Overlapping GlobalProtect Portal agent config AD groups

Does anyone know how Palo treats overlapping Active directory groups for portal agent configs?  Is the list read top down for handing out configurations to the agent if a user exists in multiple groups identified by the portal?

Google Safe Search Update

Enforcing Google SafeSearch with Palo Alto Networks Firewalls - Lockstep Technology Group Blogs

Enforcing Google SafeSearch With Palo Alto Networks Firewalls

Lockstep works with a number of organizations that require filtering of inappropriate web base

Redistribute ebgp route into ebgp

Hi Team,

I have EBGP peering between PA- Router using EBGP. learning route 10.10.1.0/24

I want to advertise those EBGP routes ( ex 10.10.1.0/24)  learned by PA  to AWS where I have another EBGP peering between PA and AWS.

Could this be done in Palo A

UDP issues after network outage

We're experiencing multiple issues with udp-based applications after network outages. A common problem is that udp tracking sessions (I assume from ALG) in PA for DHCP create issues and clients are unable to attain IP-address. This error must be manu

Convert Lab license to prod - Possible to do with a purchase order?

I have a set of 3020 that are lab that I need another set (for consistency) but the 3020 are not available for purchase.after today.  Is there a way to switch these to prod (for an additional cost)?

Persistent issue with APP-ID Reliability

Hello all. I have had an issue with PANOS since 7.0 (Currently I am on 9.0.2-h2) where the application id feature is not reliable in security rules. I can add a rule and for example lets say I allow ssl to 10.1.1.1 from 10.2.1.1 no user restrictions

GlobalProtect Clientless VPN inactivity and session lifetime logouts enforcement

Good day,

 Inactivity and session lifetime forced logouts are not enforcing logouts on open clientless applications. Currently running 8.1.8H5 and have found that clientless application sessions are remaining open even after a forced logout.  Going ba

Global Protect Client on Linux cannot connect to local gpd

Hi, have this problem since a few releases back.

Installed latest Globalprotect client for linux, currently 5.0.3. Install ok, runns ok but doesent activate and connect.

root@khazad:/home# systemctl status gpd
● gpd.service - GlobalProtect VPN client da

IKEv2 between PAN-OS 8.1.9HF4 and Cisco IOS routers or ASA devices

I am trying to setup site-2-site VPN between a Cisco router and PaloAlto 820 running 8.1.9HF4.  Everything is working fine in IKEv1

but it is not working in IKEv2.  Look like PaloAlto is not playing nice with Cisco devices.  If I replace the PaloAlto

Redirect some FQDN to VPN

Hello,

It's possible to redirect some domain name  (exemple: *.com and *.net) to tunnel VPN ?

I think that it's possible by creating address object and use by policy based forwarding for redirection, but  I can't use wildcard match all *.com.

thanks.