General Topics

Practical XFF usecase

XFF for user-ID - Displays IP as 'x-fwd-for: x.x.x.x' format

• Seems to me just an investigation help feature
• maybe can even block a particular IP/s if used in security policy as a source user, haven't tested this.

XFF for Security Policy - Gives abil

Can't activate " VM-Series Bundle 1 Free Trial" from Azure Marketplace

Hi there, 

I attempt to start to "“VM-Series Bundle 1 Free Trial “ in Azure Marketplace . When I clicked the link "“VM-Series Bundle 1 Free Trial “. It popped 404 not found. Could you advise how to activate it? 

Besides, I saw that there is a 30-day t

adding x-forward-for client IP to HTTP header

Does the PA support the ability to populate the x-forward-for field?

PA-450 License Issue

Hi Team,

Is there any known issues with the License Tab in PA-450 as our new firewall is not showing anything on the license TAB. I have added the devcie in the support portal but to fetch the license i am not able to see anything in the tab. I upgra

Process cp-path_monitor received user event hbUpdate

Dear Team,

I'm using 9.1.12 PAN-OS

Recent firewall has temporarily switched certain interfaces to 'non-function' with the logs below.

masterd_apps.log
Process cp-path_monitor received user event hbUpdate 60 0.0938

I would like to know what the

Setting up DUO MultiFactor on GlobalProtect and allowing AD password resets at the same time

Hello all,

I am currently trying to set up my GlobalProtect portal to allow my users to reset their passwords when they expire. I was able to do that by setting up my RADIUS profile with PEAP-MSCHAPv2 however now my users are not getting the DUO pu

Is it possible to apply "IP Address Exemptions" into Security Profiles based on the IP of the x-forwarded-for header?

Hello. all.

Is it possible to apply "IP Address Exemptions" into Security Profiles based on the IP of the x-forwarded-for header?

https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/us

HA2 down

Colleagues, greetings.

I got HA pair, a\p. The model of the devices are 3220. Both working on 9.1.0 PAN-OS versions without any problems.

BUT! When I want to upgrade them, for example to 10.0.0, I face problems with HA2 links (HA2 and HA2 backup) bei

Unable to Connect IPSec VPN Tunnel

Need assistance to connect a VPN IPSec Tunnel between PA and Cisco 4300 Series. Everything seems to be configured on both sides, but when I check logs on the PA-CLI, it shows this log:

IPsec-SA request for 150.220.213.178 queued since no phase1 fou

Google-base

application: google-base is blocked.. how do I correct on my firewall