User-ID Policy not being used

We have an agentless User-ID setup. Firewall is able to pull user accounts from the AD.

User-ID based policies were created on top of IP-Based policies.

However, some user traffic can be seen using the user-id based policies, some users can be seen us

GlobalProtect Certificate auth debug

could anyone please advise a good way via cli to debug certificate authentication.

I have followed most of the log files but cannot find one related to GP authentication.

many thanks in advance...

API - list just device groups in panorama

Hi All,

Does anyone has any idea on how to list just the name of device groups in panorama using the api

if i do the following path:

https://mypanorama/api/?type=config&action=get&key=<my key>/config/devices/entry[@name='localhost.localdomain']/devic

Managing single pair of VM firewall with and without Panorama

Hi Palo Alto Community

I wanted to ask what are the pro's and cons of not using a Panorama for managing a single pair of VM-300 firewalls. From reading documentations etc, the main benefit of Panorama would only be if this was a distrbuted deployment

New Crypto mining URL category

Any plan from Palo Alto to create a new URL filter category for Crypto mining ?

GlobalProtect - MacOS Support for Unscoped DNS Lookups

I am running Global Protect 4.0.3 and everthing is wokring successfully with Windows Devices. When DNS requests are made for the seach domain "foobar.com" they are directed at the internal DNS Servers defined within the GP Client Configuration and th

Impossible? List unused Addres Objects?

I assume there is no report to list address objects that have not been used

Ones that may or may not be in rules, relate to long dead or incorrectly entered endpoints, that have not generated any traffic.

I have seen the "Shared_dup_and_unused... scr

Policy Rules for BFD, OSPF , DHCP and DHCP relay

Hi

So do I have to setup policy rules to allow OSPF, I have OSPF on the PA . But when i don't have the rules in place OSPF fails, when i have them it doesn't log anything 

DHCP, do I need it if the PA is running DHCP. what is the source and destinati

Looking for maximum cps made by the firewall since last reboot

Hello All,

I understand that there is show session meter, show session id and also show system statistics session 

But I would like to find out how many maximum connections were made in a second, since my firewall last rebooted.

I am looking for a num

Rules with schedules failing intermittantly

I recently upgraded to OS 7.1.15 on my PA 5050, I have two rules with schedules on them and have had for over a year.  In the traffic logs it was showing the traffic going back and forth between denying and allowing the traffic.  When I removed the s

Captive portal - how to logout?

Hello

I need to do changes to my  CP settings. Now I have CP in redirect mode and everything is OK.

I have task to setup few computers in library that will allow our students use internet - but after logon. This part is easy ... but students need it

Minemeld show Error when login "ERROR CHECKING CREDENTIALS: Timeout"

I clone VM Minemeld. Then I change IP & Hostname on Cloned Minemeld VM.

When I login on WEB GUI. It show message: "ERROR CHECKING CREDENTIALS: Timeout"

How I resolved this issue? What log for investigate?

Thank you

BrightCloud URL Filtering Service End-of-Sale Notification - how to change to PANDB?

Hello

On 01.02.2018 was anounced EOL  for BrightCloud. How to migrate to PANDB? I have active licence until june 2018. I'd like to migrate right now...

Regards

Slawek