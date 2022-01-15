ContributorsPublishersAdvertisers
Max GP Users showing 250 in PA440

By SubaMuthuram
paloaltonetworks.com
 4 days ago

We are able to see only 250 max users...

live.paloaltonetworks.com

paloaltonetworks.com

Palo Alto Test Pages - Inconsistent Results

I noticed that the Palo Alto test pages for 'newly-registered-domains' and 'command-and-control' do not block when copied from a chat window or manually entered into a web browser. However when I directly click the link on the Palo Alto test pages for 'newly-registered-domains' and 'command-and-control' they do block. This does not appear to apply to the other categories I have tested thus far. All.
PALO ALTO, CA
paloaltonetworks.com

Downgrade from 9.1.12.h3 version to 9.1.9

I have decided to upgrade my Palo Alto 850 from version 9.1.9 to 9.1.12.h3 but after the secondary Palo Alto upgrade facing an issue where interface are not getting up so my team decided to roll back to version 9.1.9. Should my configuration completely wiped out if i downgrade my device ? or if no then what are the precaution i have to take for downgrade procedure.
COMPUTERS
paloaltonetworks.com

Using XDR Host Insights and XQL to report of machines with specific software

I would like to use host insights to provide a list of each machine with a specific software installed. For example computer that have software containing 'docker'. I can go to host insights, Applications, filter to include 'docker' and see the versions and numbers of assets. however you cannot export the lost of each asset here, just the versions and numbers.
SOFTWARE
paloaltonetworks.com

Unable to connect Global Protect VPN

All our users are able to connect to our PA220 using Global Protect VPN except one. We've tried reinstalling the Global Protect client multiple times and also connected successfully using their account from another computer, but it just refuses to work on his. 5 REPLIES. yesterday. @Jason.T,. What's the actual...
TECHNOLOGY
#Palo Alto
paloaltonetworks.com

IPSec tunnel to Azure - Strange issue

I have an active ticket with PA but struggling to get through to anyone atm. We have recently made some routing changes and moved the Azure IPSec tunnel from an SRX to a PA. The tunnel came up fine but we are having a weird issue with RDP. It's like the tunnel is only allowing so many sessions across. Some users have to try about 10 times to get RDP to work. When RDP fails there is no sign of the traffic in PA logs so it's like its not leaving AZ. System/VPN logs look fine. Ping and traceroutes from both side are fine as well.
TECHNOLOGY
paloaltonetworks.com

Acceptable packet loss over Global Protect VPN?

I was just wondering if others suffer from packet loss over their GlobalProtect VPN connection which has any impact on the connection or applications? We use a financial package that has a fat app on the endpoint and connects back to an SQL db on campus. This app doesn't deal with packet loss very well and bombs out every now and then. We can replicate this onsite as well.
TECHNOLOGY
paloaltonetworks.com

Panorama rest-api edit security policy post rule - 400 Unexpected here

I'm writing a python script to change the security profile for any security policy rule that is using that profile (very tedious to manually click through hundreds of policys via GUI). Panorama rest-api is always throwing a 400 response to me:. URL query parameters and response:. location=device-group&device-group=firewall-fw&name=rule-test. {"code":3,"message":"Invalid Object","details":[{"@type":"CauseInfo","causes":[{"code":12,"module":"panui_mgmt","description":"Invalid Object:...
SOFTWARE
NewsBreak
Technology
paloaltonetworks.com

PANOS 9.1 know issue PAN-83610 network processor

In rare cases, a PA-5200 Series firewall (with an FE100 network processor) that has session offload enabled (default) incorrectly resets the UDP checksum of outgoing UDP packets. Workaround: In PAN-OS 8.0.6 and later releases, you can persistently disable session offload for only UDP traffic using the set session udp-off load...
COMPUTERS
paloaltonetworks.com

Green Horizontal Bar in PanOS 10.1 GUI

I just started noticing this horizontal green bar appearing between the yellow and blue fields on the header in PanOS 10.1. Does this mean anything? It's not present all the time. The red dot in the screenshot was accidentally painted on by the snipping tool.
TECHNOLOGY
paloaltonetworks.com

Any idea of how to get a vmseries licensed in Azure after install?

I just installed a new vmseries to start using our FLEX licensing and am finding that there is not much out there with regards to what next. I have no idea what to do next as the machine has no serial number and all that I can do in the support portal requires one.
SOFTWARE
paloaltonetworks.com

Global Protect AutoVPN and Windows 10 Login Screen

Global Protect AutoVPN and Windows 10 Login Screen. When I login to my laptop computer - underneath my user name for sign in SOMETIMES is the status. message: GlobalProtect Status: Connected (and under it the name of the GP portal/gateway.) But at other times I see no such message or...
TECHNOLOGY
paloaltonetworks.com

Global Protect Client and Intune Security Baseline

Greetings PAN community. Hoping to find someone that has seen this issue already so that I can move forward with my implementation of Intune Baselines. We use Configuration profiles at the moment to manage our fleet where we use the Global Protect client for vpn and OKTA for MFA to complete the connection. I have a test group set up in Azure to test the functionality of our endpoints using the Nov2021 Microsoft Intune baseline. Upon applying the Intune baseline policy to the test group, Global Protect fails to make a vpn connection. A window pops up states: "script error" LIne: 8 char: 3 error: Access is denied code: 0 ---- Then at bottom of window asks if you want to continue running scripts. Regardless of choosing yes or no, another window pops up with "global protect" in top bar but the entire rest of window is blank. While this window is up the GP client says it's still connecting. It looks as if the blank window might be a screen to enter credentials, but it's blank.
SOFTWARE
paloaltonetworks.com

A Comparison: Cloud Secure Web Gateway (SWG) in Prisma Access vs. web proxy appliances

It’s time to retire your hardware-based web proxy appliances and modernize your security infrastructure in the cloud. Download this infographic to quickly see the benefits you’ll realize when you deploy the Cloud SWG capabilities in Prisma Access, including:. Consistent security against web- and non-web threats. Exceptional user experience...
COMPUTERS
paloaltonetworks.com

vm-series on azure - failing to start

Anyone have luck deploying a standard vm-series in Azure lately? Hitting the mgmt interface with a web browser will sometimes (most of the time it doesn't respond) display the following: "ATTENTION A critical error has been detected, preventing proper boot up of the device..." Have tried multiple times to get this to deploy on bundle 2 and keep seeing the same thing. I really need to spin one of these up but I can't for whatever reason. Tried emailing support but it was a dead end. Thanks for any assistance.
SOFTWARE
paloaltonetworks.com

GlobalProtect - Azure AD SAML Integration - Login inconsistent

We have Azure AD setup and running with the Palo. It works....sort of. The issue. When using Microsoft Edge (chromium/latest version) as the default browser, when global protect goes to connect, the login will just hang on trying. If you click on "click here" after the one of the authentications on the screen, the vpn will authenticate.
SOFTWARE

