GlobalProtect SMB file transfer results in error for large files

We have some users that need to transfer large files on-preemies. When copying files shortly between 5-20% data transfer this error is thrown. Files are MultiGig in size. Small file around 100M that I tested did not show this error.  Copying to the s

Setup Azure MFA with Global Protect - NPS/ISE

I am building this new but don't have concrete steps to start with. What I understand until now is that we need NPS extension for MFA to work with Azure. We last year moved away from NPS as our radius server to Cisco ISE.  So do I have to figure out

User-id issue.

Hi All,

Firewall is 3050 with pan-os version 9.0.9-h1 we are using user-id agent as well as agentless for user-mapping.

Sometimes we are getting machine names instead for ip-address instead of source usernames.we have user-based security policy. Why d

Trouble with NAT and VPN

Hi there,

i want to finish an easy setup which needs a simple DNAT and forwarding into a VPN tunnel on my PA5020.

I've created a working VPN tunnel which is the destination for my traffic. And this works fine if i'm using the tunnel ip to reach targets

QoS and GlobalProtect

We have a use case where many users need to upload files on premises and these are very large video files to on-premises. We want to rate limit/control the organization bandwidth consumed by these users. What are our options. 

Also we use subinterface

Second Gateway and PPPoE

Hi all

I'm in trouble whit this scenario:

- Internet connection by PPPoE protocol with 1 static IP (ie 3.3.1.205)

- additional 8 public IP like: 3.3.3.0 to 3.3.3.7 with 3.3.3.1 as gateway

- Internet connection on ethernet1/1

- internal LAN on ethernet 1/8

IP Spoofing understanding

I'm planning to implement IP drop - under Zone protection on a production system.  I'm really only interested in the ' IP Spoofing ' aspect & I'd like to understand a little more on how it works so that I can addresses any issues, should they arise.

I can't open Support Cases.

I can't open Support Cases. 

Becauase single sign on error.

I cleared the browser cache and tried with other browsers too.

Other options work fine, but only the Support Cases is not open.

What should I do?

Not opening login page to login

I'm using GlobalProtect to connect to a customer.

Earlier a "web" page opened to type in my user name, now it's not happening anymore. It's trying to use my company login which is wrong, I have a account at the customer. 

My IT helpdesk, is telling me

Testing "Security-Focused URL Categories"

Is there a way to test the "Security-Focused URL Categories" with some example of URLs that would match the category?

I went looking for them in my log after setting them to Alert and found none. 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-ad

GlobalProtect with Azure MFA - Double login (username+password)

Hi, we have a customer with GlobalProtect with MFA from MS Azure. The setup works fine but we are still unable to get rid of a "double login". Not the MFA with a SMS on phone but the regular username/password combo.

Usually it goes like this: 1. Login

https://etm.ru website haven't open

Hi All,

 We have tried to access one Russia URL (https://etm.ru) from our INT-trust and VPN zone while the result is ERR_HTTP2_PROTOCOL_ERROR and have tried with different browser but result is same . We could access through VPN external US gateway (

Suspicious DNS Query (generic:contador.hotelarena.top)

Boa tarde pessoal, 

estou com comportamento estranho em meu Firewall.

notamos muitas requisições do meu servidor de dns interno para o dns externo com " type spyware " 

Verifiquem o anexo.