Trusted MFA Gateways

What to type? What format? The doc doesn't say...

I'm testing MFA in non-http traffic, and have enabled "Inbound Authentication Prompts from MFA Gateway"

But what to type here:

In Trusted MFA Gateways, specify the list of authentication gateways a Gl

Issues with Group Mapping

Hello,

We just recently moved to PA-500 and we are running 7.1.6. I was able to successfully add my LDAP to my group mapping however when I try to select my security groups instead of showing "Domain\GroupName" it is showing the AD distinguished name

Captive portal Redirect not working for some android devices.

Hi,

I have captive portal setup in guest zone .The setup is working fine for some mobile devices (android) and laptops where the users are presented with captive portal login page once they try to browse inernet. Some mobile android devices are facin

Clientless VPN - pass creds to applications

Hello,

one of our customers want to use PA as SSO for their applications.

Have you any idea if it is possible ?

We can use Kerberos or LDAP for clients authentication to PA but what about pass it to the application ?

Palo Alto Networks Firewall detected a url that i havent visited

Myself sai, working as cyber threat analyst. When I am working on one issue, I have checked the risk report of the url - www.weddingsonthefrenchriviera.com in Virustotal, IBM X-force website, URL Query. However in palo alto web interface it is showin

Global Protect - Minimize Panel

I'm working on a pre-logon configuration for GP. After it connects, the panel maximizes. Is there a way to keep the panel from maximizing without removing the app from the system tray? I don't want users having to close the window after it connects.

T

Global Protect Commit Warning

Hi,

I'm getting a slightly perplexing commit warning from Global Protect. I am using almost entirely defeault settings for the Portal Agent, so I'm not entirely sure what this warning is pertaining. My only guess is its referring to the setting I hav

HA3 Port Link Monitor Yes or No

Hello, 

Would it be best practice to monitor the HA3 port in Link Monitoring, or is that something the PA would be doing anyway, as its a HA link?  

Thank you,

OS 7.0.12 to 7.1

Can you upgrade from 7.0.12 directly to 7.1? Is there anything you loose? 

Fetching WildFire server eu.wildfire.paloaltonetworks.com:443 info failed

Anyone else seen this? All service routes are the same. File upload to WildFire works fine. Nothing blocked in the traffic logs.

PA 7.0, GP and RSA-ID double authentication

Hi,

There is a deployment with RSA-ID as OTP and GP as VPN client (3.1 or 3.0). PAN-OS version 7.0.14.

After the recent upgrade from 6.x to 7.x an issue showed up - when authenticating from GP - login information is asked twice.

This seems like a known

Best way to prevent brute force attacks (LDAP) on public facing Microsoft RDWeb login page

We are using Server 2012r2 RDS gateway and have the PA configured to with a security policy to allow the untrusted traffic (ssl, rds, http)  that is NATed to the internal rds gateway.   We are seeing a lot of failed audits in the logs on the terminal