After upgrading to 8.1.1 VPN always on pre-logon->user-logon failings

Wondering if anyone else has seen this?

We upgraded to 8.1.1 from 8.0.8 this morning and immediately had users reporting their VPN client prompting for credientials over and over again forever. The firewall says invalid username/password hwoever we c

Anyone use "Expired Active Directory Password Change for Remote Users" in PAN version 8.1 and GP Ver

Hi,

Anyone use "Expired Active Directory Password Change for Remote Users" in PAN version 8.1 and GP Version 4.1?

https://www.paloaltonetworks.com/documentation/41/globalprotect/globalprotect-app-new-features/new-features-released-in-gp-agent-4_1/expir

UDP log that hit any deny rule and show allow

Hello, i have a question about UDP session

rule 34

untrust any

trust any

app icmp, traceroute, ping

service any

action allow

rule 214

any any deny

you can see allow log hit rule 214

i found similar case about tcp.

https://live.paloaltonetworks.com/t5/Manag

Moving a Layer Two Switch between FW pair and Edge Router from ISP Issue

We are attempting to move a pair of VCP'd layer 2 switches between our ISP's CIENA and our PA 5220 pair.  Our ISP is only giving us a single handoff so we were attempting to plug the handoff into the layer 2 switches (nexus 9ks with VCP) on a access

Master key and HA 1 ip address

Is it possible to push master key and ip address of HA 1 from Panorama to managed firewalls? Or it must be created locally on firewalls?

World Cup 2018

Anyone have a custom APP-ID to block world cup 2018? or is palo going to release one?

Failed to resolve domain name

Hi,

i get in the system monitor a message Type dnsproxy and event resole-fail mgmt-obj

 'Failed to resolve domain name:server.domain.com after trying all attempts to name server(s): IP_from_internal_DNS  8.8.4.4 '

and i dont know why.

I have set and Obje

Globalprotect client VPN for remote users and Office LAN users?

My company has a number of offices which do not have an on-site fw but instead have a router to connect to corporate MPLS through which they also receive internet.

I’ve been asked to look at implementing a globalprotect vpn for all users whether they ...

Global Protect and CCMCACHE

I have a user that I am trying to reinstall Global Protect (v.4.0.6-7) for. However, whenever I try to install it, i get  message that it is trying to find globalprotect64.msi in c:\windows\ccmcache11. CCMcache11 does not exist. So I pointed the inst

OSPF Adjacencies Flapping over IPSec Tunnel

Hello,

I would like to open this issue up for discussion, and possible resolution.  We have an IPSec Tunnel between two Palo Alto Firewalls (PAN 3050 & PAN 820), and we advertise OSPF routes to interconnect both sites, over the tunnel.  This was work

want to upgrade to 8.0.X

Hey guys,

I have a HA pair of 3020s with 7.1.7

and a single 820 firewall with 8.0.2

Which version can you recommend for the 3020s and the 820?

8.0.5?

8.0.6?

Is there anything to be aware of?

PA-5200 QSFP+/HSCI DAC Cable type

Hi,

PA writes in his Front Pane description HSCI port "PA-5220 firewall —One QSFP+ 40Gbps port (supports only a 40Gbps (QSFP+) transceiver or QSFP+ active optical cable)." and nothing for the QSFP+ ports.

Does PA-5200 also support 40G QSFP+ DAC Passi