Does anyone use HIP check on the local LAN as a NAC solution?

I understand that a HIP check can be used on the local LAN when the GlobalProtect client connects to the internal gateway.

• How effective is this as a NAC solution for the internal LAN?

• Without 802.1x authentication, does a machine without GP installed

HA Clustering session synchronization

Hello!

I have some question about session synchronization in HA Clustering (geographic cluster). All firewalls in HA clustering use the first rule for traffic that should not match it, this only happens on geoclustered firewalls. Later, the rules are

Block Access to private Gmail but allow corporate

Hi all.

Im looking for a solution to block user access to private gmail accounts but allow a corporate accounts to be used.

I'm aware that there is a solution involing proxy server and X-forwarder.

Is there any other way to do this without dedicated pro

Authentication of Users through Captive portal query

Hi Team,

We had configured captive portal on the firewall recently.

In Authentication policy we had selected source users as any and we are using Active Directory for Authentication.

Also we had configured agentless user-id mapping on the firewall an

Creating subinterfaces on Active Active HA

Hello ,

I have to create 6 Subinterfaces on A/A cluster

So i need 3 IP addresses from each VLAN -  1 for FW1  , 1 for FW2 and 1 as Floating IP

My question is , do i have to go to each firewall separately to configure the respective IP ?

If yes , what

Error while creating a user

Hi All,

Facing an error (application icloud-uploading not found) while creating a user on my palo alto 850 using panorama. Attaching the image for better idea. Pls help 

IPSEC VPN tunnel getting disconnected.

IPSEC VPN tunnel got disconnected abruptly. We need to find out what could have caused this from the logs and adjust the VPN parameters accordingly.

From logs i found this.

ikemgr.log
2021-10-15 03:35:11
2021-10-15 03:35:11.814 +0000 [PNTF]: { 5: }:

Adding a port to existing SSN

Hi - 

   I have an existing SSN configured for a device with ports added in Objects, like to add few more ports. what are steps I need follow? Please let me know....Thanks!

problem with userIDAgent in RDP

hello

We have a problem with users when they connect in RDP

We found a solution whit this KB:

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CleBCAS

but we have new questions:

1.- Is there a way to know what informati