This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4555 Views
  • 0 replies
  • 1 Likes

DNAT fails to work on PA-VM

Hi PA experts, I've been racking my brain to figure out the DNAT problem when doing the tests on PA-VM. It should be a very common scenario which is why I really don't get why the common DNAT doesn't work. On PA, the inside interface is 192.168.1.1/24 connected to a router 192.168.1.10/24. The outside interface is 1.1.1.1/24 connect...

RiceWu by L1 Bithead
  • 3772 Views
  • 2 replies
  • 0 Likes

User-id & group information miss mapping issue

Hello, I faced user-id and group information miss mapping issue in active/active configuration. However, I couldn't find the problem, so I need your advice. Device info: Device : PA-3220 PAN-OS : 9.1.11-H3 Active-Active, V-wire Currently, we receive user information through the aruba clearpass and xml-api linkage. There is no group setting on ...

Best Practice for URL policy question

So the scenario is we have an app on a server which needs to access several URLs. My colleague setup a custom URL Category and applied it to the policy, but the problem is this isn't working. From my reading on URL Categories, this applies to web-browsing traffic, not URLs themselves as destinations. Meaning if traffic is deemed to be something ...

Problem with PBF with two ISP and two VR

Hi all, I have a PA220 managed with Panorama. Very cool mgmt and very powerful. Only the PA220 is a bit slow.My Situation - I have two internet connections (Eth 1/1 and 1/7) with fixed IP. Both have their own VR and therefore both have a null route. And both have own untrust1 and untrust2 zone.All my clients 10.10.10.x/24 are in trust1 zone and ...

LED Status yellow for PWR

Hello Guys, Need some suggestions, Paloalto 5220 or say 3220 while deploying I can see yellow LED in PWR but every other LED's are green. referred - https://docs.paloaltonetworks.com/hardware/pa-3200-hardware-reference/service-pa-3200-series-firewall/interpret-leds-pa-3200-series In this document it says it will either be green for ON and ...

Doyenadmin_0-1658245875590.png
5250 led status.jpg

Resolved! DNS-base application

Hi ALL, In our monitor log ,we see a lot of deny for a few PCs with "dns-base" application . Please see below: what is "DNS-base" and how do we allow it if needed. Thanks QL

Qui_4-1657240524522.png
Qui by L2 Linker
  • 16238 Views
  • 3 replies
  • 0 Likes

PaloAlto base config, not able to commit config after removing vwire references

Hi Folks, I am using Palo-Alto 3260 without panaroma. i want to take base config from it, so we have reset the firewall to factory default and trying to commit config by removing vwire from interfaces and zones. but config is not getting commit and giving error as interface is missing default config. How can i take base config then

Resolved! ssl inbound inspection in a reverse proxy scenario

Dear Community, I need to configure ssl inboud inspection in a scenario with 5 web services running behind a reverse proxy. The flow of traffic is as follow:Internet (same_public_ip) =>> PA ==(nat)=>> Reverse Proxy =>> Web Services Since PA will not be able to peek into the sll traffic to grasp which one is the aimed internal s...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks