About Jatin.Singh

We are connected via Global Protect are having issues where the session gets disconnected overnight. Is there a way to override this setting only for one user ? Does below settings change will affect all users     We are using split tunnel.   Could you please advise if any workarounds can be made ? just to keep the heart beat active at least ?   I am reading here that only way to achieve this is to create a new GP portal    https://live.paloaltonetworks.com/t5/general-topics/globalprotect-timeout-only-for-one-user/m-p/100943#M44327 ... View more

Can we disable the global protect portal & gateway and reactivate it whenever we needed it instead of deleting it entirely?   We are using 9.1.3 ... View more

We have ClearPass integrated to Palo Alto. ClearPass sends user-id to the firewall upon successful authentication. Customer is experiencing an issue where the laptop (on wireless) would fail to access Internet at re-authentication.   There is another client device that is login with the same user-id. I think the question here is with user-identity, does PA allows a one-to-many (one user-id to multiple IP) relationships???   Also we see the ClearPass re-authenticating the user and it is successful. However, we do not see the corresponding timestamp re-authentication appearing on the PA. The timeout wasn’t reset back to 9 hrs (as configured in the global setting). Is that normal?   In the screen capture seen below for today, I had restarted the wireless at 9.16am. But there was no user-id mapping for the IP address. You can see there is a close correlation on the PA at 9.17am. I did a second restart of the wireless on the client at 9.24am. There was a user-id mapping and it was able to access Internet. The timestamp on PA was at 9.24am. However, at 10.01am, it appears there is another successful mapping of the user-id to IP on the PA but there wasn’t any re-authentication on the ClearPass.     ... View more

Our GlobalProtect VPN was using a self-signed certificate which got expired caused end users not being able to connect to the VPN. This raises the question that what are the ways to get alerted for these sort of incidents. Is there any in-build mechanism on the firewall or the Panorama that we could use to get notified of the Certificate Expiry incident before happening? Thanks   Model: PA5020 ... View more

For all the websites, the recpatcha seems to give an error but works when we keep trying. We have tried different browsers and machines and seems to be same issue. We isolated bypassing palo alto and seems to work correctly.   Can this be a issue related to Palo alto?   Below are the website that they use for the recaptcha http://patrickhlauke.github.io/recaptcha/ https://www.google.com/recaptcha/api2/demo https://urlfiltering.paloaltonetworks.com/query/             ... View more

We have set Disconnect on ideal for 20 min and we have tried to log off from the PC and login after 20 mins and GP is still connected,what could be the issue.   Inactivity logout seems to work after 2 hours   Palo version 8.1.13 GP- 5.1.1   ... View more

For the last few days, we have been trying to import firewalls into Panorama and have not been successful at it.   Panorama firmware is 9.0.7 Palo Alto firmware: 8.1.13   Description of issue: During the importing process, I was able to extract the configs from PA firewall onto the Panorama. However, when I tried to commit the configs back to PA firewall from Panorama. The commit would fail, and the reason for the failure is because there’s missing IP addresses in ‘Objects’.   Following is the commit error   rulebase -> nat -> rules -> AESG-DNAT-P157-2 -> destination 'Host_13.55.26.51-32' is not an allowed keyword     rulebase -> nat -> rules -> AESG-DNAT-P157-2 -> destination Host_13.55.26.51-32 is an invalid ipv4/v6 address     rulebase -> nat -> rules -> AESG-DNAT-P157-2 -> destination Host_13.55.26.51-32 invalid range start IP     rulebase -> nat -> rules -> AESG-DNAT-P157-2 -> destination 'Host_13.55.26.51-32' is not a valid reference     rulebase -> nat -> rules -> AESG-DNAT-P157-2 -> destination is invalid   Error: Failed to find address 'Host_13.55.26.51-32'     Error: Unknown address 'Host_13.55.26.51-32'     Error: Failed to parse nat policy     (Module: device)     Config 'AGENT-CONFIG':     GlobalProtect App Dynamic Configuration misses information for 'show-system-tray-notifications'.     (Module: sslvpn)     Commit failed   it seems like the problem is with the missing objects during the importing process. As an example, the total amount of addresses on the firewall is 490. However, we can only see 460 after the configs have been copied over from Panorama to the firewall.   We have also tried adding  Host_13.55.26.51-32' manually to panorama as a shared object but still cannot commit    we did upgrade our Panorama firmware recently from 9.0.4 --- > 9.0.7. And our firewall firmware from 8.0.13 -> 8.1.13 ... View more

One of our client is getting previous week’s report on Weekly report emails. We have modified the dates of the report but this does not change thing.   Checking to see if there is any other setting changes we can perform?   It is a Weekly Activity report with: Top 10 users & Top 50 Application   We also made changes to it from "last calendar week" to "last 7 calendar days" but still receiving  last week report   Followed this KB -  https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClvuCAC       Please see config below   ... View more