Global Protect - Clients with excessive failed logins

We've had Global Protect in production for a while now, but it has just recently been brought to my attention that we are having a lot of users locking their accounts out.

The GP client prompts them for their AD username / password. Maybe they fat-fin

HA First time Configuration

Im installing a single Palo at present with the intent of adding a standby unit in the near future. My question is regarding the interface addresses on the standby unit.

What do i need to configure on the standby unit in regards to IP addressing apar

VPN to Azure dropouts

I have searched high and low for this and found a few articles regarding IKE configuration and nothing seems to fix it.

PAN 3020 v7.0.5. IKE 2 VPN to Azure. The VPN works but around every 50 mintues the tunnel drops out for a few minutes then re-esta

different content of backup files.

Hey!

I'm using curl and the xml api to automtically backup the config of my PA-3020:

https://live.paloaltonetworks.com/t5/Management-Articles/How-To-Backup-of-Config-Files-Periodically-without-Panorama/ta-p/77312

However, the content of that file looks

Skype for Business problem after migrating from ASA to PA-820

We  encountered with the problem of Skype for Business application , it needs to say
that all another applications are working well, but after migration from Cisco ASA to
PA-820 we  saw only tcp-rst-from-server message from remote server to local serve

Sharefile custom URL site allow

We block access to sharefile.com as a whole.  But we do have a sharefile.com company site which we allow access to.  The problem that I am running into is this, when a user attempts to download a file from our sharefile site a random number will be g

Self-signed Root CA Certificate FQDN?

I’m planning a test deployment of a globalprotect vpn, so currently going through the guides to see what’s needed. Part of the requirements if not using a trusted CA is to generate a self-signed root CA.

What should the FQDN be on this cert? The deplo...

Confused about zones

I'm currently migrating from a pair of Cisco ASAs and the zones have me a little confused.

Right now I have interfaces on the ASAs of inside, wireless, outside, dmz-private-web, dmz-private-db, dmz-public-web, dmz-public-db, dmz-dev-web, dmz-dev-db.

HA sync times

Recently I have noticed that it is taking longer to commit and sync the changes from my active PA to my passive PA and the management plane ramps up to 38%. any suggestions

Install MineMeld from sourcecode

Hello,

Is there any way to fully deploy minemeld from the source code?