Issue connecting to GlobalProtect with public wifi

Hi guys,

I'm at a coffee shop and using their public wifi to connect to my company GP VPN. I was able to enter my credentials and MFA. The GP showed that I'm connected, but I'm not able to connect to my company's local stuff and can't browse the inte

upgrade path

Greetings,

I am currently running 10.2.10-h3 and looking to go to 11.1.4-h7.

I understand I need to pre-load but not install 11.1.0 - correct?

I am also running sd_wan 3.0.3 and am contemplating going to 3.3.2.

My understanding is the upgrade path

Global Protect software interoperability

hello all

I am trying to understand the behaviour of the GP software after a firewall upgrade 

for example what if the firewall is upgraded to software that is no longer compatible with the GP software 

Q will the GP software auto upgrade ?

Forward Proxy & SSL Inbound Inspection Certificate Comparasion

Hello,

1- The CA and Keys checkboxes in the Certificates section of Palo Alto Firewall should always be selected? respectively the certificates used for Forward Proxy and SSL Inbound Inspection should always have CA selected and Keys imported?

2- We us

Prefered version

Hello,

Could you please confim the preferred version that integrates the November 18, 2024, security fix for the Palo Alto 3220 appliances ?

Thank you.

Software Version 11.1.5-h1

Hello,

We are experiencing packet loss, and the IPsec tunnels are going down on the following version and model:

• Software Version: 11.1.5-h1
• Model: PA-1420

After restarting the firewall, it resumes normal operation.

I want to know, this version is

Recent 0-Days (Watch Towr Labs findings)

We have been a client of Palo Alto's for years, but given this report and the recent 0 days are not as committed to staying with the company in the upcoming refresh.  Has their been any guidance from Palo Alto on how they intend to address, what appe

Panos 11.1.4-h1

Hi All.  I am a novice admin to PANOS so not too technical.  Basically we did a firmware uplift from Panos 11.0 to 11.1,  this worked fine.  We then started uplift and upgrade Panos 11.1.4-h1 however the install seemed to error and close screen (se w

40G ports flap in PA 3430

Hi, 

We are facing uplink issues between PA 3430 40G to Cisco Cat 9407R VSS.

Tried the below,

distinguish and segregated ssh and sftp traffic

I have a requirement wherein ihave to allow the ssh access to few admins and sftp access to users all sitting in the subnet. How i can apply and allow since both works on port 22.

Thanks

Ansible Galaxy - panos - not ready for advanced routing

When will the Ansible Galaxy be ready for advanced routing? For instance on the module: panos_interface there is no option to choose the Logical router, only virtual router.

Citrix (Terminal services) UserID Deployment

Hello everyone,
I would like to deploy UserID Terminalservices Agent in a Citrix environment.
There are approx 30 servers deployed from the same Master Image.
I have TA successfully running on dedicated (non-Citrix) Terminalservers with Certificates gen

Prevent bypassing captive portal?

We are in an environment where we have captive portal (with MS SSO) but users are able to get around the authentication redirects via VPN.

We'd like to ensure that the only traffic that is allowed by unauthenticated users on this network is traffic

Palo Alto DHCP Relay Stops Working After Reboot

After rebooting the firewall due to a power activity, we noticed that the DHCP relay stopped working. We could see the DHCP Discover and Offer messages in Wireshark, but the firewall’s DHCP relay did not seem to function properly.

The firewall was ru

Monitoring Palo Alto VPN IPSEC tunnels on PRTG

Hi,

Our company recently acquired new Palo Alto PA440 and have set up VPN IPSEC tunnels (both Ikev1 and ikev2).

We currently need to montitor thise tunnels efficiently using PRTG to be alerted in case one of the tunnels go down.

Can anyone who did th