This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4518 Views
  • 0 replies
  • 1 Likes

No DPD message while peer tunnel is down

Problems with IPSEC VPN tunnel between PAN FW PLWALFWxx and the BlueCoat datacenters (Amsterdam, Frankfurt) DPD does not seem to work. Extra Information: PLWALFW = PANOS 10.2.2.h2 INTERNET FW = PANOS 8.1.x We have IPSEC tunnels between our PAN FW and BlueCoat Datacenters. BlueCoat were doing maintenance on their datapods last week. DPD on ...

PXE network Environment

In a PXE network, the PA firewall is deployed between the client and the DHCP server and the WDS server The PA enables the dhcp relay, but the client cannot get ip from dhcp server. i doubt that pa drop the boot protocol packet.becacuse that the PA does not support the boot protocol, but if I use the PA as the dhcp server, the client still can...

Felixcao by L3 Networker
  • 1214 Views
  • 0 replies
  • 0 Likes

Resolved! Allowed SSL traffic reporting as policy-deny

We have a decryption rule to allow user internet access over SSL. Access to LinkedIn was working until 2 days back we started getting certificate error with validity expired. All users accessing the internet use the same CA signed certificate with no issues. I have attached the logs showing access permitted but the session end reason is policy-...

How to Test a Vulnerability Protection Rule

Hello Everyone, I have a use case that I’m trying to test in a lab, but I can’t figure out how to perform the test, and I’m looking for guidance. My use case is to drop traffic if the firewall detects certain CVE vulnerabilities in the traffic. My question is, how can I actually test this if my test endpoint is not vulnerable, or I do not know...

I need answer for this question .

Q1. Which two configuration objects will allow servers from different operating system (OS) types to get package updates from a given domain? (Choose two.) Select 2 Correct Responses A. Static IP address objects for every server, grouped together by OS type B. A single external dynamic list that maintains a list of all of the update domains C....

Two Vsys on the same firewall migration

HI Team, What is the quickest and most effective method to move some of the interfaces, objects, and policies from the original vsys to the new vsys when we want to divide our Palo Alto device into two vsys? We need to move two interfaces with their zones,objects and policies Please be aware that same the device will have two vsys and goo...

LDAP Integration with Redhat IPA in Palo Alto Firewall

Dear Teammate, How can I integrate with the LDAP feature of RedHat (IDM) IPA server authentication on Palo Alto Firewall, I tried to configure in Palo Alto LDAP configuration setting as the documents reference by official site but it's not working, Palo Alto to IPA Server is reachable connection and related port are already open in RedHat and ...

Certificate

I have two expired certificates that have expired. I am new to the position so i am still learning how everything is setup here. We have 4 total certificates. Two of which are expired. One of the active certificates is for our VPN but I am not sure what the other 3 are used for. Can you help pls. I am trying to figure out if I need to renew the ...

hmrjason by L0 Member
  • 1615 Views
  • 2 replies
  • 0 Likes

Integrating 3rd Party feeds in Palo Alto firewall for blocking IOC's

We would like to know if we can integrate 3rd Party feeds in Palo Alto firewall for blocking IOC's automatically. Generally we seen people integrate Open Source threat intel with SIEM etc with Virus total and IBM Xforce xchange https://www.dshield.org/block.txthttps://blocklist.greensnow.co/greensnow.txtOpen source threat intel to block IOC's au...

Resolved! 802.3bz multi-gig 2.5

march2023 and 802.3bz devices are arriving from ISPs, (eg comcast CGA4332COM) where is the compatibility/forecast/roadmap from PAN? After searching high and low i found zero content from PAN on this topic... if you have info post here and share with other members. https://en.wikipedia.org/wiki/2.5GBASE-T_and_5GBASE-T

Resolved! User ID (with Windows Agent) not working

Hi, we set up User ID based on these docs: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent Konfiguration and installation is working: - the agent installed on serve...

Limit access to CMDBuild application

Hi Team, I want to block access of tange of IP address 10.12.11.0/24 to "CMDBuild" application on the server. usually to get access to the CMDBuild, users use web browser and http(s)://cmdb, or http(s)://GGCT3MGT01 and the application port 8080 and 5443. I dont intend to block the users' access to whole server itself .

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks