General Topics

Not able to connect AD Domain

hey guys one of my clients is not able to connect in the domain some users are connecting while some are not. The users are in Location A in another city and the Domain server is from another site  I attached B the image ignore.

that is it from the fi

Palo Alto Device certs (Default Trusted Certificate Authorities List)

I am dealing with an issue in which the Palo Alto is in proxy mode.  The issue is concerning endpoints being able to access a cloud tenant to register (install) a component.. The FQDN of the cloud tenant has been added as an allowance for these endpo

TACACS user authentication on WF-500

Hi Team,

The customer has a query about whether if is it possible to configure TACACS user authentication through WF-500. 
The customer has no panorama setup or anything he was able to successfully configure on Palo Alto NGFW but not on WF-500.

I re

Unusual traffic on port 135

Hello, I have been facing an issue where I see lots of traffic toward internal serves on port 135. The source of the traffic is the firewall management IP. Its agentless user-id setup on the firewall. Previously WMI probing is enabled which cause the

User id connected but users name not showing in the security policy

Dear Team,

I have integrated AD to my PA NGFW. User id is showing connected but when I create any user based policy there is no users.

I have tried cleared user is cache, refresh etc. But still same.

Please find the below SS for reference

useridd.log
2

Unknown Users Detected In User-IP Mapping

Hi All,

I was checking the User-IP mapping in one of the boxes and noticed something which is a mystery to me. I have attached the picture in this discussion. Some of the entries in the output show as Unknown. Any of you know why and how this happens

Radius authentication with Clearpass for Firewall Webgui

Followed this KB

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClS6CAK

The authentication shows successful on the inbound to Clearpass and meets all the policies required for successful login.

However the Palo sits at t

How to Exclude all Zoom traffic from GlobalProtect VPN

Need to Exclude all Zoom traffic from Global Protect VPN.

TACACS user authentication in WF-500

Can we configure TACACS sever profile in WF-500?

So that we will provide TACACS user authentication to login into WF-500.

If it is possible, please share configuration steps or article for the same.

Traffic issue on the Palo Alto(zone-to-zone)

Team,

On our Palo's we have a vsys defined and on this vsys we have 2 zones configured. ...... (say Trust zone and untrust zone.)

We have a server in the trust zone which need to monitor the interface allocated to the untrust zone.

This does not happen

Office 365 Dynamic List

Is there any way to use the Office365 dynamic URL?

https://endpoints.office.com/endpoints/worldwide?clientrequestid=b10c5ed1-bad1-445f-b386-b919946339a7

which contains IPv4, IPv6 and domain and having update every day. 

URL and Threat Licenses

I have recently ordered URL, Threat and 3 yr support for 7 PA-220's. The main S/N we are using for a test application did not get a license ordered, (oversight on my part). Can I use one of the new licenses from another S/N PA-220 to upgrade and test