Global Protect user id and machines

Hi ,

Is there anywhere that I can restrict that client vpn user "BOB "using the global protect that can connect only once and not many times the same time from different systems like I have users connecting from the mobiles , tablet and computer the

App-id Matching Process

I'm running PA-VM and created with one active rule:

From: Inside

To: Outside

Application: Web Basic Application group (ssl,dns,web-browsing,ping)

Service: application-default

Action: Allow

SSL Decryption is disabled

I'm facing issues browsing to website

SLL Forward Decryption and Spotify

Hi All,

Today I decided to implement SLL Forward decryption. Everything is working great except for one thing, Spotify.  I know what you'll say, "You allow spotify?. Yes, but just for me. With decryption disabled spotify works fine, with it enabled i

Adding sub interface to existing interface

We are currently using our 3260 firewall to handle BGP to our MPLS router.
the connection is trunked through our core switch, Native 200, allowed 200 & 255 (mgt & bgp respectively)

Router 1:

G0/1 10.200.254.3 (mgt)

G0/1.255 10.255.255.129/30
Firewall:

E4 1

How to update the BGP Imports in a Panorama template

I am trying to update the Import values in the BGP parameters in the Virtual Router in a template on a Panorama. My command looks like this:

set template Test-Template config network virtual-router default protocol bgp policy import rules Route-IN-MP

firebase-cloud-messaging app-id additional ports may be required

Hey there,

Here's something that was brought up by one of our teams. According to this kb article cloud messaging also needs these ports.

https://firebase.google.com/docs/cloud-messaging/concept-options#ports_and_your_firewall

I was able to find logs

How to change from category insufficient-content to Private IP address?

Hi Teams,

How to change some intranet website from category insufficient-content to Private IP address?
i already use portal to request change.

but, when i choose category Private IP address, this category is disable and can't be click.

i believe we alre

Panorama 8.0.2 - Buggy???

We have multiple models of FW hardware running primarliy 7.1.9 and it seems like since upgrading to Panorama 8.0.2 from Panorama 7.1.9 that it is almost painful to make changes. It seems everytime we push to devices something fails. Today specificall

Shared Objects in Panorama

Is there a concept of shared objects at multiple levels in Panorama ?  For example, I can have a top level setting at the shared level which says password length is 15 characters and I want that to go to all firewalls.  What I need, is a second share

Cisco WLC integration problem with PA.

I have Cisco WLC 5508 , kiwi syslogd and PA.I can see snmp traps in Syslogd but only username is visible , ip address of the client is missing.Can anybody help how to parse it in Palo alto Firewall.

Regards,

IPSec VPN with cert authentication: RSA_verify failed

Hello community!

Created a VPN Palo Alto - Cisco Asa with certificates for Ikev2 gateway authentication.

Cannot establish the VPN. Did a debug and get the following error when the palo alto is trying to validate the ASA´s certificate

[PERR]: RSA_veri

session time-out need some understanding

We hare seeing some oracle session being aged-out. When i checked session info tim-out it says 120sec. But the application time-out itself is for 14400 sec . Where does this value of 120 sec come from.

mtr

Hi,

from the above output the second hope is the pa firewall , the loss is 98.2% , What does it mean ,
I dont have traffic shaping in firewall 
 
Thanks