The server certificate in invalid on Mac OS after renewed gateway cert

hello team

One of our uses got the server certificate is invalid ERR while he trying to get the global protect connected, I renewed the gateway certificate and tested on a Windows box which is fine, but Mac book user got an ERR.

Did anyone get the sa

Trouble installing Palo Alto cert on MineMeld Server

Hello there

I'm Using Minemeld version 0.9.68 (Ubuntu)

PA version 8.1.12

I'm attempting to install a PA cert on the MineMeld server using this guide:

https://live.paloaltonetworks.com/t5/minemeld-articles/how-to-generate-new-minemeld-https-cert/ta-p/10

GlobalProtect user always returns authentication failed

(T14508) 05/04/20 09:48:34:904 Info ( 474): msgtype = user_credential
(T14508) 05/04/20 09:48:34:904 Debug(2642): ServerThread: ProcessServerUserCredential. Redirect to processServerPortal.
(T14508) 05/04/20 09:48:34:904 Debug(1714): ----portal process

ACC tab "Applications using Non Standard Ports"

Hi PA Live Community,

Still a newbie to the whole PA world but slowly getting there.

When looking at the ACC tab of the GUI I can see there are entries for  "Applications using Non Standard Ports" and also  "Rules allowing Applications on Non Standard

How to replace one Faulty Paloalto 3250 version 8.1.6 Firewall which is in HA.

Hi All,

 I need help on how to replace one Faulty Paloalto 3250 firewall PAN OS version 8.1.6 which is in HA and policies are managed through Panorama.

your help is highly appreciated and thank you so much.

thnx

JP

Testing non-http mfa feature with GP

Hi there.

Documentation is rather slim here. I've set ut MFA for web site access, and it works. When testing it for non-http, accessing a SSH server, it kills the SSH connects, but no 2FA challenge on my GP. 

What am I doing wrong? What's needed?

I'v

SD-WAN policy name not showing for ping application

In our demo SD-WAN setup we have a couple of SD-WAN rules for ping traffic and also a catch-all rule for all unmatched traffic. For most of the tested applications everything is fine. But for ping (and traceroute) the SD-WAN policy name field in traf

Firewall is limiting concurrent users for GlobalProtect

We are using PA-VM-300 and it should allow 2000 vpn users concurrently.

Our global protect IP pool is configured for /23, so firewall should accommodate 500 users, as it is having enough IP available in the pool. For some reason, when the other firew

FIPS 140 and CC enabling?

Couple of questions on FIPS.

1. When you enable FIPS140 on a Palo it wipes the device. Can you just reload your last saved?
2. Can a FIPS140 enabled device talk to a non-FIPS device over an ipsec tunnel provided the cyphers are compatible?
3. FIPS disables PAP.

L3 sub interface traffic monitoring

Hi There, How can I monitor l3 subinterface traffic - current & historical. mainly Bandwidth utilization.

Thanks

HA for 3250 FW throught VXLAN

Hi everyone!

I have an interesting case. My topology is:

PA 3250 HA1------> Nexus 9000---------------VXLAN Overlay-------------------- Nexus 9000--------> PA 3250 HA1

                               vlan 2201                                             

Rdp windows

Hi,

is it a good idea giving access to public windowd  rdp ?.

Folks says do not publish outside 

Any good reason for this ?

Thanks