Network Security
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to all things Network Security.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Network Security
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to all things Network Security.

Browse the Community

Next-Generation Firewall Discussions

Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

1597 Posts

VM-Series in the Public Cloud

The VM-Series is the virtualized form factor of the next-generation firewall. Use this discussion as a resource to discuss VM-Series deployments across public clouds like AWS, Microsoft Azure, Google Cloud Platform, Oracle Cloud, and Alibaba.

709 Posts

VM-Series in the Private Cloud

Use the VM-Series form factor to safeguard Private Cloud deployments. Use this forum to discuss deployments from VMware ESXi, VMware NSX-V, VMware NSX-T, KVM, Nutanix, Hyper-V, Openstack, and Cisco ACI.

111 Posts

CN-Series Discussions

CN-Series is the Palo Alto Networks' container native version of the ML-powered Next-Generation Firewall designed specifically for Kubernetes environments.

16 Posts

AIOps for NGFW Discussions

This forum is to ask questions, provide answers, and troubleshoot queries related to Palo Alto Networks’ AIOps for NGFW, the industry’s first AIOps solution for Next-Generation Firewalls.

157 Posts

Panorama Discussions

Post discussions about Panorama, a centralized network security management solution for all your Palo Alto Networks firewalls irrespective of their form factors or locations, in this forum.

723 Posts

GlobalProtect Discussions

GlobalProtect discussions offers topics about our network security for endpoints that protects your organization's mobile workforce. This area is dedicated to GlobalProtect discussions to help you answer questions.

1675 Posts

Strata Logging Service Discussions

Strata Logging Service (formerly known as Cortex Data Lake) enables AI-based innovations for cybersecurity with the industry’s only approach to normalizing and stitching together your enterprise’s data. Join the discussion now.

33 Posts

AI Runtime Discussions

Welcome to the AI Runtime Security discussion area! Here, you can engage in conversations about AI Runtime Security, explore new insights, and stay updated on ongoing discussions.

5 Posts

Strata Copilot Discussions

Welcome to the Strata Copilot discussion area! Here, you can engage in conversations about Strata Copilot, explore new insights, and stay updated on ongoing discussions.

8 Posts

Web Proxy Discussions

Welcome to the Web Proxy discussion area! Here, you can engage in conversations about Web Proxy, explore new insights, and stay updated on ongoing discussions.

17 Posts

Advanced SD-WAN for NGFW Discussions

Welcome to the Advanced SD-WAN for NGFW discussion area! Join us to discuss field topics, address customer and field concerns, share suggestions, community recommendations, new feature requests, or exchange best practices and design ideas.

19 Posts

Strata Cloud Manager

Strata Cloud Manager is our AI-powered solution that enhances network security management, prevents disruptions, and simplifies operations across SASE and NGFW platforms. The names for AIOps, NGFW, Prisma Access, and SD-WAN have been updated to Strata Cloud Manager in the product UI.

65 Posts

Quantum Security Discussions

Palo Alto Networks customers can now start to protect their encryption from the threat of Quantum computers, by migrating to Post Quantum Cryptography (PQCs). Ask your questions or provide insightful answers in the forum specific to Post Quantum Cryptography.

1 Posts

Cloud Identity Engine Discussions

Cloud Identity Engine is the industry's first cloud-native identity synchronization and authentication service providing a single, secure user identity across Palo Alto Network's on-prem and cloud product lines.

41 Posts

Activity in Network Security

IPSec Dynamic Peer VPN, failure to send traffic over attached tunnel interface

Is anyone aware of a known issue with sending traffic over an IPSec tunnel interface when using multiple dynamic peers with FQDN (host) peer identification? I have multiple existing branch locations connected to the PA with IKEv2 IPSec tunnels using dynamic FQDN (host) peer identification from Cisco branch routers. Up to now it has worked fine...

Azure - Palo Alto

During deployment from the Azure Marketplace, we are encountering an error indicating that the selected offer (vmseries-flex, bundle2-gen2) is not available for the current subscription/region. -Microsoft has confirmed that this is not a platform issue but requires publisher-side (Palo Alto) configuration and entitlement update. need help

Global protect with LOOPBACK Interface

GlobalProtect Agent Connection Failure with Custom Port (23590) - Loopback Gateway Issue I have a Palo Alto NGFW (public IP: 80.75.164.100) connected directly to the internet with a DNS record (vpn4.example.com) pointing to this IP. I’m trying to configure GlobalProtect Agent to connect via a custom port (23590) instead of the standard port 443,...

m.waked by L0 Member
  • 171 Views
  • 1 replies
  • 0 Likes

I see a log indicating that the number of hints exceeded 5,000 after the OS upgrade.

Hello Team, After upgrading the OS (11.1.6-h10 -> 11.1.13-h7), hint-related logs are appearing in the system logs. I am aware of the cause. I am not using Panorama, and the log forwarding profile has "Panorama" checked as the forwarding method, with this profile applied to the policy. However, despite having the same configuration, hint-r...

SangHoonLee_0-1782434882221.png

Facing issue in application access & health status shows as down in Prisma ZTNA Connector.

The private application hosted on AWS behind an Application Load Balancer (ALB), and the ZTNA Connector is also deployed within the AWS environment. We configured the application FQDN in the ZTNA Connector however, the application status remains in a DOWN state. To address potential DNS resolution issues, we added the internal DNS servers ip in ...

On-Prem Firewall & Cloud Identity Engine for SAML GP

Hi folks, I have a question regarding GlobalProtect authentication using SAML and Cloud Identity Engine (CIE). Current setup: Users authenticate to Prisma Access using SAML. The Identity Provider is Microsoft Entra ID. Cloud Identity Engine (CIE) is already integrated with Entra ID and working successfully for Prisma Access users. What...

GP 6.2.8-C982 causes popups on Windows, no Release Notes?

We just rolled out the latest 6.2.8 update (previous version C948), and since it's been installed, users repeatedly get certificate confirmation popups to connect the client. The previous client version never did this, the popups are not just happening on initial connection, but multiple times as users tabs around applications. Is this a known i...

M.Studte by L0 Member
  • 398 Views
  • 1 replies
  • 0 Likes

Out of Snyc configuration after successfully push from panorama to managed devices.

Hi everyone, i have uploaded certificate from templates panorama and i already commit and push to managed devices, but we have an issue after successfully commit and push to managed devices, template status out of sync on the panorama>Summary. we already check on the local firewall, the certificate there is on the firewall. i have tried to ...

Active Active HA Out of Sync due to invalid interface address commit failed.

Our customer has 2 PA-3420's running in Active Active HA which are currently out of sync. All criteria on the HA widget matches across the two devices. When we attempt to sync to peer from the active-primary we get a commit failure on the active secondary stating: invalid interface address XXX-XXX-XXX-XXX-30(Module: routed) client routed phase 1...

Resolved! GlobalProtect 6.3.3-1016 Failed to Open File Mac M3 Pro (Apple Silicon) macOS Tahoe 26.5.1

There are issues connecting to my Employer's VPN using GlobalProtect 6.3.3-1016 application.Where as an older version which we have (v5.2.10-6) is working fine.PanGPS.logP1190-T8523 06/18/2026 17:49:05:145 Debug( 200): WAIT_TIMEOUT P1190-T8523 06/18/2026 17:49:05:145 Debug( 733): HipMonitorThread quits. P1190-T16643 06/18/2026 17:49:13:656 Inf...