GlobalProtect with machine cert

Hi,

I'm having a challenge with GlobalProtect when trying to do ldap authentication with a machine cert (from internal MS pki).  I've tried both the computer and workstation authentication template, but neither worked.  GlobalProtect states certificat

Panorama M-100 Hardware vs installing in ESXi

Hey Everyone,

My company is looking at implementing Panorama to update and monitor the other firewalls we have at other locations.  Does anyone recommend the Hardware like the M-100 over just installing it on a server using ESXi?  

Thank you!

2X of PA820 Active/ Passive Design question

Hi All

After some advice, planning to have 2 X PA820 pairs of Active/ Passives, Inner and outer firewalls protecting some internal networks.

See the diagram, Does the HA2 link pass data plane traffic at all?  Or can it?

There could be a scenario that

Global Protect Policy enforcement

Hi All ,

I have an issue

Is there a way to use Global Protect to  enforce web or URL  filtering policies when users are not on the corporate LAN ?  for now, when users work remotely , they bypass all web and  URL filtering and security policies and d

How to return to panorama template after override enabled on firewall

Someone override a Template config section on firewall. What's the best strategy to remove override and go back to panorama pushed config...

Remove HA config from template of managed firewall pair

Hi,

i have a pair of active-standby firewalls, managed by Panorama. My first attempt, when i imported those to panorama, i pushed one template to both firewalls and had issue with HA IPs, causing split brain.

I recovered the firewalls and later importe

User Activity Reports showing malware category for a Microsoft website?

On our User Activity Reports, I'm seeing windowsupdate.com with a block-url action and malware category classification.  The URL appears to be valid.  Does anyone have an idea why this would be happening?

PAN config for ansible jinja

Hi,

   I am trying to create a configuration template which I can change certain variables and pushed the config to multiple firewalls.

However PAN is not behaving the way I need. I have two problems which seems to be related to PAN's design.

1) Even if

IPSEC VPN Needs to be disconnected when there is no traffic

We have several IPSec tunnels that connect to 4G devices to provide network access in the event of a primary circuit outage. These tunnels do not disconnect after the primary circuit comes back up. Is there a way on the PAN side to disconnect an IPSe

What does your general day-to-day running of your PAN environments look like

Hi Gang,

We have Palo Alto Panorama and Firewalls and yes all going smoothly, however, It is not the end once it is up and running.

So I am keen to read on all what you do in the daily administration of your PAN environments. All I have really, in ter