Agentless user id issue

i am facing user id issue  it's show connected but some time is not show not connected. when i check the USER-ID log i find this error. please suggest.

Error: pan_user_id_win_log_query(pan_user_id_win.c:1364): log query for <Server-IP > failed: NTSTA

Captive Portal HTTP only landing page?

Hi,

I have set up the CP successfully. 

I see the CP is running on PA redirect IP:6082 with HTTPS.

Is there any way that we can use HTTP only on the CP landing page?

like http://PA_redirect_IP:6082

not https://PA_redirect_IP:6082

We are not using credentia

How to Export and Import configuration from difference PAN-OS Version.

Hi,

I would like to export the configuration from device PAN-OS 8.1.x and import it to a new device PAN-OS 10.2.x or 10.1.x. Is there any way to do this?

Device Detail

-Standalone firewall

-PA VM Series

Thank you.

GeoBlock bypass for specific users

Hi All,

We are using GlobalProtect for VPN connection to our internal network along with an on-prem PA Firewall. We want to be able to block traffic from regions we wouldn't normally do business in, but occasionally have the ability to make a USER-BAS

Post 10.1.3-h1 issues - source-hip unexpected here

•  Validation Error:
• . rulebase -> security -> rules -> *** -> source-hip unexpected here
• . rulebase -> security -> rules is invalid
• . Commit failed

 Do any of you have come across this error post upgrade of Panorama 10.1.3-h1? Not having issues on other

How to Block O365 access for non corporate users?

Hi Team,

What is the best way to block non corporate O365 access in palo alto ?

We have tried to block the predefined APP-ID office365-consumer-access but no luck because our Enterprises access also showing as office365-consumer-access. So it blocked

Palo Alto Networks Named Channel Partner of the Year — Intel Vision 2022

Palo Alto Networks was named a North America Channel Partner of the Year at Intel Vision 2022! Read the full announcement here.

Problem with LDAP group usage in Authentication Profile

Hi.

I have a strange issue with LDAP groups in our PA-5220 setup.

Our setup is two HS-clusters with each containing two PA-5220. All of the devices are fully managed using Panorama. All of the firewalls are running 9.0.5 and Panorama is also of version

TCP 179 BGP port exposed to non direct neighbour or multi-hop neighbor, no rules in place allowing such traffic - still reachable

Hi,

We just got pinged by security that our Palo's are exposing their TCP 179 to the internet while we utilize BGP as routing protocol to our next hops.

Now we haven't got any explicit rule which should allow TCP 179 on the public side, and yet a non B

URL not accessible in Chrome and same working in Firefox

User trying to access external site, That particular website is not accessible getting "This site can’t be reached".

The same URL is working on Firefox. 

Request traffic from chrome not reaching paloalto, the same from Firefox I can see the traffic log

IP does not show properly in ACC.

Log Forwarding Card (LFC) IP address in HA

I have an LFC in high-speed-forwarding mode but sometimes viewing the logs in Panorama seems to be delayed 2 minutes or more.  I couldn't find any documentation on setting it up in an HA environment.  Looking at "show logging-status" on each firewall

Facing issue with the Data Plane

Hi ,  We are facing issue with one of 7050 box , auto commit get failed and due to this dataplane kis not coming up. this is the error which are coming .

• Error: Failed to get vsys config, already allocated (2097152 bytes)
• failed to handle CONFIG_UPDAT

#PA-820 Not routing to Internet

I have an issue with a PA-820 that has me scratching my head. I'll try to keep the description short, but this one takes some background.

The History:

I had two physical sites in different parts of the country, one with a PA-820 the other with a pair

How Qos Percentage will be calculated on the firewall

Hello All,

Can someone please tell me how the QoS percentage option works on the firewall.

How does it measures the percentage we have given in the profile.