About googol

I contacted support and them/PSIRT says they are not affected by this CVE. we'll see if they post something. ... View more

we also have had this problem too for ages, somehow seems to have resolved itself. We ended up having to give our Helpdesk VDI systems so they could run Active Directory no problems for supporting the users remotely when oncall since couldn't over VPN. Now that we are all remote these days, glad it resolved itself.   we debugged this for days with PAN TAC support, no dice. multiple packet captures, wiresharks, you name it   we debugged this with Microsoft support, they said its Palo Alto. We captured packets from the domain controllers and the client and the firewalls..   definitely was related to DNS at times and related to how they do their interfaces it seemed. We also were seeing traffic going out the wrong interfaces, thanks to Microsoft and their dual network send out packets, DNS was seen going both ways.   Really wish I knew what resolved itself, so I could share.   we are updated to v1903 of Windows 10, not sure if that changed anything, also running newer GlobalProtect v5.0.8 now, so those two changes we did since we last really debugged. We were on 4.1.x previously and Win10 v1709. ... View more

Its a work in progress, but they started having this data in PAN OS 9.1   https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-new-features/globalprotect-features/enhanced-logging-for-globalprotect.html#id13cfe4be-8017-410c-866b-c6d232fe0082 ... View more

We are also experiencing issues with SIP too and definitely seems to be related to RTP traffic   we are seeing some unknown-udp which via packet captures is RTP traffic, we are seeing PRED failures.   We upgraded from v8.0.13 to v8.1.6 and thats when it broke. I heard theres a hotfix for 8.1.7 thats supposed to fix things, but not rushing to install that at this time.   My video conferencing units support a NAT config, so been setting that up and turning off SIP ALG, along with app override which seems to have resolved our issues.   Our packet captures show SIP ALG translating, but dont think its doing all of them properly or not seeing PRED session types properly all the time (as opposed to FLOW),which is ALG.   I think there is also possibility of some app content updates that will fix some issues too, to identify and process RTP traffic better? ... View more

A quick search found this:   https://live.paloaltonetworks.com/t5/Community-Blog/DNS-Flag-Day-Are-You-Ready/ba-p/248284 ... View more

is it now 8.0.10? ... View more

We are in the same boat, we moved from ASA to GP, but I wish I made a stand to stick with AnyConnect. Our ASAs are aging, would have to justify buying new ones, but I could probably argue it and use their new 4.x client which is waves ahead of GlobalProtect.   If and when the user population complains more and some function or feature isnt there that Anyconnect has, we'll switch back.   Palo Alto also doesn't support VPN Phones such as Avaya, cisco of course does. Fantastic isnt it? ... View more

While it is not RSS, I receive email alerts from PAN when these come out. ... View more

Nope, told it was not supported by Palo Alto and that it is a feature request. From my understanding, bunch of people have voted for it.   Feature request #1844 --- Avaya IP Phones and VPN with PAN   Have your SE vote for it everyone!! ... View more

Thanks, we are still hoping for a UI graphical uplift, but some of the minor changes and consistency is nice. ... View more

I haven't paid too close attention, but we are blocking most downloads anyhow. I am still on 7.0.x so might be different than 6.1.x   Next time I have a chance, I will try to compare. ... View more

I am running 7.0.5-h2, use user ID and do user based decryption as part of a pilot for decryption right now. No issues here. ... View more

people been reporting their cores being pegged 100% cpu, so looks like you have that issue too. CPU cant process the dataplane and your bandwidth suffers most likely.   I am holding off on upgrading to 7.1.x sadly due to this issue and couple others =\ ... View more