require admin users being member of LDAP groups

Hello

We are using LDAP for authentication of the admin users (for Panorama as well as the firewall nodes).

Is it possible to adjust this, enforcing the user being a member of a specific AD group?

Last info found was regarding PAN-OS 8.1 (https://live.p

Setup VPN Global Protect DynDNS

Setup VPN Global Protect DynDNS

Dear community:

Good afternoon, is it feasible to be able to configure VPN access with Global Protect, on a Palo Alto with the following scenario:

Palo Alto with:
-Public IP Dynamically ( DHCP )
-Firewall configured with t

wildcard fqdn for destination in security policy. FQDN for  abc*.def.com

Team , I have a question about something that I guess is not possible to configure but will like to confirm if possible . My client want to allow  Internal NW 10.0.0.0/8 to FQDN abc1.def.com port HTTPS , this is normal and I have a few of this rules

Specific Action change on Individual Signature

Hi Experts,

We've configured a Vulnerability profile with the Action of Default. For the Windows Print night mare vulnerability (Version ID: 8424, signature ID:91333) and the CVE ID: CVE-2021-1675 I see the default action is marked as 'Alert' which wi

URL filtering

I have one query it is necessary to add a URL Category to add in URL Filtering Profile or I can add a separate URL category in the Security policy without adding any URL filtering Profile.

for example, I Create a URL Category name test which having so

how can we confirm if there is existing firewall rule or not in the policy by filtering by source and destination IP address and port numbers.

I can find existing firewall rule in the Firewall policy by searching by just source IP address or Just Destination IP address but our Firewall policy rule base is huge and i need to filter it by Source IP and destination IP address (both) and possib

Web Activity Monitoring for BYOD School

Hello All...

We are looking for a solution for a medium sized private school (k -12) to track users web activity. We'd want to be able to go back a week or so..nothing crazy. But would love to be able to get a report on a site\url and see what user

Bind 2 separate IPSEC tunnels to separate ISPs

I am trying to setup a separate IPSEC tunnel to a new ISP while keeping the rest on the old ISP.  I am doing this as a test.  My issue is lack of connection.  The message I get from the logs is that it try's the connection then I get another saying i

VPN Ipsec SitetoSite DynDNS

Good afternoon everyone, a question, is it possible to set up a Site-to-Site VPN between two sites with Dynamica IP, but that have each their FQDN with DynDns services.

Example:

Site 1: FQDN: mysite1.dynalias.net ( DynDNS )
Site 2: FQDN: mysite2.dynalia

The source port was natted to multiple source ports while the packets leaving the FW

Hello everyone

The NAT type we are using is "Dynamic IP and Port", the Palo Alto Networks firewall translates the source IP address or range to a single IP address.

for this conversion, when the packets arriving the FW, we can see the source port is

log forwarding to CDL is generating high traffic volume

Dear community!

We are sending logs to cortex data lake and we noticed high traffic volume for the sessions concerning log forwarding, with peaks up to 200GB of data sent. 

Do you know if this volume of traffic can be normal?

Also, is there any docume