Web sessions getting blocked when session switches user ID mid stream

Let me first preface this by saying I am not our network admin, and I have no access to our Palo Alto devices, but since the teams here that are supposed to be managing them cannot be bothered to look at our issues, I wanted to see if this community

User-ID mapping for users logged in to a domain controller

Hi Guys,

Does anyone know or have experience on configuring User-ID agent to perform user mappings for users who are currently logged in to a domain controller.

The issue I am facing is that anyone logs into a domain controller is not being pickup by

Why does GlobalProtect VPN client for Windows keep getting worse?

This client used to be fine.

Then we upgraded it and some silly Windows notifications kept popping up which were annoying and, more importantly, caused the textboxes to lose focus while you are typing a password/key.

Now we're up to v4.0.0-90 and thi

Auto TAG - XFF IP

Is there a way to auto TAG - XFF ip's in log forwarding profile

Firewall slowness

Hello,

I am facing an issue with my firewall. it is very slow in the GUI as well as CLI. if i click any tab in the firewall it is taking too much time to refresh and loading the page.

firewall model - PA-500

PAN-OS version - 8.1.15

below i check from

Taking longer time to commit on firewall from secondary panorama

• As observed, when primary panorama was active, I have created an Test address object and committed and pushed from panorama. Configuration committed and pushed within 2 to 3 minutes.
• After making secondary panorama as an active, configuration was comm

What Are The Reasons Why We Still Can't Remove the vWire via Panorama On A New Firewall

Hi guys,

What is the reason?

A brand new firewall from the factory, we give it a management ip-address and panorama server address, we import the firewall config to Panorama and commit to Panorama.

We then change the network and device templates so t

number-of-severity in threat log

Hi Community,

I am trying to parse the threat log from Palo alto. I can see the 'number-of-severity' in the custom Syslog log format. I am looking for an official document to map these numbers to the severity level.

I can see the below,

4- indicate hig

aws Panorama mode cant see the HA available to add to the log collector gr

Two aws Pano's in Panorama mode. 

Primary(active) Panorama doesn't see the collector that is the Secondary/Passive Panorama as being available to add to the collector group. Drop down is blank.

Walk through the same steps on the Secondary/Passive nod

API to dynamically register and tag from Panorama to Firewall

I'm finding we can use the api to register IPs to Tags on panorama no problem.   I can view that they are registered on Panorama.   However, Panorama is not pushing these mappings to the managed firewalls.   I'm matching on name and I'm using the dyn

Dynamic user group using HIP log

Hi Team,

Just need to check if anybody faced the below issue in PanOS 10.0.x

I am trying to create a dynamic user group with HIP log by following settings,

1- created one Tag

2- Configured log settings for HIP log for build in action tagging the source

How does Validate Commit function work in PAN OS 9.0.9?

 I'm wondering if the validation process is checking the change against the running config and not taking into account the Interface IP change in the candidate config while doing the validation.

I am trying to make a change to both the IP address of

Configuring decryption, some gray categories and experiences

So I guess I'm just curious what the overall opinion of multiple people is regarding decryption and how well they take into account local laws, etc.
I get decrypting traffic can be a major step up in security and basically unlocks a lot of potential i