UID setup questions

All,

setting up windows based uid agent, looks FW connected to it is fine, but which shows connecting to the DC server.

From debug info,

09/08/21 22:05:08:082[Debug 355]: Event: type="server status" name="x.x.x.x" status="Connecting"
09/08/21 22:05:08:

Microsoft Radius Authentication with PA

Hi,

I am trying to setup Radius Authentication with PA. I have setup EAP(PEAP) and EAP-MSCHAP v2 on the windows radius server. However I can only login to the firewall using PAP. I have tried to import the certificate from the radius server but not s

Radius Authentication Failure: Timeout

Issue: Authentication failure when using AD Account 

Log: Authentication Timeout to server 

Setup:

PanOS Version: 10.1.1

Panorama is not used 

NPS Installed on Windows Server 2016

Radius Server Profile Created

Authentication Profile Created 

Admin Role Crea

X-Auth IPSEC tunnel for Mobile doesn't work

Hello there:

Recently I enabled IPSEC and X-Auth for the GlobalProtect Gateway, hoping to let my mobile users could use remote IPSEC access VPN. But it didn't work as my iPhone kept showing "user authentication failed'. I am pretty sure the configs on

Updated Server Requirements for Community Edition

Does anyone have the updated server requirements for the MineMeld Community Edition?  I believe the ones noted here are dated - https://live.paloaltonetworks.com/t5/minemeld-discussions/recommended-minemeld-system-requirements/td-p/140542.

HA1-Backup connection down

Dear Team,

We got the below error continuously, Crosschecked HA configuration is good only.

Pan os: 9.1.3 Device: 3020

2021-09-07 08:30:32.699 +0530 debug: ha_sysd_config_status_notifier_callback(src/ha_sysd.c:2870): Ending monitor increase holdup on

Vpn in Thailand and Asia

Is there anybody working from Thailand using Global Protect vpn?
I heard that the country can block vpn connection. While my company's configurations allow me working from Thai.

I'm planning to relocate and want to make sure i can work from there.

Would

issue if there is a one certificate profile for Windows User-ID agents and Terminal Services (TS) agents

As per below image You can only assign one certificate profile for Windows User-ID agents and Terminal Services (TS) agents.

We want to enable secure communication only between User-id agent and firewall , so we will import server certificate only in

no internet access when VPN Ipsec Xauth PSK is connected

VPN connection by Ipsec Xauth PSK, not permit access to internet when the device is connected to VPN

CPS calculation per server

High Availability question

Hi all,

This is my first post on this forum. I am also a brand new Palo Alto customer and we just purchased a pair of 3220 firewalls.

As the subject says my question revolves around HA as I would like to start putting together a plan for design and d

Anyone have issues with 10.0.6

Just kind of a broad general question, but has anyone had any issues going from 9.1.x to 10.0.x in a large environment? Or would the preferred 9.1.x version be the way to go?

PaloAlto integration with external sandbox

Dear Team,

Appreciate your support for the below.

Can we have integration with external sandboxes such as TrendMicro sandbox (DDAN) through API?

Thanks in advanced

Show Shadow Rules 2021 Post

Hello -

I saw a post about this from 2012 and the answer was basically no.

Well, it's been nine years now and I'm hoping there is a way to view shadow rules without doing a commit.