URL Filtering - Allow access to sites or categories by AD Group

I am a complete newby here. We are migrating from Websense to PA URL Filtering. I would like to duplicate policies so I can allow certain people access to specific web sites or categories, but continue to block everyone else. This should be seamless,...

Cannot authenticate to the GlobalProtect website to get the client.

Users cannot authenticate to the GlobalProtect website to get the client.  Users that downloaded the client before this issue was reported can authenticate with the client.  I verified this issue with my own login.  I cannot reboot this firewall duri

Monitor threat - URL/FileName

Hi,

in monitor threat I can't view URL/FileName in details.

I want to view the SQL injection with the full URL (comprehensive of the query string).

Is there a way to see it?

Minemeld stuck after reboot

I deployed serveral times Minemeld and everything is running fine. But when I reboot Minemeld I got stuck in the boot procedure. 

First it hangs for 120 seconds:

Cloud-init-nonet[14.62]: waiting 120 seconds for network devices.

after 120 seconds:

St

Global connect client connected but no IP address assigned

I have this odd situation, global connect client successfully establish the connection with portal but in network area there is no IP address on virtual PAN network card. This is only happening with new users. Old users seems to have no problems.

I Ha

External Block List for matching objects in security and decryption policies

Hi,

We have few use cases around dynamically block list (dynamic update for us) however we would like to use it to identify and "allow" apps rather than "block". Considering it is just a group with objects which are dynamically populated based on url

Trusted MFA Gateways

What to type? What format? The doc doesn't say...

I'm testing MFA in non-http traffic, and have enabled "Inbound Authentication Prompts from MFA Gateway"

But what to type here:

In Trusted MFA Gateways, specify the list of authentication gateways a Gl

Issues with Group Mapping

Hello,

We just recently moved to PA-500 and we are running 7.1.6. I was able to successfully add my LDAP to my group mapping however when I try to select my security groups instead of showing "Domain\GroupName" it is showing the AD distinguished name

Captive portal Redirect not working for some android devices.

Hi,

I have captive portal setup in guest zone .The setup is working fine for some mobile devices (android) and laptops where the users are presented with captive portal login page once they try to browse inernet. Some mobile android devices are facin

Clientless VPN - pass creds to applications

Hello,

one of our customers want to use PA as SSO for their applications.

Have you any idea if it is possible ?

We can use Kerberos or LDAP for clients authentication to PA but what about pass it to the application ?

Palo Alto Networks Firewall detected a url that i havent visited

Myself sai, working as cyber threat analyst. When I am working on one issue, I have checked the risk report of the url - www.weddingsonthefrenchriviera.com in Virustotal, IBM X-force website, URL Query. However in palo alto web interface it is showin

Global Protect - Minimize Panel

I'm working on a pre-logon configuration for GP. After it connects, the panel maximizes. Is there a way to keep the panel from maximizing without removing the app from the system tray? I don't want users having to close the window after it connects.

T

Global Protect Commit Warning

Hi,

I'm getting a slightly perplexing commit warning from Global Protect. I am using almost entirely defeault settings for the Portal Agent, so I'm not entirely sure what this warning is pertaining. My only guess is its referring to the setting I hav

HA3 Port Link Monitor Yes or No

Hello, 

Would it be best practice to monitor the HA3 port in Link Monitoring, or is that something the PA would be doing anyway, as its a HA link?  

Thank you,