General Topics

UIA user normalized issue

Hi,

We have 2 cluster firewalls with the same config for UIA and Group mapping.

If i look for an IP. show user ip-user-mapping all | match IP

I cant see a different behavior.

One cluster shows user as use@domain and groups where this user belongs -

SCIM directory only shows old user data when I change the new SCIM directory domain.

We previously had an SCIM integration with an old Azure AD tenant. Recently, we migrated to a new Azure AD SCIM connection, using the same user data (i.e., usernames and attributes remain unchanged).

However, we have observed that logs are still showi

Palo alto interface DHCP

I have configured DHCP on 4 interfaces, each DHCP on a different subnet. I connected each Palo alto port to a unique switch with the understanding that all devices connected to particular PA port will get ip addresses only from the corresponding DHCP

PA440 HA failover not working

I'm having an issue with a HA failover with 2 PA440s. When I finished setting up the HA for both firewalls the first time, I was not able to sync them, it threw me a strange error and after some research, I found documentation where it stated that I

Active-Active NAT Rule Binding

I can't find anything which goes into enough detail on Active-Active design around NAT and more importantly ARP.

The easiest way to explain the current deployment is as follows:

• Site 1 / Firewall A
• Site 2 / Firewall B

Each firewall is connected to uni

Zero-Trust Strategy for Prisma

Hi all

I have been tasked with providing a Zero-Trust strategy document to management, related to how to implemenet this on our Prisma Access solution. 

I am looking for some examples that I can pull from that anyone has done this already for.

I have

Python: panos opstate

I'm having tremendous success automating security policy updates with the panos Python library, but I'm currently stuck on obtaining the hit counts of rules programmatically. 

I'm able to access all attributes of the SecurityRule objects, but the o

Redistribution UIA not working...... INTERNAL ERROR

Hi,

I configured a PA in order to redistribute UIA mappings to another FWs. All the config is OK but its not working.

I can see this in the FW redistributing:

(active)> show redistribution service status

Redistribution info:
Redistribution service

Impact of deactivating HA configuration in Azure

I have a HA configuration in Azure.

I’m trying to deactivate the HA configuration. If we shut down the Passive side in the Azure portal and delete the VMs, what will be the impact on the Active side?

Configure SAML for GloblaProtect and use groups to filter

Hi,

I would like to configure SAML for my GP authentication and  I would also like to be able to assign IPs by user groups and configure rules for these remote users by user groups. 

Does anyone know if this is possible? how can match users received

Global Protect application blank screen

Hello Members,

Can anyone help me to solve the global protect blank screen issue on my PC, as for others it normally works fine.

I am using Windows 11 and I have already removed and re-installed the GP App but still it shows a blank screen and I

ACC not displaying

PANOS version: 11.0.3-h3

We are experiencing a recurring issue with the Application Command Center (ACC) on our Palo Alto firewall. Every 2–3 days, the ACC becomes unresponsive or stops updating properly. The only way to restore functionality is by m

Action of allow  but of Type policy deny

Hi

panos 11.2:

I am using SSL Inspection for all inbound traffic on my web sites.

Certain TLS connections with TLS inspection enabled did not work. Looking at the traffic log the connections shows an Action of “allow” but of Type “deny” with Sessio