General Topics

Response Page: GlobalProtect Portal Login Page

greetings!

up until panos 8.0.7, i could reference logos and background pictures for my custom portal login page on secondary https servers. the web client would load them and display them.

now with panos 8.0.8, these externally hosted pictures do no

Global protect portal redirect to https

Hi,

We have a Palo alto in which if you try to access to the global protect portal using http, its automactically redirected to https.

For example: if we access to http://vpn.xxx.com , the browser redirects to https://vpn.xxx.com. So thats perfect.

Bu

https://www.airfrance.com not open

Dears

Although we set "Travel"category on no decryption rule befor decryption ,the web site

https://www.airfrance.com not open

i wait to install but the brows go to

External Dynamic List exceptions

Hello,

We have recently upgraded our FW to PanOS 8.x (currently running 8.0.8) and we want to use the newly added feature that enable to add exceptions in External Dynamic List.

However it doesn't seem to work since the configured IP we put in except

GlobalProtect internal gateways

I'm struggling with GlobalProtect and always on.I have it configuerd for Multi-gateways and that part works great.  My issue is when I switch WiFi networks to internal, the globalprotect still tries to connect. I have added internal host detection an

Running config not synchronized - Sync to peer

Hello ! 

We encounter a problem on a power supply on one of our Palo Alto. Since power supply replacement, we've the message "Running config not synchronized  - Sync to peer" but i've one question : Is the active firewall configuration will be pushed

Passive firewall initiating syslog connection

We've syslog configured on devices with tcp protocol on port 515. Our passive device syslog connection is breaking every 300 seconds. Can you help in understand why passive palo alto not sending keep-alive?

Sanity Check on a VPN Design

Greetings all,

I've been asked to set up a secure desktop for one of our departments.  The desktop will need access to a few on premises resources such as DHCP, DNS, and AD but, otherwise, it has to be restricted to allow connectivity only to a speci

Dual ISP ecmp, Failover, VPN and global protect

I want to configure my internal network to go dual isp with ecmp, isp Failover , VPN Failover and gp.
If anyone have any idea?

User identification error with AD

Hello everybody!

I have a problem with user identification and accordingly with security Policy.

In different computer, the same user is seen "user" or "domain\user".

The rules for work must have both type of user format. This is a big limitation.

Where

Microsoft Active Directory DCSync Attempt Detection Vulnerabilitiy

Today I got many critical alerts from Palo Alto Firewall.

Threat Type: vulnerability
Threat Name: Microsoft Active Directory DCSync Attempt Detection
ID: 54406
Category: info-leak
Content Version: AppThreat-8010-4662
Severity: critical

Does anyone has the

SAML for admins auto login or redirect to idp?

I've successfully  configure SAML with a Shibboleth IDP for administrator access, however, the login process still requires two clicks : One to select SSO, and another to continue without a username. I'd like to provide a better user experience for a