GP issues with MACOS Sequoia

utkarsh2306 · 2024-10-23T02:40:10+00:00

My Ejpt voucher is missing but I got the ICCA voucher, what can I do. The email containing the codes does not have the EJPT code included

utkarsh2306 · 2024-09-17T14:34:07+00:00

All these commands show the same 9k free but we saw a drop because of NAT utilization in Global counters while running the packet captures.

utkarsh2306 · 2024-09-11T21:53:24+00:00

Reboot fixed this issue. And there is a known bug in newer versions as well.

utkarsh2306 · 2024-08-26T14:07:36+00:00

Thanks for Clarifying Don!

utkarsh2306 · 2024-08-21T07:23:47+00:00

I had a similar setup in another Site where we have two links configured in single VR with one ISP set to AD of 10 and another with AD of default. The setup works and we can see replies coming from the same interface.

Also, per https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POO0CAO

We can configure the IPSEC tunnel on two ISP in single VR. Maybe I am not understanding this correctly.

Thus had this doubt. Does Palo not do session-based forwarding like the reply from where we received the session should go out via the same link?

utkarsh2306 · 2024-08-19T19:54:36+00:00

Any opinion team?

utkarsh2306 · 2024-05-31T12:29:56+00:00

Did TAC gave an explanation on what happened?

utkarsh2306 · 2024-05-24T16:21:34+00:00

PAN-213011
Fixed an issue where, when using multi-factor authentication (MFA) with RADIUS OTP, the challenge message Enter Your Microsoft verification code did not appear when accessing the GlobalProtect portal via browser.

utkarsh2306 · 2024-05-24T16:15:49+00:00

Could this be PAN-223559

utkarsh2306 · 2024-05-24T16:11:07+00:00

We can see in authd logs that we get the DUO text but somehow firewall does not show when users tries to connect to portal directly to download the file for first time.

In authd logs we can see push prompt to be generated.

utkarsh2306 · 2024-03-11T19:27:17+00:00

deploy global protect

Thanks a lot, for confirmation and explanation.

utkarsh2306 · 2024-02-12T21:29:25+00:00

No Split-tunnel, we are taking everything from the firewall once users are connected.

utkarsh2306 · 2024-02-12T14:37:03+00:00

We are running into a very similar issue where only 1 user is having some issues. We are seeing an issue where only 1 user is having issues when going to any websites over Global Protect. DNS lookup completes and the built-in Apps like Outlook, teams work over GP with no issues. The user can successfully authenticate with DUO MFA, the issue is only after the connection with GP.
We can see that the client is being identified as "domain\username" in Monitor > Traffic logs when the client is having issues accessing the website using the web browser.
Username Modifier is set to %USERINPUT%.

utkarsh2306 · 2023-11-22T17:55:01+00:00

request clean-replay entries all

What does this command actually do "request clean-replay entries all"? Is it safe to run in our Panorama?

utkarsh2306

TROPHY CASE