Globalprotect SAML Auth with Azure and MFA not prompting for MFA after reconnect

Hi All,

There are a few topics on this.. I read most of them still unable to resolve this..

we have panorama with managed FWs (10.2.6) and GP portal and GW setup pointing to SAML profile that integrates into Azure and Azure IdP for MFA

at first log

Prisma global protect

Bonjour,

Lorsque l'on configure la gateway global protect sur Panorama, que doit on renseigner dans la partie " IP de la gateway externe" sachant qu'on se connecte à une gateway France North ou France south dans prisma?

Pareil que doit on mettre po

static ip with vlan

HI ,

I want to configure static ip on panos 9.0.x .very old demo verion on kvm

without static ip i am able to do very basic task .

my isp use pppoe , with username and passwd to login in router .when i add static ip to vlan i dont get internet ,only ge

Virtual Wire & Virtual System assignment issue

Hi,
I hope this message finds you all well 

I have some configurations questions regarding virtual wire in PAN-OS FW that support multiple virtual systems, i would like to get some official documents regarding virtual wire configuration and assign it

[INT] Alternative for Data Lake

add TWISTLOCK_CONSOLE env variable to twistcli

i am not sure if this is the right place to suggest this, but i think it will be really handy to have such an env variable i can set up in my zsh profile file (for example), and not having to write `--address $TWISTLOCK_CONSOLE` every time. similarly

PA-440 cannot resolve domain names to ipv4 addresses on CLI

Hello all, 

Do you how to configure resolve domain to ipv4 address on CLI PA-440?

I have set the setup->service-> primary DNS server, and all interface ipv6 are disable. 

But I ping a domain name on CLI, the resolved address returned is the ipv6 ad

RabbitMQ App-ID Misidentified

We have a Security Policy Rule with Application rabbitmq, and Service is application-default. In the same Security Policy Rule, we allowed the dependant applications amqp and SSL. When we test traffic, in the Traffic log, we see it matching the zones

DNS Rewrite and NAT Traffic and without NAT Traffic

Hi,

We have scenario in which two different subnets in DMZ Zone communicating with Internal Zone but 

1. One subnet is allowed to communicate with Internal Subnets (Internal Zone) without NAT (Source or Destination).
2. 2nd subnet is allowed to communicat

not able to open support case

not able to open support case

Error: Total number of profiles (76) exceeds platform capacity (75)

hello everyone：
What are the security documents here?
Anything else?
Is there any command to check how many profiles have been configured?

1、url filter 

2、antivirus
3、anrispyware

4、vulnerability
5、file block
6、wildfire
7、data filter
8、dos

GlobalProtect Client Certificate not Found

Hi All,

I am trying to demo pre-logon and am really struggling with the client certificate authentication side of things.

I've generated a Root CA on the firewall which has been imported into the Personal and Trusted Root Stores of the machine.

The po

Global Protect switching from Pre Logon to User

Hello,

We have an issue where many times Global Protect clients are not switching from the Pre Logon user to their logged in user name.  Certs are deployed and Pre-logon access works.  IT can remote on to troubleshoot a PC that is just at the windo