GlobalProtect behaviour in Chromebook

Can anyone please confirm if below is the expected behavior of the GP Android App with internal gateway on Chromebook?

When inside the network with internal host detection GP greys out. Using GP 5.2.2

If GP greys out after connecting does this mean th

Odd traffic going out through an application-specific security rule

I've got a rule that allows the following applications from any source in our trusted zone out to any destination in the untrust zone.

• appdynamics
• dns-over-https
• dns-over-tls
• github
• ms-delve
• net.tcp
• ntp
• ocsp
• okta
• paloalto-updates
• paloalto-wildfire-cloud
• pan-db-c

Deep Packet inspection for Internal Vlan

Dear All, 

First, I would like to thank the community for help us a lot of time. i have a question, is their feature in Palo Alto to inspect the internal traffic (IDS and IPS)?

HELP! Failed to download due to protocol error. Please try again later. updater error code:-28

I am spinning up a new 820 HA pair and on my last site I am getting an error when downloading the OS and dynamic updates. The other site work fine. I am getting the following error:

• Failed to download due to protocol error. Please try again later.
• upd

VPN Tunnel Monitoring between two Palo Alto devices

Hello,

From what I understand, when creating a tunnel monitor between two PA devices it's best to assign IP addresses on the same segment to the tunnel interface on each side.  The monitor is then setup with the remote destination on each side.

Examp

SSL Forward Proxy implementation in production environment

Hello friends,

I would like to know expected issues if we enable ssl forward proxy to a production environment. There are services allowed with different ports , web services and  all working fine now.  As this is first time am planning to enable for

HA sync option not showing in Panorama--Template Sttack Sync not seen on Active FW

Hi Team,

I import the configurations from managed device to panorama then export to managed devices of our A/P firewalls. everything went well. but when I see the summary on panorama passive device template showing as in sync but active device templa

VSYS Migartion Query From DC5220 to ISP 5050

CLI/API command to verify Panorama push diff

Do you know of a CLI command or  a rest API call to push and  to show the changes of configuration to be pushed to a firewall from Panorama? I am trying to automate the process, but could not find any references.