Palo Alto Admin Login MFA

Can the palo alto admin login page be configured for MFA using something like Okta or DUO?

How to Disable / Fade out the "Sign Out" option in Global Protect Client

why is Traffic logs retention period/storage is greater than URL?

My firewall has traffic logs stored that are 18 days older but URL logs just 10 days. why is it so? where is the settings that can tune my firewall to store same  amount of Traffic logs and URL logs?

thanks.

Clarification on PAN OS 9.0

Hi Team

We are planning to upgrade the firewall from 8.0.9 to 9.0.3-h3.

Currently in my firewall we are using the URL  filtering overrides, Authentication policy and API key life. In PAN 9.0 release information introduced the some new features change

Web Interface Log in Error - Panorama 8.0

Hi everyone,

After a power outage, I can't log in to the Pananorama 8.0 web interface. The error message below is displayed and I am redirected to log in again:

"Welcome admin. There are no device groups - please create one first. Device groups are n

USB Logging

How can I get a log entry to fire when I insert a USB Flash Drive into a PA-850? I have looked in all the logs that are native to the device and there are not entries anywhere in any of the logs I have looked into. 

IPOE Standard

Hi, 

Does anyone know if the Palo Alto supports the IPOE standard? I have a PA-220 that we need to use for a PPPoE Internet and I have just been told that they use IPOE which doesn't require a username & password. 

I suspect I could just set it to DH

I want to ignore to update ip-user-mapping information from other domain.

Hi,

My FW is updated ip-user-mapping information from only A DC with a.com.

A DC have been connecting Forest with B DC included b.com.

Sometimes, The FW has been updated users in b.com domain from A DC.

So I want to ignore to update user-ID from A DC fo

DNS server failover not working for GP client

We have a problem with the GP client and DNS. when the primary DNS server configured on the GP gateway is down, the GP client is unable to resolve FQDNs (over the split tunnel).  Once I reversed the and made the secondary (active) DNS server the prim

URL categories

1. Is there a limit to the number of URLs we add inside one URL category?
2. If i will add many URLs in this category affect Palo Alto performance?

Captive Portal certificate authentication not working

I am testing Captive Portal certificate authentication with enterprise PKI and it is not working. I have imported and configured cert profile using the enterprise root CA. When tried from the client machine, the request gets redirected to the captive