This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4558 Views
  • 0 replies
  • 1 Likes

How to avoid split brain in active passive cluster

Hi, We've got a installation with active-passive devices in different datacenters. We need to ensure that the primary device is always the active device when there is some problem between datacenters. We have configured virtual router path monitoring in the secondary device so it can check that the primary device is not reachable. But for so...

LACP load balancing algorithm

Hello Team, Where I can find information about how traffic balance between physical interfaces in case when LACP used?Can I choose balancing method in configuration (source/destination, MAC/IP Addr, L4 Ports)? I found information about traffic distribution mechanism in LAG for early versions of software (prior 6.1😞https://knowledgebase.paloalto...

EDL and Custom URL

Hi There, Problem Statement : We have custom URL lists(To allow Azure Endpoints only), also we have EDL(With Minemeld) integrated. As per our Infosec Policy we should not use Minemeld feed for Microsoft as it has some of many wildcard. So desperately creating custom URL for each MSFT end points(viz Defender, AAD heath etc,,) But some of URL is ...

Ramakrishnan_0-1656531514731.png
Ramakrishnan_1-1656531743034.png
Ramakrishnan_2-1656531871704.png

Resolved! Permit statement isn't capturing all the traffic

We have a school tied to our organization that's using a PA-850 and is running 10.1.6, and we're trying to get Battle.net working. After considerable troubleshooting, I put in a rule at the very top to permit the "zESports" zone to get to any IP on any zone. See the eSport_to_all_rule image. For some reason, some packets completely bypass this r...

PA dropping certain MSSQL EXEC statements for no apparent reason

Having a weird issue with a remote client connection to over VPN to multiple internal MSSQL servers. A particular SQL EXEC query packet is getting dropped in the middle of an SQL session. Security ruleset allows the communication under a VPN to TRUST mssql-db-unencrypted rule (made a separate test rule with explicit any/any allows and no filteri...

Firewall tries to close a BGP/TCP connection with switch

Hi, The following problem involves a firewall (10.249.0.13) wanting to close a BGP connection with its neighboring switch (10.249.0.14). The switch answers with a BGP NOTIFICATION message that contains 'No supported AFI/SAFI'. (separate issue) The firewall then sends a FIN to the switch to close the TCP connection. Follows a series of FIN ...

Upgrade 9.0 to 9.1 Question

I have two palo vm's (managed by panorama 10.1.3) in azure running 9.0.13 and I want to get them up to 9.1.14. I have a question regarding order of operations. Can I use Panorama to upgrade them directly from to 9.1.14 by downloading 9.1 and downloading and installing 9.1.14? Or do I have to install the 9.0.16 maintenance release before moving...

dac6d4 by L0 Member
  • 2539 Views
  • 1 replies
  • 0 Likes

Cloud NGFW for AWS billing issue

Hi All, I have subscribed Cloud NGFW for AWS service(Palo Alto firewall) from AWS marketplace and used it from a learning perspective. Now I'm getting a higher billing amount on the AWS billing dashboard. I raised a case with AWS for billing issue they suggest talking to Palo alto customer care support for the same. On Palo Alto portal i am no...

Resolved! Best Practice for Root CA Self Signed Cert on NGFW

I have a question regarding best practices for creating Root CA self-signed cert(s) on a NGFW. Should one single self-signed CA root cert be used as the root cert for ALL certificate chains for firewall services such as SSL Decryption, GlobalProtect portal, Gateway Certificates, etc, etc? So I guess there are two specific questions: 1) Is there...

Looking to switch to PAN for NGFW, need insight into IPS, reporting and analytics, network visibility, etc

Hey all, I work IT security for a SMB in the financial sector and I'm looking into PAN, FortiGate and Check Point for a better NGFW solution than what we currently have, which is Sonicwall. For about 6 years we've been using an NSA 3600 to cover our main company network and then a TZ500 to connect back to the main branch via point to point VPN a...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks