Duo and Palo don't challenge when user connect immediately after disconnect

We have Duo access gateway integrated with Global protect.

It works most as per expected. However there is a small issue.

When the client machine reboot , the user will go through the entire process to login the global protect. E.g

1.       1. They clic

Captive portal browser challenge issue

Hi team,

While trying to deploy Kerberos SSO for enduser authentication I came up to the following issue with the captive portal (browser challenge).

When an end user logged in a windows (part of the domain) tries to connect to "http://neverssl.com"

SSL decryption on PA incase the SSL termintated on WAF

We have a website hosted behind WAF and Firewall (Palo Alto). The WAF already has the server valid SSL Certificate from public CA. Do we need to install SSL certificate (decryption ) on PA Firewall also for inbound traffic to make it more secure ? 

Can Use Okta SAML for GP- "Prelogon Then On-Demand" connection method

Hi Team,

We tried to implement the OKTA SAML authentication method for GP in our organization.

Does Global Protect - "Prelogon Then On-Demand" connection method supports Okta SAML for authentication (MFA).?

If not what is a recommended GP connection

Custom Application Signature

Hello

For the same application, I have several links and ports (https://application.intra.mydomin.corp:8530/toto, https://application.intra.mydomin.corp:8130/titi, https://application.mydomin.corp:8530/toto,..) and I would like to create a rule and sp

public ip addresses and link address /30

Hi, 

I have a question regarding public interface configuration. ISP gave me /30 link network address space and /28 public IP address pool. Can you suggest me best way to configure this public address on PA. Should I use virtual wire, loopback interfa

Authentication Bypass in SAML Authentication.

Incomplete ARP when deployed in Azure

Hello,

I deployed NGFW 8.1 using Terraform (v0.11.36) in Azure. It provisions VM and all the resources like resource group, VNet, subnet, IP's etc., But the only problem is with the UnTrust(eth1/1) NIC as it complains 'Incomplete ARP even after confi

EDL not fetching data but is reachable....

Hi Team,

We have PA VM 300 on AWS cloud. We have configured EDL. It is reachable from Management IP all ports are allowed but EDL is not able to fetch data .

For information OS version is 9.0.3.

Please suggest.

Thank You in advance!!

user-id agent sending IP mapping with blank/no username

Dear community,

I have an environment where I monitor the AD servers with Windows user-ID agents to retrieve the user-ip mappings

There are users with several AD accounts and it´s normal seeing the same IP being mapped to different usernames deppendi