me how to find the home IP address of a user who has connected to GlobalProtect?

I want to be able to audit GlobalProtect connections to ensure that they are coming from the actual home network of the user rather than from the I

Can't log into Panorama after changing to Panorama Mode

Our Panorama VM was operating in legacy mode due to under provisioning when it was deployed. I recently had its resources increased to the Panorama Mode minimums and activated Panorama mode using "request system system-mode panorama". Everything seem

After fresh install 10.1.6 dns wont work Panorama

Hi guys,
did anybody get the same issue like me. After a fresh install of Panorama 10.1.6, dns wont work. I troubleshoot this for a while and find out that panorama not even yet request the dns. I read the Adressed/Known issue couple times but never f

API query from panorama to get IPsec tunnel data

API query from panorama to get IPsec tunnel data

tried the following queries:
http(s)://hostname/api/?type=op&cmd=<show><running><tunnel><flow><all></all></flow></tunnel></running></show>&key=<generated-key>
https://IP//restapi/v10.0/Network/IPSecTunnel