Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4625 Views
  • 0 replies
  • 1 Likes

SCM management routing mode change failed

Hi, I’m trying to manage PA-460 from SCM, but I still get error, even after a factory reset. The firewall still disconnects and cannot complete bootsrap process, but SCM receive telemetry data. I also try to change [routing mode] to advanced routing, same result. PAN OS version is 11.1.6-h3 (preferred) Strata cloud management essential No str...

JTurcotte_0-1745857522021.png
JTurcotte_1-1745857534120.png

IPSec Dynamic Peer VPN, failure to send traffic over attached tunnel interface

Is anyone aware of a known issue with sending traffic over an IPSec tunnel interface when using multiple dynamic peers with FQDN (host) peer identification? I have multiple existing branch locations connected to the PA with IKEv2 IPSec tunnels using dynamic FQDN (host) peer identification from Cisco branch routers. Up to now it has worked fine...

I see a log indicating that the number of hints exceeded 5,000 after the OS upgrade.

Hello Team, After upgrading the OS (11.1.6-h10 -> 11.1.13-h7), hint-related logs are appearing in the system logs. I am aware of the cause. I am not using Panorama, and the log forwarding profile has "Panorama" checked as the forwarding method, with this profile applied to the policy. However, despite having the same configuration, hint-r...

SangHoonLee_0-1782434882221.png

Global Protect is having issues with newer MACOS version.

Hi, I have problems trying to sign in some mac users that are running some SEQUOIA and TAHOE version, the only version that is working is 15.7.4 Sequoia version. It seems that the gl client is unable to authenticate. I checked in logs and it seems that the gp client is not able to open a .dat file 04/15/2026 17:06:14:954 [Info ]: Portal pre...

Out of Snyc configuration after successfully push from panorama to managed devices.

Hi everyone, i have uploaded certificate from templates panorama and i already commit and push to managed devices, but we have an issue after successfully commit and push to managed devices, template status out of sync on the panorama>Summary. we already check on the local firewall, the certificate there is on the firewall. i have tried to ...

Active Active HA Out of Sync due to invalid interface address commit failed.

Our customer has 2 PA-3420's running in Active Active HA which are currently out of sync. All criteria on the HA widget matches across the two devices. When we attempt to sync to peer from the active-primary we get a commit failure on the active secondary stating: invalid interface address XXX-XXX-XXX-XXX-30(Module: routed) client routed phase 1...

Bug fix clarification for PAN-321150

Just seen 11.2.10-h10 has come out and has bug fix PAN-321150 with a description "Fixed an issue where the interface remained down after an upgrade" I find this very unclear in what interface it is referring to. Anyone know how to look up the details of bug fixes as i can't see any where to do this.

Policy Tab Issue Persisting Across PAN-OS Versions

Hello All, The customer is currently running PAN-OS 11.1.15. This issue is reportedly addressed in this release; however, the customer continues to experience the same behavior. Issue Description: The issue is related to the Policy tab. The customer is unable to perform any policy management operations, including: Adding new policies Clonin...

Resolved! GlobalProtect 6.3.3-1016 Failed to Open File Mac M3 Pro (Apple Silicon) macOS Tahoe 26.5.1

There are issues connecting to my Employer's VPN using GlobalProtect 6.3.3-1016 application.Where as an older version which we have (v5.2.10-6) is working fine.PanGPS.logP1190-T8523 06/18/2026 17:49:05:145 Debug( 200): WAIT_TIMEOUT P1190-T8523 06/18/2026 17:49:05:145 Debug( 733): HipMonitorThread quits. P1190-T16643 06/18/2026 17:49:13:656 Inf...

Resolved! PA 445 setup

So i''m setting up a new site on our JAPAN site. I setup 2 PA 445 A/P. Both FW are setup and HA's are connected as well. The problem is the HA are not synch yet, the primary PA 445 is accessible remotely via both public ISP 1 and ISP2 HTTPS. The reason is i'm not moving yet the private MGMT IP under permitted list on interface MGMT for...

weezy_0-1776845884511.png
weezy by L3 Networker
  • 1267 Views
  • 6 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Liked Authors