About nnayak2

1. You can do this for a admin user from AD, as you can mention the source user as well as the source ip-address in the same security policy which I mentioned in my previous update. Here are the requirements for it - user identification needs to be enabled on untrust interface - AD needs to have the mapping of public ip-address and the user so that firewall can poll that information and map it to the security policy There can be some drawbacks too: - Firewall will try to talk to AD to resolve a name for any public ip-address coming on untrust interface. This is will be a very high process intensive and can also have lot of system logs of failed attempts 2. Firewall might not map a local admin user and its ip-address for access to the firewall itself. This can be a feature request which can be discussed with your account/sales team. ... View more

Hi Cosx, You can enable HTTPS and SSH on the public facing interface i.e. the untrust interface and specify the permitted ip-address as mentioned in below link. Allowing Specific IP Addresses to Access the Palo Alto Network Device To have another layer of security you can also create a security policy from untrust zone to untrust zone and specify which ip-addresses are allowed as source and also mention the HTTPS and SSH application. This helps if you have the intra-zone policy as block i.e. untrust to untrust zone as block. Thanks, Nitesh ... View more

Hi Dorsey, You can try restarting the management server as below. debug software restart management-server If it was working before then was something changed from certificate point of view? You can check if the certificate that you are referencing for portal page is still valid or not. Also check of the portal login page is enabled as below link How to Disable the GlobalProtect Portal Login Page Thanks, Nitesh ... View more