URL categories

1. Is there a limit to the number of URLs we add inside one URL category?
2. If i will add many URLs in this category affect Palo Alto performance?

iPad Global Protect Auto Connect

Good morning,

GP works great on our iPads, except you need to open the app and hit 'connect'.  Sometimes it becomes disconnected and needs to be done again.  This is for K-12 students, so we're hoping there is actually a way to force persistence.  Is

PA VM and SRX IPsec -- 2 Phase-2s using the same Phase-1

Hello,

If someone would like to establish 2 IPsec Peerings between a PA VM and a Juniper SRX, can you use the same Phase1 for 2 different Phase2 on the Palo Alto ? 

Phase1 is IKEv2 if it matters.

trouble with DNAT ( https to http )

Hi - I am unable to redirect https://mypublic-ip:7788 to http://myprivate-ip:8899 using DNAT. Any idea please. Tks.

support portal

Is there an issue with the support portal. Unable to create a new case

GlobalProtect says "Connected" to quickly........

Someone can stop me if it's meant to do it this way, but if feels like a bug that needs fixed.

GlobalProtect 5.0.4-16

PanOS 9.0.1

HIP Checks in place

Scenario:

Using HIP checks to limit scope of connectivity to internal network.

Issue:

Let's say that one

Device Average Memory Usage High PA-3060

We have observed a high memory utilization on PA-3060 ,do we have to upgrade our RAM or this is normal behavior?

 show system resources

top - 02:47:35 up 631 days, 20:43, 1 user, load average: 0.02, 0.04, 0.05
Tasks: 117 total, 1 running, 115 sleeping,

Global Protect UpGrade Windows Installer

Pushed the global protect client out through SCCM. Which works, but when the auto update is applied, we end up with the windows installer issue. the msiexec /Option error

I have checked to make sure no other installer is running, and there is nothing

Path Monitor... source IP must be within the same subnet as destination?

I'm trying to monitor the availability of one tunnel, to re-route the same destination traffic into a second tunnel. The other side can't do routing protocols right now--which would solve this easily.  I hoped to find a non-manual way to fail over.

I

Allow techblog.netflix.com without allowing netflix-base?

Good day,

if you try to open http://techblog.netflix.com our PA currently recognize it as netflix-base.

Is there a way to declare it as normal web-browsing if they try to open the techblog page since we don´t want to allow netflix-base for our users?

Palo Alto - TCP Normalization

Hi !

We are migrating to Palo Alto from ASA Where ASA TCP normalization is enabled for option 28. 

How we can achive the same in Palo Alto ?

Global Protect pass OpenVPN traffic?

We have deployed GP full tunnel VPN across the enterprise. We have some departments using OpenVPN, 

My question is why can't users use OpenVPN without having to disable GP first. 

thanks,