Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4637 Views
  • 0 replies
  • 1 Likes

Dual dynamic ISP with single VR

Hi , have 2 dynamic isp at site 1 with single vr and ECMP and 1 public ip at site 2 paloalto at OCI cloud , i have setup dual tunnels from site 1 to site 2 but its not stable at all and most of times if we simulate failover using either path monitoring or tunnel monitoring we can see that vpn is stuck in initiating phase. We used below guide h...

PA-HDF issue

I have purchased a PA 200 to get some practice for my exam i configured it but forget my pw so i done a factory reset and since getting PA-HDF login. i entered admin admin and getting incorrect pw I have attached the file please advise

Dalton by L0 Member
  • 4939 Views
  • 2 replies
  • 0 Likes

Can not change

Hello Every one I was trying to build a Site to Site Vpn. I can only select limited interfaces when creating a new Zone. The selection option does not even include the main gateway interface (Ethernet1/10. I have attached a screen shoot of the scenario.

Habte01_0-1660835482512.png
Habte-01 by L1 Bithead
  • 3336 Views
  • 6 replies
  • 0 Likes

Resolved! Issue with license

Hello Mr. We have renewd our subscription for the PAN-OS features all gone ok but issue with the PAD-DB URL filter. PAN-DB URL has not retrived the service subscription in the license page. 'when I tried to user online license retrival' but when I tried to upload the key it added a new windows 'Advanced URL fiter' with the new subscr...

Distribution of licenses across multiple vSys

Dear All, We have a PA-5200 series firewall. I have a small question which I couldn't find an answer in the public documentation, blog or discussions. My question is that how licenses are distributed among the vSys in the same firewall. The license(s) that I am interested are below: Threat Prevention Subscription Global Protect Subs...

mune3b by L0 Member
  • 2290 Views
  • 1 replies
  • 0 Likes

What is the seq number in userID log ?

What is the seqno field in userID logs(below link) ? What is the range for that? Will it rollover when it reaches the maximum ? https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/user-id-log-fields User-ID

saswins by L1 Bithead
  • 2720 Views
  • 2 replies
  • 0 Likes

Prevent Credential Phishing with UPN (userPrincipalName)

Hi World, I'm have my first contact with this Prevent Credential Phishing feature. With the option "IP User", because UserID Mapping is already in place, i'm able to detect sAMAccountName Username submissions. But a lot of phishing sites are focused on the UPN, but the UPN username filed submission is not detected by the firewall.sAMAccountName ...

fhu_omi by L1 Bithead
  • 3044 Views
  • 2 replies
  • 0 Likes

DNAT fails to work on PA-VM

Hi PA experts, I've been racking my brain to figure out the DNAT problem when doing the tests on PA-VM. It should be a very common scenario which is why I really don't get why the common DNAT doesn't work. On PA, the inside interface is 192.168.1.1/24 connected to a router 192.168.1.10/24. The outside interface is 1.1.1.1/24 connect...

RiceWu by L1 Bithead
  • 3920 Views
  • 2 replies
  • 0 Likes

User-id & group information miss mapping issue

Hello, I faced user-id and group information miss mapping issue in active/active configuration. However, I couldn't find the problem, so I need your advice. Device info: Device : PA-3220 PAN-OS : 9.1.11-H3 Active-Active, V-wire Currently, we receive user information through the aruba clearpass and xml-api linkage. There is no group setting on ...

Best Practice for URL policy question

So the scenario is we have an app on a server which needs to access several URLs. My colleague setup a custom URL Category and applied it to the policy, but the problem is this isn't working. From my reading on URL Categories, this applies to web-browsing traffic, not URLs themselves as destinations. Meaning if traffic is deemed to be something ...

  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors