Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4638 Views
  • 0 replies
  • 1 Likes

NAT rule

Hello I have a problem. I have a firewall Palo Alto. Eth1 (20.74.34.3) is configured on public zone and eht1/2 is configured in the internal zone (10.110.0.4). Inside the internal network, I have a dmz subnet 10.111.0.0/24 where I have 2 web servers for application (app1 10.111.0.10 and app2 10.111.0.11) How I can configure the NAT rule to a...

PA-VM HA Failover Procedure

hello dear forum members, i have a question regarding the cluster configuration. wer'e currently running a PA-VM in cluster (A/P Mode) in the organization within an azure enviornment, both are configured with different External ip address. my question is, in the case of the active node going down, how does the procedure happen? will...

v-wire security newbie

we have a v-wire setup where we are controlling traffic to a secondary firewall w our 820. as its sitting between ISP and the site secondary firewall (sonicwall) we created a rule that negates all but some countries we do business with and that negation drops the traffic. would it be possible to accomplish the same with just creating the allowed...

JGaitan by L0 Member
  • 1714 Views
  • 1 replies
  • 0 Likes

Resolved! Create Security Policy Allowing Access to Sharefile based on User while URL filtering is blocking "Online-storage-and-Backup".

We currently block access to Online storage using URL Filtering and make exemptions to online-storage sites like Sharefile using custom URL Category with list of URLs that we want to exempt. However, this setup lets everyone in the company have access to Sharefile. I am trying to figure out a way to instead of Sharefile being accessible to eve...

NormGala by L0 Member
  • 4554 Views
  • 2 replies
  • 0 Likes

Certificate revocation / OCSP not working

I've set up one of our PAs (a 5260 running 10.1.6-h3) to use as a certificate authority and OCSP responder for use with GlobalProtect remote access. I'm able to issue and verify certificates with no problem, but revoking a client certificate has no effect on whether the able to connect. I'm able to browse to http://<PA IP>/CA/ocsp, but th...

Resolved! Twice NAT of ASA FW , equivalent NAT rules on Palo Alto FW

Hi Experts , We have twice nat rules (nearly 608 NAT rules) configured on ASA FW and we are planning to refresh them with Palo Alto 5020 soon.Below is one the NAT rule of ASA FW. nat (Internet,Inside) source static any any destination static h-197.29.23.83 h-10.30.2.74 unidirectional I would like to know what kind of nat rule(s) we should ...

EMEA-FW by L1 Bithead
  • 6431 Views
  • 2 replies
  • 0 Likes

unknown traffic pcaps just stopped happening one day around 2 weeks ago

I have a PA-460 that stopped doing pcaps for unknown traffic about two weeks ago. I played around with the application dump setting and I think I may have broken something: Application setting:Application cache : yesSupernode : yesHeuristics : yesCache Threshold : 16Bypass when exceeds queue limit: noTraceroute appid : yesTraceroute TTL thres...

Routing issue on Multi VSys PA Firewall integrated with Cisco ACI

Hello, We have multi Vsys firewall to handle North-South and East-West traffic, which is integrated with Cisco ACI. The virtual router is configured with static route 0.0.0.0/0, next hope as Cisco ACI. We are seeing some North-South traffic on East-West firewall, the ACI team insist it is a case of Route Leak from PA/Vsys. Any suggestion, A...

Palo firewall routing

Hello. New to Palo's. I have a question re routing. I have an interface with, say, 1.1.1.1/24. There is a router on the same network on 1.1.1.2. I have had to add a static route in order to ping/communicate with 1.1.1.2 Is this normal Palo behaviour?

  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors