ECMP Configuration Questions

Hi,

New to the board.  I have two WAN circuits going to two separate ISPs.  I would like to run ECMP with weighted round robin over ISP1 & ISP2.  However, I want to verify this can be achieved successfully in my environment.  I have 15-20 VPN connect

Integrate Captive Portal with ADFS using SAML Authentication

Another post regarding an additional method for gaining userID info for non-domain joined assets.   There are lots of examples of using other idPs, but not much I could find regarding ADFS, so hope this is helpful for others looking for a similar opt

Destination NAT & port forwarding not working as expected

in a lab environment, i'm trying to test destination Nat & port forwarding,  i mapped the port 80 to WEB-1 and 8080 to WEB-2.
while testing i can access only WEB-1.
i did another test where i mapped TCP 22 to WEB-2 and 2222 to WEB-1, i can SSH to WEB-2

Block Brave Borwser

Hello,

I have noticed that some of our employees are using a brave browser and can easily open blocked websites like Facebook, crypto, games etc. what's the way to block brave browsers.

Thanks:

Knowledge sharing: Globalprotect troubleshooting/investgation. Split tunnel,Globalprotect app/agent configuration options and etc. to solve issues

Hello to All,

Just as a note I have issues with my old community account, to this is why I am using new one for now (Edit: the issue is fixed but I will keep this article under this profile).

I had to use several options in the split tunel options

CURL ERROR: bind failed with errno 97: Address family not supported by protocol

After the customer upgrades the Firewall to version 9.1.10, the following message appears in the System Log, which is not displayed any more.

CURL ERROR: bind failed with errno 97: Address family not supported by protocol

CURL ERROR: Operation timed

Microsoft always on VPN (Windows 10 clients) through Palo Alto

Hi All,

We have several Windows 10 clients (3rd Party but using our infrastructure) that need to transit through our PA-3260 to their home network via MS always on vpn. Unfortunately this does not work, we have a very open "any-any" rule in place for

PPPOE interface - dynamic IP - GP Portal

When establishing a connection via PPPOE there is no possibility to select the IP ("None") assigned by ISP in the Global Protect portal configuration, only the interface, which is not sufficient for it to work. I would expect that the IP assigned by

Captive portal

Hi Team,

please confirm whether in pan-os 10.0 and later do we require SSL-Decryption for captive portal.

Is SSL-Decryption is mandatory for Captive portal.