This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4519 Views
  • 0 replies
  • 1 Likes

CIE(Cloud Identity Engine) Deactivated?

Could not understand why the CIE account was deactivated. It was setup to sync with Azure AD and one on-prem DC. And atleast one firewall was configured to use it. Is this caused by the 3 month certificates? Also are these certs meant to be renewed manually every 3 months? If so its very challenging to use CIE for on-prem infrastructure. Does...

image.png
raji_toor by L4 Transporter
  • 1378 Views
  • 0 replies
  • 0 Likes

Palo Alto Service Route config for Dynamic Update/Wildfire/IPS

Hi, What service source interface I need to change for IPS /Dynamic/Wildfire Update ? We want to configure custom interface instead of Management interface.Now I've configured custom source interface for "External Dynamic Lists" and "URL Updates" but the system still using management interface for IPS and Wildfire Update. Do I need to change sou...

EvanRaci_0-1681107358954.png
EvanRaci by L1 Bithead
  • 2655 Views
  • 2 replies
  • 0 Likes

Inquiry about Firewall Behavior at High Temperatures

I am writing to inquire about the behavior of the 5220 and 3260 Firewall series at high temperatures. Specifically, I would like to know what happens if the CPU temperature exceeds the critical threshold of 60°C for an extended period. I have a few questions regarding this: Will the firewall automatically shut down to protect itself after a cer...

Yassin.K by L0 Member
  • 1523 Views
  • 0 replies
  • 0 Likes

IP Block List Feeds

We're looking to add a dynamic block list rather than manually blocking bad IP's as we find them. I understand that Palo Alto comes with one or more of these feeds, do we know how often they are updated?Asking for a friend.

Resolved! Global Protect VPN User did Not Sign Out Automatically after Disconnected

Hi All, After we connected GlobalProtect VPN, the GlobalProtect Client App is not asking for username and password again for the next login. We need to manually sign out from GlobalProtect Client to completely logout the user. Is it normal for GlobalProtect Client App to still Sign in even after disconnected? Are there any way to configure at P...

EvanRaci_0-1680621682641.png
EvanRaci by L1 Bithead
  • 3543 Views
  • 1 replies
  • 0 Likes

how to stop sending duplicate user-ip-mapping by xmlapi

hello..we are using UIA and ClearPass (login/loginout type) to get user-ip-mapping. the issue is Palo Alto firewall is receiving duplicate user-ip-mapping. user-A (using) : 192.168.1.100 receiving from User ID Agent correctly. user-B(not using): 192.168.1.100 receving from XMLAPI incorrectly. user-B ip-user-mapping is sending periodically 45 min...

zinkt101 by L1 Bithead
  • 2300 Views
  • 2 replies
  • 0 Likes

Resolved! The traffics tab does not appear on the monitor.

Cordial greetings Engineers A PA-410 device with version 10.1.3 has arrived and we identified that in the monitor tab you do not see all the possibilities to see the FW logs (I attach image). Similarly, the device was updated to version 10.2.3-h4 but the behavior remains the same. Does anyone know the reason for this behavior?

Device Telemetry can't be removed/disabled from Panorama and/or local

We currently have difficulties to remove the Device Telemetry options in any way. it seems as this Options doesn't work as expected. This issue persisted across several Versions of PanOS / Panorama Panorama 10.2.2-h2 - When trying to remove the device telemetry options from the template stack the settings are still checked and a commit & ...

mattlede_0-1662714252725.png
mattlede_1-1662714278257.png
mattlede by L1 Bithead
  • 14817 Views
  • 15 replies
  • 1 Likes

Operator STRATA reference

Hi team, Thé number 1 operator in the region I cover is looking to change all his FORTINET firewall (1800F) with PALO NGFW. To justify the move they need some use cases from palo customer that are in the same sector. Where can I find operator customer that are using our HW NGFW and that can share some detail about their usage/efficiency compared...

cnaudin by L0 Member
  • 1138 Views
  • 0 replies
  • 0 Likes

Cannot import signed certifcates in FIPS mode

When trying to import the signed cert in FIPS mode, error "import failed. Certificate chain cannot be validated, required CAs not found". This was a known issue that was supposedly fixed in PAN-OS 9.0.9 and PAN-OS 9.1.4, current version: 10.2.3-h2. I was able to get this working in a lab environment without FIPS. Are there additional steps tha...

URL Filtering is not working for Global Protect users

Hi all, We have a requirement of GP user should access certain URLs. But once i assign the URL category in security policy, GP user is not getting internet access.. SCENARIO 1 : Security Policy: Source > GP & Source user Group Destination > WAN Action > Allow Internet is working with full access. SCENARIO 2: Security Policy...

Having issues with Vmware horizon client RDP application through palo alto

The initial login works fine but when we try to open any RDP session, it gives an error as “Unable to Connect". But when on the personal network it works fine. Do not see any drops on the firewall, the initial connection is on TCP 443 after which a connection to tcp/4172 PCOI is created and is terminated by a TCP-FIN. Tried to provide an access...

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks