TCP-RST-FROM -CLIENT /SERVER for a category license-expired

Hello Community.

I have been observing the logs coming from one server that is behind the PA-FW and while going around the VM, trying to connect to the Azure admin portal, I have observed that it has a slow connection for a 600-700Mbps. While trying

Unable to get proper report

Dear Team,

how to block a email sender in paloalto firewall

Hi ,

is it possible to block a sender of email in paloalto firewall eg abc@xyz.com

Thank you,

Dual ISPs, VRs, and BGP Configuration Advice

Hello!

Not new to networking, but new to PA, so looking for some configuration advice.  Have a PA-3220 and would like to add a second ISP connection for redundancy.  If that was all then it seems pretty simple and I've found several KB articles on ho

The server certificate in invalid on Mac OS after renewed gateway cert

hello team

One of our uses got the server certificate is invalid ERR while he trying to get the global protect connected, I renewed the gateway certificate and tested on a Windows box which is fine, but Mac book user got an ERR.

Did anyone get the sa

GlobalProtect user always returns authentication failed

(T14508) 05/04/20 09:48:34:904 Info ( 474): msgtype = user_credential
(T14508) 05/04/20 09:48:34:904 Debug(2642): ServerThread: ProcessServerUserCredential. Redirect to processServerPortal.
(T14508) 05/04/20 09:48:34:904 Debug(1714): ----portal process

ACC tab "Applications using Non Standard Ports"

Hi PA Live Community,

Still a newbie to the whole PA world but slowly getting there.

When looking at the ACC tab of the GUI I can see there are entries for  "Applications using Non Standard Ports" and also  "Rules allowing Applications on Non Standard

How to replace one Faulty Paloalto 3250 version 8.1.6 Firewall which is in HA.

Hi All,

 I need help on how to replace one Faulty Paloalto 3250 firewall PAN OS version 8.1.6 which is in HA and policies are managed through Panorama.

your help is highly appreciated and thank you so much.

thnx

JP

Testing non-http mfa feature with GP

Hi there.

Documentation is rather slim here. I've set ut MFA for web site access, and it works. When testing it for non-http, accessing a SSH server, it kills the SSH connects, but no 2FA challenge on my GP. 

What am I doing wrong? What's needed?

I'v

Firewall is limiting concurrent users for GlobalProtect

We are using PA-VM-300 and it should allow 2000 vpn users concurrently.

Our global protect IP pool is configured for /23, so firewall should accommodate 500 users, as it is having enough IP available in the pool. For some reason, when the other firew

FIPS 140 and CC enabling?

Couple of questions on FIPS.

1. When you enable FIPS140 on a Palo it wipes the device. Can you just reload your last saved?
2. Can a FIPS140 enabled device talk to a non-FIPS device over an ipsec tunnel provided the cyphers are compatible?
3. FIPS disables PAP.