About Alex_Gomez

The setting that you are looking for is " User Switch Tunnel Rename Timeout" which can be found at: Network > GlobalProtect > Portal > [portal_conf] > Agent > App ->  User Switch Tunnel Rename Timeout   See:  https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-portals/define-the-globalprotect-client-authentication-configurations/customize-the-globalprotect-app.html for additional details. ... View more

HI,   We are currently working design to use Azure as DR site. We stuck at the connectivity from our remote sites to Azure as all our remote sites are having ADSL connections with dynamic Public IP address which is not supported by Azure VPN Gateway.    We through for using Palo Alto firewall at Azure for on-premise connectivity but after looking at this discussion we have to rethink for that.   Can someone advise the best way to go? Alternate option is we can migrate our ADSL connections to Managed ADSL connection on which we will get single static public IP address, however additional operational cost involve in this option we are keeping this as a last option.   Thank you.  ... View more

@Jamiefitzgerald  Any update on why we are only seeing half the information in Slack? ... View more

Hi to All,   Has some found a solution for this ?  I managed to make my 3cx receive and dial calls with success but cannot make the mobile app work. 3CX firewall always gives fail for the full cone nat. Thanks in advance ... View more

Thanks for sharing the policy files.   Dennis ... View more

That explains why it's needed before running the check-in command.    Can I request that the cytool runtime start command matches the Windows equivalent? Adding all to the macOS side drives me insane! ... View more

You can use any virtual machine with at least 3 interfaces (max 😎 provided the virtual machine meets the minimum requirements: https://www.paloaltonetworks.com/documentation/80/virtualization/virtualization/about-the-vm-series-firewall/vm-series-models#_95869   Once deployed, you can change virtual machine size by shutting it down and selecting a new size. ... View more

Hi,   yes the FW can ping the Server (through the Management Interface, which is on the trusted Zone). All S2S Traffic from on premise to Azure works well, just forced tunneling from azure to the Internet is stuck.   Same as with ping. Capturing the Packets shows the reply doesn´t get back to the Server, so no Handshake is established. In Traffic Log, the request "ages-out". In Session Browser all looks fine. The "Traverse Tunnel" Flag is set "true". Maybe I didn´t understood you correctly, what do you mean by "how Palo sees this session" ?   ... View more

Is your IIS BitsUploads configured? Agent use it to send Wildfire samples to ESM.      Regards, Paulo Raponi ... View more

Hi @Willian   I'm using    Scenario 2: Internal and External FQDNs are different  i.e esm.int.acme.com and esm.ext.acme.com. it then resolves to the internal and external IPs.   I will give that a go..   thanks ... View more