Replacing the Revoked QuoVadis Intermediate Cert

For the benefit of anyone else who was using a QuoVadis certificate for their GlobalProtect portals/gateways (or presumably decryption), the process of replacing that intermediate is surprisingly easy.

Just import the new intermediate certificate usi

Device showing not connected in Templates

Sometime is user authenticate sometime is not in Paloalto

Hey, guys, one of my customer have an issue regarding the Source user let me explain in detail. 

There is one user having four outlook account in three of them the internet working properly but in one account he selects in outlook and checks the inter

Online payment with SSL decryption

Hi

We have SSL decryption enabled on our PA NGFWs but our users have reported issues relating to online payment transactions. We have worked around this by creating a whitelist to bypass decryption but as more sites offer payment facilities online, i

Site to Site VPN | Remote traffic hidden behind remote peer

I'm almost done with a Cisco ASA to Palo Alto site to site VPN migration project.

What I am having an issue with is once a tunnel is built, traffic from the remote side is coming out of the tunnel, hidden behind the remote peer, a typical hide-nat.

F

Internal Host Detection in GlobalProtect

I am confused with GlobalProtect offical documents.

From GlobalProtect troubleshooting guide:

Internal Host Detection
Internal Host Detection provides hints to GP client to determine quickly if the PC is inside or outside office. If it is not configured

Need to know the Response SLA OR Resolution SLA for high severity case

Need to know the Response SLA OR Resolution SLA for high severity case

PBF Dual ISP, inbound NAT broke with spoofing protection enabled

Having an issue where we implemented PBF for dual ISPs on an HA pair that already had inbound NATs configured. 

When we did this the inbound NATs broke and I found this article:https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g00000

What process is responsible for Rest API communication?

Hello

We use monitoring consulting the Rest API but we are having high management CPU usage.

In case we are saturating it, what process is responsible for this? Because I was to make sure we arent overloading it.

Thank you

Userid timeout - renew action

How can a user trigger/renew UserID? Is there some action a user can take on the PC that would trigger UserID renewal.

Rebooting is one way and has resolved this couple of times I was reported this issue. I think logoff and Log on should also work. O

HA4 Clustering to present a single NAT IP across two Data Centres

Can anyone who is using the HA4 cluster in production, to present the same external NAT IP across 2 data centers give any advice on how they are doing the routing.  I saw in the docs that some of the security functions don't work if the traffic is as

Captive portal asking credential for known users

Captive portal asking credential for known users, what is the solution

Wildfire Events "failed to establish or resume a secure session"

Hello

I Have a Cluster active-passive PA-820 version 10.0.7

I am receiving the following system events continuously

I have configured eu.wildfire.paloaltonetworks.com and wildfire.paloaltonetworks.com but the problem persists.

Can someone help me?

Connect to globalprotect vpn using verizon mifi

Can you use a verizon mifi to connect to a globalprotect vpn tunnel? This is so they don't have to install the gp client on their pc. We do not have licensing for gp to be used on phones and to me a mifi is kind of a glorified phone. 

GP 5.2.5 Error authentication check failed

Hi Team,

We have GP 5.2.5 on PAN OS 9.1.7

Connection method is pre logon then on demand.

on GP Gui logs i see error  Error authentication check failed  for  ( eventid eq gateway-hip-check )

Even though we do not have hip check enabled on the GP.

Is this