globalprotect authentication issues using SAML on MacOS

Looking for GP authentication troublehsooting tips or if anyone else is experiencing authentication issues using SAML on globalprotect (effects every single agent version newer than 4.1.1). Our issue seems to only effect macOS users, but my shop is 9

Cortex XDR Sign On Issues - Is there an issue?

Hardware Migration PA-850 to PA-3220

Hi,

Planning for upgrading PA-850 to PA-3220, Just wanted to be sure that if we download the current running config from PA-850 and import it to new PA-3220 device, will that work?
Precision configuration of the PA-850 and managed by a Panorama.

Audit Global protect server

Hi,

We launched a sslab test for a GlobalProtect Portal website. Our note is B. We would like to improve these two things but we dont know what it can be done in PA config. These are:

routed-config-p2-failed

Hi All,

I am trying to add new interface to the ospf and pushing the configuration from Panorama to firewall, But I am getting the below error while commiting "client routed phase 2 failure", Commit on secondary firewall is succeeding. Issue is onl

ACC-SSL Activities

ACC-SSL Activities

'ssl/tls
other'
What means?

PAN-OS 10.2 on PA-220

Hi All,

I was just wondering if anybody had any experience of 10.2 on PA-220 I am thinking of upgrading and haven't heard anything concrete either way.

As always thanks in advance for any help.

How to change the Vsys ID in palo alto

Hi Team,

I have already configured the Vsys ID 15. Now I want to chnage this Vsys ID to 2. Is this possible ?

Please help me here

XDR Agent Disabled

I've installed a XDR agent to a workstation, and it's not connecting to the server. I've installed the  it on different workstations and that's working fine. After the installation the agent never connected to the server and showing it's disabled. Wh

panorama scp export more command?

It is linked to equipment A, B, C, D in the panorama.

I want to extract only the traffic log for equipment A.

  ↓ ↓ ↓ ↓ ↓ ↓ The above command extracts all A, B, C, D traffic logs. ↓ ↓ ↓ ↓ ↓ ↓ ↓

scp export log traffic start-time equal 2014/05/16@1

[ICMP Covert Channel] Allow only ICMP Ping packet that has specific payload.

Dear all,

I am using PA-8.0.0-ESXi virtual machine and I am trying to prevent covert channel communication using ICMP Payload.

For example, as captured using Wireshark, the default ICMP type 8 (Echo request) for Windows machine is abcdefghijklmnopqrs

block IP's in same zone

Is it possible or practical to block traffic between two server in the same firewall zone by designating the source IP from the server you want to block access to the server to the destination server indicated by IP

Masscan Detection

Anyone knows how Palo detect Masscan?