Error: "Detected another instance" An old GlobalProtect instance exists... (Mac 10.14.5)

New Macbook pro, MacOS 10.14.5 the user account and applications were migrated using migration assistant.

In the past this works fine. User is getting continual popups: 

Steps taken: uninstalled using globalprotect installer. Reboot. Reinstall. Same er

PA-5220 HA Configuration

Please can someone shed some light on the following issues which we are facing for PA-5220 HA Configuration:

1. We can see port lights on HSCI port but not on HA-1/HA-2 ports even when they are connected,. Should they be enabled somewhere because in GUI

Connection between two DMZ zone with MPLS

Hello,

We have a server on the DMZ zone and another server in the other DMZ site.

We need to allow traffics between the two DMZ zones with the MPLS connection.

I don’t know how can I put this configuration on my PA firewall or maybe I should contact my

IPSec / returning ESP packets dropped when terminating interface is in a different zone

Hi all,

I have an IPSec tunnel connecting to an old SSG. Tunnel came up successfully and SSG can see the traffic and is returning correctly into the tunnel. However PAN's decrypt counter remains 0. When i did a packet capture, the returning ESP packet

How to disable SSH weak algorithm supported

We used Nessus to run security scan on the PA-5220 we are trying out and it came back with the following medium vulnerability:

https://www.tenable.com/plugins/nessus/90317

The remote SSH server is configured to allow weak encryption algorithms or no al

Do I need SSL decryption to turned ON for Wildfire deployment ?

Can Wildfire engine detect & identify zero day or known threat if SSL decrption feature is off in Palo Alto firewall ? 

WildFire can discover zero-day malware in web traffic (HTTP/HTTPS), email protocols (SMTP, IMAP, and POP), and FTP traffic and can

HA1 encryption issues?

Hi

Random question but has anyone had any issues when enabling HA1 encryption?

I performed a BPA yesterday and noticed that we do not have HA1 encryption enabled. I looked into it and seemed like a very simple/quick win to do and after following step

Authentication Profile

SAML with RSA MFA authentication profile is getting synced on the HA active/passive firewall.  The issue is that each node needs it's own unique authentication profile.  As soon I change it on one node it sync's to the passive node.  Is there any way

BUG -106914

BUG -106914.

this is mentioned in 8.1.9 PAN OS as addressed issue.

  Please find the detail:

Fixed an issue on a firewall in a high availability (HA) active/passive configuration where HA1 and HA2 links stopped passing packets, which caused a split-brai

PA HA timers : Preemption Hold Time vs Promotion Hold Time

Hi!

What are the difference between in the Preemption Hold time and Promotion Hold time?

Dates of dynamic updates only in Panorama, not firewall

Under General Information in Panorama, both the version numbers and dates for the installed dynamic updates are listed like this:

Application Version 8172-5560 (07/17/19)
Antivirus Version 3042-3552 (07/17/19)
WildFire Version 367098-369809 (07/17/19)

Unable to run minemeld over HTTP

I'm unable to run minemeld over HTTP. This is in a test environment and I do not have a cert at this time.I tried the suggestions on other forums with no success.

Prototype for FS-ISAC

I understand that Soltra is part of the existing 3rd party intelligence feed, just wondering has anyone created a prototype from FS-ISAC? THe portal address is https://portal.fsisac.com/

Understand from FS-ISAC, they uses Soltra as part of their in