Firewall bidirectional nat

I configured the bidirectional nat. After the configuration is complete, it can be accessed from the outside, but it cannot be accessed from the internal network. The link I visited is https://anyshare.positecgroup.com/#/
The public address is 218.4.7

Does Dynamic Group Tagged address through API survive reboot?

It appears that these are synchronized through HA, but do IP address objects registered/populated to a Tag through the API survive a reboot? 

Native Duo 2FA for GlobalProtect can't select Auth Profile or Auth Policy Zone

I'm moving to LDAP auth with Duo 2FA. We need a better answer than RADIUS as we've found Duo's Authentication Proxy functionally limited and crash-prone. Using Mitch Densley's video guide for PAN-OS 8.x as a starting point, I've gotten my Duo applica

Production issues with 9.0.4?

Hello Community!

Has anyone made the jump to 9.0.4 on their production firewalls? I have read the release notes and installed it onto my lab unit. Just checking to see if anyone has had any issues outside of what is in the release notes. Currently we

Reboot / Shutdown options not displayed in Web UI if Role-Based Admin is used

Hi,

I have created a role-based admin account with all rights enabled for the Web UI and superuser rights enabled for the CLI.

After login to the Web UI using this account, under Device -> Setup -> Operations, the reboot/shutdown operations are not dis

Query about admin credentials

Hello Team,

We need your support to provide specific access to system admin user. We need to provide access one of system admin only for configuring VPN user & create system admin user. Kindly confirm can we create a custom admin profile for above ta

Not able to normalize UPN name retrieved from SAML assertion

Hi Team,

We have configured SAML SSO authentication for Global protect. Microsoft Azure has the active directory we have configured it as identity provider and service provider as Palo alto global protect. Trust established between Idp and SP and we

Restrict GlobalProtect connection from a single Linux computer

Hi everyone,

I must to implement some VPN access control based on computers. By this way, a user will only be able to connect to VPN if agent is executed from a specific computer.

I have read the documentation but I don't find if I can restrict the c

Https traffic to http

Hi Guys,

I have a webserver hosted for public access using http. Now I want to know is it possible to NAT traffic entering to palo alto as https from outside to http as inside.

So user will try to connect server using public IP on port 443 their port

User-ID in multiple vsys failing for vsys2

Both vsys1 and vsys2 are using same agentless settings and are accessing same DC servers. While vsys1 shows as connected vsys2 shows nothing under status and system logs show 'connect-server-monitor-failure'. I have rechecked password in both vsys bu

Globalprotect - supress version mismatch popup?

When a client uses a version (4.1.13) different to what is available from the gateway, they see a popup prompting them to upgrade/downgrade.

How would I go about turning off this popup?