About Remo

Hi @mzharfan   Is there a user only "trying" to log in or is one of these 3 messages a successful login event? The explanation for these fields you also find here: https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os/user-id/configure-user-id-to-monitor-syslog-senders-for-user-mapping#_81430   So for this example I assume the first is a successful login event: Event string: 9.9.599.1.3.1.1.1.0 Username prefix: .9.9.599.1.3.1.1.27.0 = STRING: " Username delimiter: " Address prefix:  IpAddress:  Address delimiter: \s   Or the whole thing with regex: Event regex: (9.9.599.1.3.1.1.1.0){1} Username regex: \.9\.9\.599\.1\.3\.1\.1\.27\.0\s=\sSTRING:\s"([a-zA-Z0-9\\\._]+) Address regex: IpAddress:\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) ... View more

Hi @JacobVela   As you can see in the release notes ( https://www.paloaltonetworks.com/documentation/80/pan-os/pan-os-release-notes/pan-os-8-0-release-information/associated-software-and-content-versions#_67758 ) the minimum (official) supported global protect agent version is 4.0 with PAN-OS 8. Of course you could try older versions, in the best case it will work but without newer features, but in case of problems your on your own and palo TAC probably will not help because you have an unsupported situation.   Regards, Remo ... View more

This is not unusual this sounds very strange... Sorry for the question, but are you sure that there is no typo in the IP address of that subinterface? And did you enter the IP address maybe without a subnetmask or with the wrong one? If you checked these things, what PAN-OS version is installed and could you may be share a screenshot of the actual routing table or at least check also there how it does look with and without this stub-route? ... View more