Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4637 Views
  • 0 replies
  • 1 Likes

how to know which informational level log related with hackers and invasion?

how to know which informational level log related with hackers and invasion? when this can be found, how to deal with this kind of attack and informational log? For example, in the past, smart install security incident , there kind of log are not crtiical level and not alert level some security event evidence can be any level of log

MavioLee by L2 Linker
  • 2704 Views
  • 1 replies
  • 0 Likes

Resolved! Sub-interface and zone || IPSec tunnel with AWS

Hi Team, 2 queries. 1. I have 2 physical interfaces on which i have configured multiple sub-interfaces. say for eg eth1/7 - eth1/7.1, eth1/7.2, eth1/7.3 eth 1/8 - eth1/8.20, eth1/8.21, eth1/8.22. and my both physical and subinterfaces are in same zone - say trust zone. Now i have an urgent requirement and i cannot addup new physical in...

Anyone else seeing ublockorigin.pages.dev and malware-filter.pages.dev being blocked in the phishing category?

This morning I noticed some hosts on our network were blocked from visiting ublockorigin.pages.dev and malware-filter.pages.dev because the URL filter categorized those pages as phishing. These URLs appear to be associated with the uBlock Origin adblocker extension. Does anyone know why these pages are categorized as phishing now by Palo Alto?

Resolved! How to best interpret blocked URL events for malware and C2

We recently started issuing a daily report from our PA-5220s detailing which hosts on our network were blocked from visiting certain URL categories of interest to us (malware, phishing, C2, ransomware) during the previous calendar day. I am the person on our team who scans those reports in the morning and decides which events to investigate. M...

HA Configuration with network provider router

Hello In case where I haven't switch between network provider router and our cluster of Palo Alto (Active/Passive), only a cable between router (eth1) and Eth1 of Active firewall, if the active FW is broken, the communication will be cut or not ? What is the best design to connect a sigle router of network operator to our FW cluster if we c...

JeromeC_0-1662024189356.png
JeromeC by L0 Member
  • 1861 Views
  • 1 replies
  • 0 Likes

how to allow NordVPN after done suggestion of BPA for advanced threat license

how to allow NordVPN after done suggestion of BPA for advanced threat license? I use flashrouter of nordvpn but page.asp can not load and even blank white page shown. I remove high risk and medium category blocking but can not solve PA220 configured C2 command and control traffic blocking but cannot find the reason of blocking and can not find w...

MavioLee by L2 Linker
  • 4905 Views
  • 3 replies
  • 0 Likes

PA firewall treated NBSS Continuation Message as Worm/Win32.vobfus

Hi all, Recently the PA firewall received massive threat alert with family Worm/Win32.vobfus. (Application: ms-ds-smbv3, Port: 445, thr_category: pe) I have submitted the file samples and the files are clean, we also scan the server and there is no virus. Which we confirm this alert is a false positive. Then I take a Threat Packet Capture, P...

MarcusLeung_0-1661915171950.png

Wildfire detecting phishing (severity high) but action is allow

Hello all, I am seeing multiple Wildfire submissions that have the same source IP and are being detected as smtp-base with the verdict of phishing, high severity but the action is "Allow". I have noticed in the Antivirus profile that for SMTP the "Wildfire signature action" and the Wildfire Inline ML action" is set to "default (alert)". How do ...

ccfritz by L1 Bithead
  • 1990 Views
  • 1 replies
  • 0 Likes

PA-HDF issue

After factory reset as suggested i get the following Has any one come across this type of error and how can it be resolved I am trying to learn and get comfortable with the device but getting these errors Please help Dalton

Dalton by L0 Member
  • 1903 Views
  • 1 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors