USer-ID cache timeout calculation

I am losing user-ip-mapping occasionally. I believe this is because of incorrect timeouts.How to calculate the ideal user-id cache  timeout for 1200 users.? I am using windows based user-id agent.

Using Windows server as intermediate CA

Hello. If anyone has any guidance, we will forever be in your debt 

Our set up is this. We are trying to setup GP with multi-factor authentication. 

We have a Windows root CA which is not domain joined

We have a Windows intermediate CA

We have a PA(ob

Global Protect 4.1 remember userid and password

I am testing version 4.1 of the Global Protect client and everytime I reboot, the client prompts me for the userid and password.  It did work fine on 4.0.6, but not this version.  I verified that remember userid and password was set to on in the Port

PA-5220 and Netflow

I have a PA-5220 and I am trying to configure a Netflow export out to my solarwinds server which is located at a remote site across a VPN tunnel.

I am aware that I cannot use the MGMT interface to export netwflow with this particular device, but I am

Rule Counters on HA Pair With Transfered Sessions

Let us say you have a firewall pair configured and rules configured and one day you fail them over - or they fail over. The primary is rebooted. When the primary comes back up all sessions are transferred back and everything is fine. Except, as I und

VPN dissconnect part II

So other than the time out settings for the GP client.  Is there limit set somewhere that tells it to disconnect a client for dropped, insufficient or any other packet settings

What is the Agent User Override Key used for in GlobalProtect

In the GlobalProtect Portal config(under the Agent tab), there's a setting for "Agent User Override Key".  I'm finding conflicting information on what this might be used for.

The firewall's help file says this field is used for disabling GlobalProtec

Global Protect not using new DNS servers

Greetings!

We recently migrated to a new DNS server in our internal network; With this, we also updated the configurations on the firewall configuration, and on the GP setup to reflect this. We have the PAN giving IP's to GP clients directly (not rela

TAXII or STIX generic miners?

Is it possible to have TAXII or STIX generic miners for internal custom feeds? We are exploring the data sharing between different vendors for our internal environment and instead of waiting for the vendor to come up with the integration, rely on ext

GlobalProtect Data File will not install

Greetings,

I upgraded to PAN-OS 8.1 / GP 4.1 in order to take advantage of the new interface.  This is a new deployment and I didn't want to roll out the old interface to the users.

Everything went smoothly except for HIP/OPSWAT v4.  I followed the i

GlobalProtect connection error "Could not connect to portal"

Hello,

We have 1 colleague is facing VPN connection issue, the VPN client is 4.0.3, PA OS is 8.0.3.

His certificates is valid and his colleague's VPN is working well, the same domain, the same VPN client version.

From his PC, is able to resolve the F

GlobalProtect SSO with SAML

Hello,

I have a customer who is having a unique issue with Global Protect using SAML.  The problem is not directly related to SAML but he states that prior to changing from RADIUS to SAML the issue did not exist.  The issue is with SSO. The customer