Problem with routing of NATted reply packets over IPSEC tunnel

I have an IPSEC tunnel to another organisation, they have two endpoints at the other end on addresses which conflict with our networks.  We can just focus on one to keep it simple.

• We have an IPSEC tunnel set up and passing traffic fine (tunnel.3 int

GlobalProtect SMB file transfer results in error for large files

We have some users that need to transfer large files on-preemies. When copying files shortly between 5-20% data transfer this error is thrown. Files are MultiGig in size. Small file around 100M that I tested did not show this error.  Copying to the s

Setup Azure MFA with Global Protect - NPS/ISE

I am building this new but don't have concrete steps to start with. What I understand until now is that we need NPS extension for MFA to work with Azure. We last year moved away from NPS as our radius server to Cisco ISE.  So do I have to figure out

User-id issue.

Hi All,

Firewall is 3050 with pan-os version 9.0.9-h1 we are using user-id agent as well as agentless for user-mapping.

Sometimes we are getting machine names instead for ip-address instead of source usernames.we have user-based security policy. Why d

Trouble with NAT and VPN

Hi there,

i want to finish an easy setup which needs a simple DNAT and forwarding into a VPN tunnel on my PA5020.

I've created a working VPN tunnel which is the destination for my traffic. And this works fine if i'm using the tunnel ip to reach targets

QoS and GlobalProtect

We have a use case where many users need to upload files on premises and these are very large video files to on-premises. We want to rate limit/control the organization bandwidth consumed by these users. What are our options. 

Also we use subinterface

Second Gateway and PPPoE

Hi all

I'm in trouble whit this scenario:

- Internet connection by PPPoE protocol with 1 static IP (ie 3.3.1.205)

- additional 8 public IP like: 3.3.3.0 to 3.3.3.7 with 3.3.3.1 as gateway

- Internet connection on ethernet1/1

- internal LAN on ethernet 1/8

Filter manged devices summary by tag in Panorama

Do you know of a way to filter the searches of Manged Devices | Summary in Panorama. You can assign tags to devices, but it is not very useful, if you cannot filter by exact tag tag. You can search by the tag name, but it will only show any other res

IP Spoofing understanding

I'm planning to implement IP drop - under Zone protection on a production system.  I'm really only interested in the ' IP Spoofing ' aspect & I'd like to understand a little more on how it works so that I can addresses any issues, should they arise.

I can't open Support Cases.

I can't open Support Cases. 

Becauase single sign on error.

I cleared the browser cache and tried with other browsers too.

Other options work fine, but only the Support Cases is not open.

What should I do?

Not opening login page to login

I'm using GlobalProtect to connect to a customer.

Earlier a "web" page opened to type in my user name, now it's not happening anymore. It's trying to use my company login which is wrong, I have a account at the customer. 

My IT helpdesk, is telling me

Testing "Security-Focused URL Categories"

Is there a way to test the "Security-Focused URL Categories" with some example of URLs that would match the category?

I went looking for them in my log after setting them to Alert and found none. 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-ad