Clientless VPN and Remote Desktop

I have a question about clientless VPN and Remote Desktop.

We have a Global Protect portal, but we only use it with the client. I have a new project to provide remote access via RDP to an internal windows computer for a select user. I've never done

hardware bug leading to a power failure after upgrade

Hello community!

I was informed by some customer that few months ago was dealing with a hardware bug present on the PA-5220 platforms, which could lead to a power failure after the firewall upgrade and render the hardware out of order.’

Is anyone

P1: P2P Link Primary – Require Failover to IPsec Tunnel on Link Down

Dear Team,

I have two Site and both site we are Palo Alto 440 firewall and P2P link and IPsec tunnel configured.

P2Plink configured PBR.

Priority 1 is P2P link and Priority 2 IPsec tunnel 

Priority 1 is P2P link and when the P2Plink go down need

Header Insertion doesn't work

Hi,

I try to enable HTTP Header Insertion to allow only my company's domain. I see the header insertion in the logs, but I got an error:

This account is not allowed to sign in within this network.

Please talk to  your network administrator for mo

About upgrade an HA configuration

Hello Team,

Standalone PAs can be upgraded by skipping multiple versions starting with 10.1.

Is this skip feature supported for HA?

I checked the documentation, but I couldn't find anything that clearly stated that it was supported in an HA con

Dos Policy Value Finetune

Hello,

We are currently using PA-3420 appliance & we have configured DOS Policy with default values, which is as below:

Action

Current Value

Alarm Rate

10000

Activate Rate

10000

Max Rate

40000

Block Duration (Sec)

300

We have feteche

Single interface failing LACP negotiation after PAN-OS update

I'm having an issue with a single interface in an aggregate bundle failing LACP negotiations after updating one network's firewalls from PAN-OS 10.2.13 to 11.1.6.

I have two separate networks (Network A and Network B) each with two PA firewalls in Act

Failover whilst HA2 link is down?

Hi!

We have two PA440 in A/P HA. We have HA1, HA1 Backup, HA2 and HA2 Backup configured.

We are planning on eliminating HA2 Backup to gain one extra interface and we were wondering which would be the downtime if (for some very unlikely reason) our mai

UserID Redistribution Filters working weirdly

Hi there

I have a customer setup with a central "Hub"/HQ-Firewall (Pair) and a lot of smaller "Spoke"/Site firewalls connected via S2S Tunnels. Each Site and the HQ have local AD DCs and UserID-Agent Server to collect User/IP-Mappings locally. Also in

Upgrade 5450 to 11.1.6h10

I am currently on 10.2.10-h9 going to 11.1.6h10 (preferred). Has anyone experienced any issue with the new release on 5450 FW? 

In the past I upgraded to 11.1.4-h7  and it went horribly BAD. Not the upgrade process but that release 11.1.4-h7 has b

BFP with OSPF graceful restart causing outages during failover

Dear community!

In a active/passive configuration with OSPF graceful restart and BFD enabled, when we do failover we experience a downtime 1 minute after the failover and it takes about 10 seconds to be fixed.

Checking the logs it looks like the fi

About BUG PAN-226361 for PA-820 device running version 10.2.10-h9

Hello
I wanted to ask you a question about a problem I just encountered, I have seen the BUG PAN-226361 reproduced in the PA-820
equipment is in version 10.2.10-h9 and yet this BUG has been corrected in the hotfix 7 of the same version, does anyone kn

Paloalto firewall google drive blocking -- quic based problem

Hello,

We are experiencing an issue with blocking Google Drive access through Palo Alto Firewall despite applying several mitigation steps.

Current Setup:

• SSL Decryption is enabled and functioning.
• Security policies and URL filtering are configured to bl

MItre ATT&CK Mapping for Palo Alto NGFW

Hi Community,

I am wondering if there's available Mitre ATT&CK coverage for types of data sources that a Palo Alto NGFW is mapped to?

Subject: GlobalProtect Connection Issue After SSL/TLS Certificate Renewal

Hello Team,

We’re currently experiencing an issue where GlobalProtect is not accessible after renewing the server certificate associated with the SSL/TLS profile used by our GlobalProtect portal.

Error message:
GlobalProtect: Connection Failed. The ne