Resolved! SAML login remove lock (superuser?)
When I am logged in via SAML, I noticed that I was not able to remove other users' locks. Seems like this may be because I am not a superuser? Is there any way to make a SAML-authed user be a superuser?
When I am logged in via SAML, I noticed that I was not able to remove other users' locks. Seems like this may be because I am not a superuser? Is there any way to make a SAML-authed user be a superuser?
Looking to understand the maximum number of zones which can be used in a given firewall based on model. Is there a document out there which shows the maximum number of zones? Specifically these models:PA-445, PA460, PA1410, PA3420 If based on OS - I would be interested in 11.1.x
how i can get the NPA number
Hi all, is it possible to add an application for PRA by making use of Wildcard FQDN or IP subnet range?
I got a PA-1410 ,it has IP telephony, and their server is in the cloud. The phones have an address 10.200.x.x/24 and make the registration request through ports 5060 or 5075 to a server in the cloud with IP 148.235.12x.x through the SIP application.The phones do not register, using the initial port, no matter which of the mentioned, for the exam...
Does anyone have experience using this in a larger environment? Multi vsys? Panorama? HA Clusters and so on. Are there better options available? Thanks in advance for your time.
We upgraded PA-1410 from sofware release 11.0.2.-5 to 11.1.6-h3. The upgrade itself went well, but a few days later firewall stopped to send syslog messages. Executed tcpdump on the management port, but there is no syslog traffic at all. Checked the system resources, logrcvr servcie seems to be running. I tried to restart the service, and realiz...
Hi, Can someone confirm if my Understanding for PA "Adjust the TCP MSS" is correct? Reference to this link this is how PA Firewall "Adjust the TCP MSS" value in the physical interface. In other Vendor when we configured the TCP-MSS value we usually set the "Actual bytes" Example for cisco: "ip tcp adjust-mss 1390"In PA firewall, it looks l...
Hi, We have two FW PA460 in HA, one active and another one passive. We have several issues related to configuration synchronization and HA: 1- Synchronization before a commit can take us up to 8 minutes. With the old FW the commit was in less than a minute and with these newer models we have gotten worse. It wouldn't affect us if it wasn't tha...
I'm testing Starlink business and having issues passing traffic over my tunnel. This remote site connects to our data center via an IPsec tunnel. I can get the tunnel up and traceroute to the remote side of the tunnel, but I'm unable to pass traffic. I have "Enable NAT Traversal" selected on my IKE Gateway. The Starlink is set to IP passthrough....
tested plugging out second power source to trigger alert but it is not showing in monitor - system. I know that this device dont have power supply monitoring but if the Secondary power cable is disconnected from the firewall will it trigger a warning?
Hello, I've created this discussion because I've downloaded PA-VM eval for ESXi [.ova] and tried to launch this using VMware workstation PRO [latest version]. I found on the LIVEcommunity some threads like so: https://live.paloaltonetworks.com/t5/general-topics/pa-vm-10-0-4-trial-gets-shutdown-after-a-minute/td-p/501973 however, once I followed...
as far as I could test there is no way to make TCP fast open work through a Palo Alto fw (at least, since 9.1 which seemed to work. It tried 10.2 and 11.2 and all my tests fail there). Whenever a client sends a SYN packet with data, it is transmitted, no matter the zone protection profile, no matter whether the "TCP SYN with Data" option in the...
Has anyone else seen any alerts for this Generic Threat ? It triggered on a few .LNK files that could not be located on the machines identified in the alert. This threat ID is new as of today, we have opened a support case, but was curious if anyone else was see'ing the same thing. False Positve ? Very little information on the web on these ...
Hi, I have a PA VM setup and a syslog server to forwards the logs to. I have done all the configurations needed and syslogs server are receiving the logs. But on the system log there's still an error showing "syslog connection failed to server[x.x.x.x] Is this expected?
| Subject | Likes |
|---|---|
| 4 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |

