IPSEC s2s VPN between VM-50 and PA-3220

We've done plenty of s2s IPSEC VPN tunnels between our DC firewalls and branch offices. I have a new branch office which we are configuring the same way as the others, yet the IPSEC VPN is not operating as expected. The tunnel is showing as up and th

MS Active Directory Security Group Changes Not Applying over VPN w/ prelogon

Our organization has been struggling with getting MS AD security group changes to apply over VPN w/ prelogon enabled for a long period of time now. I have had support tickets in with Palo support and MS support. Palo support has determined via Global

Palo Alto blocks legitim applications

Hi everyone,

We have defined Risk App block rule which contains the app by risk category, characteristics and vice versa.

After upgrading PA to 10.1.5-h1 version it starts to block ssl, web-browsing, google-base, whatsapp and other apps which are not a

Okta has 400+ IPs that are all /32. Looking for an EDL solution

Has anybody figured out an edl to allow communications to Okta without manually entering the whole list?  My customer is using Okat for MFA and the Okta Portal uses a whitelist so they have policies that anything hitting Okta should use ip x.x.x.x. 

No change in retention of summary log after the log storage allocation update

 Current panorama and log-collector issues

Panorama – mgmt. server only –  SW-version: 9.1.12-h3

Log-collectors :

PAN02- – PAN03 –  same SW version as Panorama

1.The summary log retention days did not change after the log storage allocation update

PAN02>

Cortex XSOAR search "contains" instead of "equals"

Hello

Is there a way to search a Domain in Minemeld with "contains" instead of "equals"?

As example:

We have entered *.blabla.com" in one of our Nodes.

I would like to search for blubb.blabla.com - which of course does not match.

Also "blabla.com"

Apply QOS for a particular Server published to internet

Hi Team,

  We have a SFTP server behind our firewall and its NATed to one of the interfaces of the firewall , we need to restrict the bandwidth to the  SFTP server from Internet. When clients from internet connects to the server for downloading files

To Uninstall XDR

Hi i need to uninstall XDR  through SCCM

Palo Alto Network Service Route IP List

Hello all,

please excuse me if I am posting this question in the wrong section. This is my first LIVEcommunity post and I wasn't sure about the section I chose.

Several of our customers would like to know exactly which Palo Alto Network services are ho

App-ID confusion and blocking spotify

Hello, 

I'm trying to work on a request to totally block Spotify on our network for 1 host (could be more in the future) and I thought App-ID would be the best option for this but since it depends on SSL and web browsing it's dropping all traffic when

Upgrade PanOS to 9.1 from 8.1

Hey all.  I've come up wtih an upgrade plan to get us from 8.1.10 to 9.1.12-h3 based on reading resources.

I would love some feedback on whether this is the correct process.

THanks much.

8.1.10 Current SoftWare Version

5.2.8 Global Protect Version

Fi

GlobalProtect MFA with Office 365

Hi,

II am looking for information on how to configure GlobalProtect MFA with Office 365. I would appreciate if you have any information that you can share.

GlobalProtect

Where is support?

Have a high severity ticket open for 2 DAYS now and not even an email.  Stuck in support queue.

Called support number this morning and on hold for 1 HOUR trying to speak with someone..

This isn't what my company paid $$$ for.

Globalprotect instant disconnect problems.

Some of users' globalprotect has disconnected few times in a day. When I checked their logs when the disconnect happened, I just notice there is a log "Current status changed to 10". Is this relative with our problem? I couldn't find any about global