This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

any suggestion to replace current PA3020?

Hi. we are planning to replace/upgrade current PA3020 to a newer PA model. could you please suggest which model is the best suitable with my requirement below? thank you. Current PA3020 Setup Info - using 5 virtual routers - using aggregate interfaces - as Internet Gateway - as small Data Center Gateway (AD, some storages and a few apps) - aro...

zinkt101 by L1 Bithead
  • 5348 Views
  • 4 replies
  • 0 Likes

Resolved! PA-850 Management port

Hi. I'd like to configure a PA-850's management port to use DHCP via the CLI using 10.2. All of the information I can find only shows how to set the standard interfaces to either an ip or dhcp, but not the management interface. Does anyone know if that is even possible? Even ChatGPT wasn't helpful 🙂

Kevin407 by L1 Bithead
  • 4907 Views
  • 7 replies
  • 0 Likes

Why Management interface do query instead of DNS-Proxy Interface

Hi Team, I configured DNS proxy Interface e1/1 - 192.168.29.245 to clientless vpn. DNS-Proxy resolves as, General browsing resolves with DNS 8.8.8.8 and 1.1.1.1 Tutelartechlabs.com resolves with DNS 1.1.1.2 and 4.4.4.4 Amazon.forest.in (internal-application) resolves with DNS 172.30.30.31 Note: DNS-Proxy interface is the interface that act...

LC1.jpg
LC2.jpg
LC3.jpg
LC4.jpg

MTU value

Hi All, If we set mtu value as 9192 in interface and 9072 as sub-interface, which one the sub interface choose.If it will choose 9072, would that mean 9072 size packet can be sent. Similary, Hi All, If we set mtu value as 9192 in interface and kept the su interface blank, what mtu will be choosen.

Sujanya by L3 Networker
  • 1131 Views
  • 0 replies
  • 0 Likes

What problems or vulnerabilities does this present?

IMPORTANT NOTE: Never set both checkboxes "Forward Trust Certificate" and "Forward Untrust Certificate" in the same certificate, and do not have the "Forward Untrust Certificate" deployed under a trusted certificate chain. If you do this, it will cause the firewall to present client devices with a CA certificate they trust, even when they connec...

Vulnerability Protection Profile action drop, but still forwards packets

Hello, A customer has a Palo Alto perimeter firewall and a Fortigate DCFW which sits behind the PA in the line of traffic when incoming from the internet . It has been observed that in a scenario when the Palo Alto firewall which has SSL Inbound inspection enabled for all internet facing applications and the vulnerability protection signatur...

Aamirjan by L1 Bithead
  • 4681 Views
  • 4 replies
  • 0 Likes

Adding an External Dynamic List Object and importing the Intermediate CA certificate from the external web server that the EDL is hosted on

I am trying to add an External Dynamic List to our PA-440. The External Dynamic List is hosted on an external web server by one of our security partners. This web server is https enabled and authentication is via username/password. This is the screenshot when you go to the EDL's Source URL: According to this documentation, in order for...

thivye_1-1676501196399.png
thivye_2-1676501218691.png
thivye_3-1676501263508.png
thivye_8-1676501297085.png
user9891 by L0 Member
  • 2967 Views
  • 1 replies
  • 0 Likes

Palo Alto PA-3400 Series degraded specs vs 3200 Seires

Dear Palo Alto CommunityIs it just me, or did Palo Alto drop the ball on the new PA-3400 Series, while almost all specs gained an improvement over the old 3200 series. There is the value of Security-Zones that has me deeply confused/puzzled. For the sticker price (whether it is list price or street price). Having a PA3410 with a max of 40 Securi...

PA-comparison.png
PA-3400-performance.png
AlexNC by L3 Networker
  • 9526 Views
  • 4 replies
  • 1 Likes

Resolved! Suspicious Code in GIF File Detection - Logic of Detection

Good Day Team! I hope You are all doing well! We have a detection re: a remote ip attempting to connect to a certain server which hit the rule Suspicious Code in GIF File Detection. We have blocked the ip, however, the detection has: Threat Category: downloader PA Subtype (custom): spyware wherein we are currently in a dilemma if the former reme...

PAN-143485

It says that it was fixed in the 10.0. version, but 10.0. What version did it solve? I searched the realease note but couldn't find it. refer https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm68CAC PAN-143485 8.1.0-8.1.18, 9.0.0-9.0.12 , 9.1.0-9.1.6, 10.0.0-10.0.4 Fixed a memory leak issue related to a process (*...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks