MFA with non-browser based applications

I have my MFA (using Duo) sort of working with non-browser based applications. However I am experiencing an issue that is an identical result whether I use SSH (putty) or RDP (remote desktop). Basically I am timing out because I cannot get through th

Planned Service Maintenance for the Cloud Services- Logging Service Infrastructure

Dear valued Palo Alto Networks customer,

Please be advised that we have a planned service maintenance for the Cloud Services- Logging Service Infrastructure scheduled from 03/20/2018 10:00am PDT to 03/20/2018 4:00 pm PDT. 

We expect the service to

Custom Application Signatures

Curious if anyone is successfully using the commvault application within their Palo Alto application policies? We tried it and it is not working at all to detect our CommVault application traffic. The details on the application itself seem quite old.

speedtest.net giving different results VM vs. PA-220

after switching from a PA VM on an ESX to a PA-220 i noticed a huge decrease in throughput from speedtest.net - with the VM in vwire or l2 mode i am getting rates consistent with native line speed (around 500Mbit/s down and 250Mbit/s upload). With th

Global Protect 4.1 Password Length

Is there a password limit to the new Global Protect client 4.1 for Windows?  It seems to stop at 20 characters.  It made me chuckle to think that PA was limiting the number of characters we can use.

Thanks,

   Steve

Active/Passive PAs Connected To VPC Nexus 7Ks

This was also posted on the Cisco forum because I'm not sure yet what is the problem's root cause. So I'd appreciate insigt from the Palo experts as well. Below is the problem:

Each 7K can ping the active-pal. Active-Pal is connected to 7K A, so  Act

syslogMiner not working

I have configured the syslogminer node as per https://live.paloaltonetworks.com/t5/MineMeld-Articles/Using-the-syslog-Miner/ta-p/77262

I have checked the firewall is sending syslog for threat events on TCP 13514, BSD format, LOG_USER facility and I

Assigning DNS A-record to GlobalProtect Client?

Hello PA Community!

We migrated to laptops and GlobalProtect always-on pre-login VPN solution several months back. We are currently at a point where around 50% of our clients haven't talked to WSUS in quite some time because their DNS records are get

GlobalProtect Client for Mac Sierra not working

We discovered a issue with new Mac machines pre-installed with MacOS Sierra 10.13.3 or higher and GlobalProtect 4.1.  If you already have GlobalProtect 4.1 installed prior to upgrading to MacOS Sierra everything works fine.   If you install GlobalPro

GlobalProtect Client for Mac Sierra not working

We discovered a issue with new Mac machines pre-installed with MacOS Sierra 10.13.3 or higher and GlobalProtect 4.1.  If you already have GlobalProtect 4.1 installed prior to upgrading to MacOS Sierra everything works fine.   If you install GlobalPro

Commands to edit BGP AS Number from CLI

How can I edit the AS number on a PA firewall from the CLI?

i need to change it in a production environment without access to the webUI

in the gui this would be | Network tab | Virtual Router | Select VR name "MPLS in my case" | BGP tab | and change t