Hello allis it possible to put timestamp in user activity report for chronology?I am checking the Including detailed browsing but i can not see in the report which user or group of users at what time went into some resource
I have customer using TMG holding public ssl certificate for mail . The mail server doesnt have ssl certifcate.Customer wants to eliminate TMG and using palo. Can palo hold the cert to authenticate the ssl . Mail serversits behind the palo in trust zone.So customer will login to https://customer_mail.com. which has public of the palo. Palo holds...
Hello all, Here is my question. Can I configure on the same firewall one global protect profile to only authenticate users based on certificates and a separate profile to authenticate users based on their AD credentials? Currently I have authentication working with AD but I want to create a separate profile for certificate authentication. Each p...
Is it possible to have more than 1 Global Protect portal and gateway on a single appliance? We use tunnel all mode with a route of 0.0.0.0/0 for all of our users. However today a vendors need access but want to use their own systems at the same time. In this case I would not want to tunnel everything, only our private subnet.
Hello,is anyone using ocsp as single app in a rule ? It's sometimes failing to match, seen as "web-browsing" although on very easy to recognize URLs such as ocsp.comodoca.com. Quite annoying when you debug a third-party software failing to setup because of this but only mentionning "cert chain failed".App version 752-4343 on v8.0.5.thanks !
Hi Guys I have created a new parant Device group that contains shared rules for sub device groups under it. The rulease are zone specific and this is where the problem comes in, I get the error below when commiting to specific device. Last Push State DetailsDetails:. In VSYS vsys1 from zone inside of type layer3 and to zone MPLS of type unknown...
Hi, We have installed PA with Minemeld. Everything is working fine but sometimes we can not access to any function in O365 online (for example "to create a new word cocument"), so we go to PA and we see that in URL logs that PA is blocking this web. So we go to minemeld and we dont see ths new web. So we have to add this web in "allow list" in...
Hi,have a PA200 Updatet from 6.1.x to 7.0.1 and now i get ther error PAN-DB download failed. Please check your network connectivity, DNS settings, and NTP settings. This comes when i will reactivate the PAN-DB licenses because there i no downlaod "Cloud is not ready, There was no update from the cloud in the last 125 minutes. ". I found this hel...
Hello, We are using this Security Policy:Source->Inside, User->any, Destination->any, Application->any, Service/URL category->any, Action->allow.We are using Group Profile under Profile Setting with a URL Filtering Profile 'test-URL'.In this URL Filtering profile, we have blocked the categories: gambling, weapons, etc. and allo...
Hello, Using PAN-OS 6.1.17. At first, Bandwidth graph was not showing in both Chrome and IE. The only change I made was adding all the classes into the QOS profile. The classes that were in use by QOS were already showing up in the other statistics tabs before I added them to the profile, so I assumed that they were only required to be added to ...
Hey guys, I already know how to get my Linux clients (Ubuntu) to connect via xAuth, and it works great. However, I've been tasked with implementing MFA to the VPN infrastructure. Works fine for the Windows/Mac clients using the GlobalProtect Client. However, my Linux clients can't connect because they never receive a prompt to enter their token....
There are few triggers that could cause a failover in HA cluster.I'm interested to understand the difference between manual (graceful) and a hard failover like Link Down. In a matter of network traffic loss, is there a difference between Link monitoring triggered failover and a manual failover? Meaning, would the manual failover will cause less...
Can someone tell me what the supported configurations are for an active | active dual wan configuration in regard to physical wiring. Can I have one ISP connected to one Palo and the other ISP on another Palo or do I need both connected to both, run through a switch with two external VLANs and a virtual IP on either ISP? Tom
I have a HA-pair of 3050s in my corp office with an single existing IPSEC tunnel to a remote office on a 200. The remote office has very poor reliability on it's existing connection and the local ISP has provided them with a backup satcom link they can use when the prime connection goes down. the HA-pair sits behind a Single IP that's managed vi...
Hi,I'm setting up GlobalProtect, which works just fine. Now I want to restrict GlobalProtect access to only 1 AD group. I created a separate GP authentication profile with my ssl_vpn AD group in the allow list, but as soon as I commit that allow list, not a single user can log in to the GlobalProtect anymore.Is this the correct way to configur...
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
