Double NAT

Hi!
we have a couple of customer who use paloalto firewalls. We have always problem to connect two accesses through NAT via paloalto. We usually use cisco meraki and the communicate on the higher port numbers. It always work when we have one site that

Scripting

Who can provide me with a from scratch python script to create a new firewall rule? Im not looking to use pandevice or any of Palo Alto modules on github (my compnay will not allow us it import and use it.) Looking of a script that doesn't use pandev

PA-500 SSL decryption decrypt-error session end

I apologize of this is a dumb question as I know that some sites will have decyrption issues, but is it normal to have a lot of traffic log entries with decrypt-error as the session end reason?

None of our users are complaining that they can't get to

Getting the user activity report to sort by username not time

Hello,

I am wondering if there is a way to get the standard User Activity Report to be formatted by grouping by Username not the time of each event. I can get a custom report to group by user but it is not as nice as the User ACtivity Report.  We're

GP for many external clients

Does anyone have a good solution/setup for providing external clients with VPN access?  Not regular users/company employees.

We need to be able to provide these external clients access to different resources internally. IE webpages, server access usi

Firewalls in HA, how bring them in Panorama

Hello I have a HA Active/Passive pair of Firwealls in 7.0.5 and Panorama 7.1.9

I need to import configuration into Panorama. The process below is not clear if I need to do that for both firewalls

https://live.paloaltonetworks.com/t5/Management-Articles

NO-PROPOSAL-CHOSEN (14)

NO-PROPOSAL-CHOSEN (14) what could be the prossible reason for IPSEC tunnel failure.

Data Filtering log without File Name !?

Hi,

As the subject, does anyone seen this situation? 

Thanks.

WannaCry - how to protect our system with help from PANOS?

Hello

Is it a way to help protect our Windows systems from attacs from internet/lans using url protection (or other technics)?

According to https://mobile.twitter.com/msuiche/status/863284743940575232 it's using hardcoded url so it could be possible.

GP-AD user password expiry

When setting up a Global policy object for a Paloalto globalprotect user/group , the maxpwdage attribute does not match the, the password expiry date sent for Paloalto user, This can be confusing to know when the password actually going to expire for

GP Error( 51): Driver is not installed, reinstall it now!

Hi,

Related to this issue here however the error code is different, Link here

Upon checking the logs:

(T5392) 05/15/17 10:55:32:387 Error(  51): Driver is not installed, reinstall it now!

05/15/17 10:55:27[Info   297]: Driver inf file is installed suc

Preventing Users from Terminating Global Protect Client (Task Manager)

New to Palo Alto and looking to utilize GlobalProtect to filter students offsite on their laptops.  How have others gotten around the ability to kill the GlobalProtect client via Task Manager?  Use GPO to prevent Task Manager usage?  Just looking for