Strict IP Address Check after 9.1.12

Customer upgraded to 9.1.12 and after that it was noticed that for some of the zones, traffic was dropped. During debug,it was concluded that reason is Strict IP Address Check in the Zone Protection Profile:

"flow_dos_pf_strictip 1 0 drop flow dos Pac

Why Did Strict IP Address Check Break this VPN?

We have been working with TAC to find the cause of this issue where FTP client could no longer upload to external companies FTP server over the VPN tunnel.  After many days, we started a packet filter on the Public Internet (WAN) interface, which is

Internal error when attempting to do commit action

Hi guys,

I've received an "Internal error" when trying to attempt to commit to applying policies changes.

"Internal error (module device) that's all I got.

Can you please help me with this?

Globalprotect 5.2 Cookie Issue

Hello 
We just upgraded our GP from 5.1.7 to 5.2.10

We have a gateway with SAML authentication
We have some connections issue with a message "already logged in" from the Identity Provider

I think this is due to the new feature "Default System Browser for

QoS max egress, no effect

Hi there,

I'm playing with QoS in our lab. I have a simple setup with two queue, first for SMB traffic, second for RDP traffic.

The max egress value is set, but when I transfer data, then both queues get bandwith values.

What I am doing wrong here?

active-directory-base application isn't match traffic when services/URL Category is set to "application-default" in security rule

Hello,

I use a Firewall at version 10.0.8-h8. I wrote a rule to allow the application "active-directory-base" (which contains several ports) in the application section then "application-default" in the services/URL category section as recommended by P

auto assistant palo alto networks not working A2

Hi, Today, I could not access A2 (Auto Assistant). When I access https://autoassistant.paloaltonetworks.com

 Any idea?

site to site VPN on TP-link --- PALO ALTO ---- AWS

As of now STORE router/POS1 able to reach the head office(PALO ALTO) via site to site VPN and HeadOffice(PAN) to AWS also working via site to site VPN. But our main goal is that POS1/Store able to reach the AWS network. As of the momment POS1 not ab

global protect connectivity issue (version 5.2.10)

Hi Team,

We have facing the connectivity issue on GP Agent 5.2.10.

After turning off the windows firewall, it's connecting.

Please let us know how we can achieve this without disabling the windows firewall. Because in earlier versions of GP client we

User-ID Agent not mapping users

Hello,

Im trying to configure User-ID Agent.

Dedicated users is created, with details acroding to: Create a Dedicated Service Account for the User-ID Agent (paloaltonetworks.com)

Agent version: 10.0.4-23

Agent is installed on Windows Server 2019.

DC's a

Exporting monitor logs is not showing decrypt flag information.

PANOS- 8.1.12h3. .When I export monitoring logs in excel . It doesn't show decryption flag info even when I can see decryption (yes/no)

in the monitoring logs.

Path Monitoring Static Routes

Hello All,

For some locations we have 2xISP setup, since we have no dynamic peering with any of those, we do a default static route via each of those. Having 'ECMP/Source IP hash' enabled it works just fine in a lab. We also do path monitoring for ea