Apply TS Agent config automatically in FW

Hi,

We are expanding our CITRIX platfon in which we have installed a Palo Alto TS agent to monitor. So to avoid introduce manually the TS agent config in Pa (IP, port,etc) each new citrix. Is there any way to send the config to PA to do ir automatica

FW loses user mapping stop matching rule suddenly

Hi,

We are having a strange issue in our FW. User in VPN-SSL reported the stop working. The issue doesnt have any pattern. Random users, random time-range. 

The issue is solved when the customer force to reconnect the VPN or force pass the HIP check i

Patching One HA fully then the next.

If patching a HA pair to the next Major version i.e. 9.0.6 -> 9.1.0  is it safe to patch one of the pair all the way to 9.1.0 (minor versions and major versions) 

And then fail over and do the other firewall to bring that up to latest minor and final

GlobalProtect stuck on connecting ( still working ... ) on macOS monterey - 5.2.10-6

Hello,

after upgrading to macOS Monterey globalprotect stopped working...

i tried to unistal reinstall 20x, firewall of/on, private relay of/on, i did allowed it in security, limit IP address tracking of/on, tried with "spctl kext-consent add PXPZ95S

Occupation of VPN Pools in Paloalto Monitor

Hello team

Could someone tell me if it is possible to see the occupancy of the VPNs in the Paloalto pools?

If so... How can I see it?

Thanks

Greetings.

Routing Table size on PA appliances

Hello All,

We are looking into use PAs as routers on some of the sites. This will entitle us to accept BGP routes from Prisma and OSPF from internal routers. That's the reason I would love to find out if there's a limit (I am sure there is) for ammou

SAML Login to local firewall certicifacte

I am getting a SAML error after renewing a few certs that expired. 

eventid eq saml-certificate-error

Can you use the same IDP xml file across multiple Device SAML profiles? IDP is Microsoft azure.

and ( description contains 'Failure while validating t

Global Protect and ( error eq 'Existing user session found' )

Hi Team,

On GP 5.2.5 on GUI logs i see 

( status eq failure ) and ( eventid eq gateway-register ) and ( error eq 'Existing user session found' )

is this bad?

what is the reason for this error?

Regards

How to Setup IP Helpers on PAN Firewall for PXE Services

Techdocs Subject not matching content when arriving via search engine link.

When using the following link the header of the page states "Download and Install the GlobalProtect App for Windows" but the text is about "How to install the GlobalProtect App for Linux".

The way I arrived at this page was the following:

I searched

Device Log Forwarding CLI

Hello -

In GUI I can do the following:

Panorama > Collector Groups > {Collector Group Name} > Device Log Forwarding > Log Forwarding Preferences

In here I have two Palo Loggers and I split my HA firewalls like so (for example):

Devices: