Security policy not matching for CP authenticated LDAP users

Objective: Configure Captive portal for non-windows users to authenticate, but use AD credentials through LDAP authentication. 

Configuration performed.

1. LDAP profile, Group mapping settings, server monitoring. (test command authentication is  succe

Pangps service stop after system restart in windows 11.

Global Protect service not running after restart the machine. When i try to enable the pangps service i am getting Error 1053 error. I have done the below troubleshooting. This issue raises in Windows 11 only. 

1. Set delayed start

2. Changed option

Question on "default" VLAN Interface

This may be a stupid question, but is there a purpose for the default vlan Interface (named just "vlan") that gets created on network templates?  I have a couple of deployments that use vlan interfaces, but I noticed that the default vlan interface i

ChatGPT User-ID, AD and IP mapping issue

There is an issue with Palo Alto firewall which has to do with user IP mapping and AD. User is grated access via policy in the format source-user = corp\employee. After that's done, the user works fine today accessing ChatGPT but then the user is not

Logistics information PA-500 Series

Hello, I am looking for the following logistics information for PAN-PA-510, PAN-PA-510-OSS and PAN-PA-550-OSS:

PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

After installing PAN-OS 10.2.17 to a PA-440 HA A/P pair  ( to address - CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface . ) 'duplicate IP' system logs reported where the stated MAC address appears to be the fw m

Not able to log XFF (Actual Client IP) in PaloAlto Logs even when we enable XFF and URL filtering profile in Palo's

Issue Summary – XFF Not Logged on Palo Alto (Even With Decryption ON)

We are running a flow where AWS ALB inserts X-Forwarded-For (XFF) and the Palo Alto firewall performs SSL decryption + re-encryption:

Flow:

Client --> Internet --> AWS ALB (HTTPS) (

Duplicate DNS packets

I'm encountering and issue where we are seeing duplicate DNS (UDP) packets coming out of the palo to the resolving server. Specifically TXT records with multiple packets at the server (resolver) side vs. the normal request/response. At the client sid

Limit User-ID Agent queries to cerain Windows event-IDs

We have been using PA-User-ID Agent for years an it was working fine. The Agent is connecting to Domain-Controller Log and maps user-name and ip-address of successful logins for firewall-policy usage.

Yesterday we changed GPOs on the Domain Controlle

Performance impact of using higher DH group for site-to-site VPNs

“Clarification on the meaning and performance implications of ‘Integrated Crypto Assistant’ for PA-1420 IPSec VPNs”

Hi all,

I’m working with a PA-1420 appliance in a site-to-site VPN deployment and I’d like to better understand the hardware/crypto

Issue with allowing AnyDesk on a no-internet policy

Hey,

I have a need to block all internet traffic at a specific site.

I have created specific policies to allow needed services,

and at the bottom of the policy, I have added a drop all.

I have created a URL category for *.net.anydesk.com

and allowed

NGFW 1400 Series LACP / Failover issue (11.1.5)

This is a notification for anyone running 1420 boxes in a high-availability (HA) configuration in their environments >11.1.4. We recently encountered significant issues with our NGFW operating in HA mode. Specifically, the HA setup failed on the acti