URL allow list for some of the subdomains

Hi all

I want to limit the user to access the company's sharepoint only, but not other sharepoint from other tenant or even the sharepoint from personal account. Then I found the below KB (section 6) and show how to use allow list in the URL filterin

Decryption GitHub not working

Hi

We are trying to run a api from passbolt to Github. In this we are doind decryption in PA.  If we add a SSL exception *.github.com is working fine or "no decrypt" policy is working fine.  any idea?

Here our health check:

passbolt]# su -s /bin/bash

Layer 2 interface vs Virtual Wire

Virtual wire mode, the interfaces assigned to virtual wire are transparent mode.

Layer 2 interfaces: interfaces can assigned to different zone.

DNS resolution stops working as long as GlobalProtect connected

hello guys,

Some of the users got the DNS issue for the external websites after globalprotect connected, the users are able to ping the external IP address but just the DNS does not work.

There was no change applied to the Firewall recently and only a

Strict IP Address Check after 9.1.12

Customer upgraded to 9.1.12 and after that it was noticed that for some of the zones, traffic was dropped. During debug,it was concluded that reason is Strict IP Address Check in the Zone Protection Profile:

"flow_dos_pf_strictip 1 0 drop flow dos Pac

Why Did Strict IP Address Check Break this VPN?

We have been working with TAC to find the cause of this issue where FTP client could no longer upload to external companies FTP server over the VPN tunnel.  After many days, we started a packet filter on the Public Internet (WAN) interface, which is

Internal error when attempting to do commit action

Hi guys,

I've received an "Internal error" when trying to attempt to commit to applying policies changes.

"Internal error (module device) that's all I got.

Can you please help me with this?

Globalprotect 5.2 Cookie Issue

Hello 
We just upgraded our GP from 5.1.7 to 5.2.10

We have a gateway with SAML authentication
We have some connections issue with a message "already logged in" from the Identity Provider

I think this is due to the new feature "Default System Browser for

QoS max egress, no effect

Hi there,

I'm playing with QoS in our lab. I have a simple setup with two queue, first for SMB traffic, second for RDP traffic.

The max egress value is set, but when I transfer data, then both queues get bandwith values.

What I am doing wrong here?

active-directory-base application isn't match traffic when services/URL Category is set to "application-default" in security rule

Hello,

I use a Firewall at version 10.0.8-h8. I wrote a rule to allow the application "active-directory-base" (which contains several ports) in the application section then "application-default" in the services/URL category section as recommended by P