This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4559 Views
  • 0 replies
  • 1 Likes

Routing issue on Multi VSys PA Firewall integrated with Cisco ACI

Hello, We have multi Vsys firewall to handle North-South and East-West traffic, which is integrated with Cisco ACI. The virtual router is configured with static route 0.0.0.0/0, next hope as Cisco ACI. We are seeing some North-South traffic on East-West firewall, the ACI team insist it is a case of Route Leak from PA/Vsys. Any suggestion, A...

Palo firewall routing

Hello. New to Palo's. I have a question re routing. I have an interface with, say, 1.1.1.1/24. There is a router on the same network on 1.1.1.2. I have had to add a static route in order to ping/communicate with 1.1.1.2 Is this normal Palo behaviour?

Source Mac not displaying

We have multiple Paloalto firewalls running in version 10.1.X/10.2. None of them are showing the source or destination mac address in the traffic logs. When we select the source/destination mac address column in the traffic logs, it shows blank. So how to display the source/destination mac address in the traffic logs

still see in logs while I already blocked it

Dears panorama firewall logs show threat for example spyware which threat name is website link. I blocked website IP and the link but still I see it in logs.it repeated many times which full the logs .The source address from DMZ zone and the destination address from outside. what can I do to not see it again in logs ?

KmdCyber by L0 Member
  • 1823 Views
  • 1 replies
  • 0 Likes

Certificate export on a fips enabled firewall

Hello All, I currently have an HA pair of 3260 firewalls that have a GP portal and gateway. My firewalls are in FIPS mode. I want to setup a redundant pair of firewalls in AWS as my DR running GP with the same config. So I would have a monitor setup that if my main site becomes unreachable for more then 30 min my DNS changes priorities to my DR ...

Paloalto HA probem

Hello, we have a few PA440 clusters where we are unable to activate HA. Software version is 10.1.6-h6. As soon as we enable HA on first node, everything goes down (including internet access) and then the config gets rolled back (due to lost connectivity to panorama). I cannot seem to find any hint in the system logs. Has this happened to...

Wildfire and Fileblocking

Hi Team, Want to understand how i can use WF and file blocking. Suppose if am using wildfire analysis and using a default policy application - any Filetypes - any Direction - both Analysis - Public-cloud and Using a File blocking profile as attached. and say i am downloading an executable file from Internet and it is not malicious -...

Resolved! BGP preventing your FW become a transit AS

HI all, basically same question of subject. I've configured a PA VM in a lab with his own AS number,but i'm struggling to find the way to prevent the FW being used by other BGP routers as AS transit,only advertise network i decide to advertise. Any idea,link or configuration to suggest? Thanks in advance! MG

MGMGMG by L1 Bithead
  • 2793 Views
  • 2 replies
  • 0 Likes

Resolved! DGA Threat Alert

First off, I am fairly new to Palo Alto firewalls. Yesterday we received a number of alerts over a one minute period related to a Domain Generation Algorithm threat. The source was an internal IP address, the destination was an external IP address. The action taken was sinkhole. The rule was DNS Forwarders. I don't fully understand what this i...

Dataplane Crashes on PanOS 10.2.2 when DNS-Servers not set

We've encountered an issue on PanOS 10.2.2 when DNS Servers are not set on the Management-Interface, the Dataplane crashes when jumping from the Panorama to the local context of the firewall. Older version of PanOS do not have this issue. Setting the DNS-Servers seems to resolve the problem. Looks like an issue with the name resolution and dnspr...

mattlede_0-1662715637110.png
mattlede by L1 Bithead
  • 2966 Views
  • 2 replies
  • 2 Likes

Getting errors While commiting the config from panorama to Palo-Alto

We have on-boarded new standalone firewall of model 410 to Panorama and tried to configure them via templates. In Template stack we have added FW template (as priority )+ global. and we are getting below error while commiting the configurations to firewall.devices -> localhost.localdomain -> template-stack -> FW_stack -> config ->...

Sujanya by L3 Networker
  • 2675 Views
  • 1 replies
  • 0 Likes

Resolved! TCP session timeout

Hello Team, Just a query - wanted to understand few things related to PA- sessions timeout. We have a server - which needs to connect to a specific port say 8xxx or 9xxx but unfortunately it requires connection to be established till more that 10 hours say 12 hours for example. So how can i achieve this ? 1. can i change global setting...

Best practice to unblock NUPKG

Looking for suggestions to unblock NUPKG files, as it is not a populated file (I already tried whitelisting the url it originates from): File Transfer Blocked The file you are trying to download or upload has been blocked in accordance with company policy. Please contact your system administrator if you believe this is an error. File name: Te...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks