Can everything besides DCs be on 2019?

I know Server 2019 isn't supported yet on Domain Controllers for User-ID, but is there any other type of server that Palo needs access to that can't be upgraded?  A team is asking if they can upgrade DFSR to 2019

Strange DNS issue for users

Hi All,

Any idea on this one?

I have some wireless testing underway which seemed to be going without issue. All of a sudden, any browsing to .co.uk domains stopped working, followed by .com domains failing as well. A short while ago, .co.uk domains s

Suppress GP notification

We have upgraded our GP Client to version 5.0.1-9

Since then we are getting notification window in bottom right which keeps on trying to connect while the device is on corporate network. We need to click on the GP icon to minimize the notification how

Globalprotect Kerberos Service Tickets

Hi Community,

I'm wondering regarding Kerberos SSO with Globalprotect:

From my understanding of Kerberos, the GP-Client should request a Service-Ticket for http/<fqdn-portal> and http/<fqdn-internal-gw> for authentication via SSO.

The authentication w

Which is the best monitoring option for redundant IPSec Tunnel?

Hello.

I'm trying to configure dual ISP and automatic IPSec tunnel failover.

Network diagram looks like picture in here(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClFiCAK).

And IPSec peer devices are Fortigate.

Not like a

Issue with UserId agent

Hi, 

We are having an issue connecting our UserID agent (version 7.x) with a DC in W2016. We have Userid agent version 7, we know that its not compatible useridagent 7.x with Windows server 2016, but we have several DCs in useridagent 7.x and one of

Upgrading HA setup in large steps

Hi,

I'm going to upgrade a PANOS 5.0.14 to version 7.1.

As I understand, the correct sequence is:
Update PAN-OS 5.0.14 to 7.1.x:
Download 6.0.0
Download + install latest 6.0.x release (reboot)
Download 6.1.0
Download+Install latest 6.1.x release (reboot)
Dow

Unrusted Cert Warning on IE

We have created SSL cert for the PA web gui from our internal CA.

When we access PA web gui via Chrome it is good.

When I use IE it get the cert untrusted cert warning message?

How can i fix this ?

Odd duplicate ping issue. DUP

I have a strange issue.

I am setting up a new 850 HA pair A/P

To the outside world is a LACP Aggregate, connected to a HP switch. 

All was going well when testing, I can ping a dummy device (laptop) fine on the outside switch from the firewall.

But w

How to Configure Email Alerts for System Logs to monitor firewall performance

My Requirement is to configure email alerts so that I will get email notification when my firewall got shutdown automatically , rebooted due to any cause .
Previously I configured high alerts but that was also throwing unwanted alerts so please help m...

ms-remote-registry \ ms-local-user-management Not Detected

We have been testing detection of the msrpc applications and have noted that not all sub-apps seem to be properly detected.

Specifically, ms-remote-registry and ms-local-user-management are not firing when we generate this network traffic and are sti

Connection error in FS-ISAC Prototype

Hi all,

I'm trying to create a Minemeld miner to download FS-ISAC IOC feeds. I followed the configuration indicated in a previous post on this same topic (https://live.paloaltonetworks.com/t5/MineMeld-Discussions/Prototype-for-FS-ISAC/td-p/159162). H