User ID firewall integration with mapping server or AD

Have to enable User-ID for corporates users. Not able to locate documentation around best practices for user id. for  example in my scenario.

we have one domain xyz.com with 50 domain controllers to monitor. we have winRM installed on all the domai

Error Index Protocol Error tlsv1 bad certificate status response. Received fatal alert BadCertificateStatusResponse from client

Hi folks, I'm using an SSL forward proxy policy and am getting this error:

GlobalProtect MFA with LDAP at Phase 1 and Okta Verify at Phase 2

Hello everyone,

I want to implement GlobalProtect with Multi-factor Authentication, with LDAP at Phase 1 and Okta Verify at Phase 2. Is it possible?

I have configured based on Palo Alto Document "Configure MFA between Okta and the Firewall" and m

DHCP Fail

Hello Community,

I have a FW with eth0 configured as DHCP client and it gets IP, no problem. But then I see lots of DHCP Fail system messages between lease renewals:

Are these normal?

Thanks!

PA-220 (A/P) Packet Buffer on DP filling up over time on passive Firewall

Hi There

We have two PA-220-ZTP Firewalls with PanOS: 10.2.3 and in Active-Passive configuration

On the passive firewall we see Packet Buffers on Data Plane filling up over time. The active firewall doesn't have this issue. I've just rebooted the p

drop icmp packets firewall interface

Hi guys,

I have 2 PA firwalls in HA, and since couple days, when i try to ping one firewall interface from a router(like 1000 ou 10000 packets) i got packets drops in icmp(2 to 3% loss packets)

Certificates duplicated from Primary to Secondary firewall in Palo alto

Hi All,

We have 2 Palo alto firewalls in HA mode (Active-standby).

Palo alto mode: PA-3220

OS Version: 10.1.6-h3

We create Unique certificates (for management, interdevice) in each firewall with hostname. After some time, the certificates in seco

SSL Decrytpion not working consistently on MAC's

We just installed SSL decryption ( not self signed) across our PANs. It is working fine with Windows workstations at office and at home. However, with MAC machines it is working inconsistently when at home and  connected to global protect.  Some site

PAN User-ID Agent

Hi All,

I installed User-ID Agent on the Windows DC, and it is working somewhat successfully. For some odd reason it recognizes the users from our domain but on the app's monitoring tab, where I can see the IP-User correlations, sometimes the users

Palo Alto - Active Directory SID

Hi team,

Is it possible to change the way Palo Alto links a group on AD? From CN to SID??

Cheers,

Internal users unable to access some banking URLs/Sites

I'm experiencing an issue with internal users unable to access some banking websites/URLs. Users can access these sites over the VPN (Global Protect) but can’t access these sites from the office/Internal.

I then created a URL Filtering category (ad

Phase 1 compromise impact to Phase 2

Hi,

I would like to know if IKEv2 phase ia compromise because of weak encryption in proposal, malicious user can access to all data sent across the VPN connection, which may include passwords and sensitive file ?

Or

Malicious user only know phase 1

PAN-OS 10.2 HTTP Log Integration with Google Chat

Hello!
I want to send webhooks from paloalto 5220 (panos 10.2) to google chat (about the commit). I found the following document https://live.paloaltonetworks.com/t5/log-forwarding-articles/pan-os-8-0-http-log-integration-with-slack/ta-p/172093.
But I

Receive errors on all traffic interfaces

Hi guys

I am a bit lost in our own network...... We have a PA-820 Cluster in active-passive mode. It is running for maybe 7 months now. Each firewall has 2 uplinks to our 2 core switches and 1 downlink to the access switch (with subcontractor on it).