Next-Generation Firewall Discussions

PAN OS 8.1.25-h3 for PA-850

Hello Everyone,

In one of the branch, we are having PA-850 firewall with firmware 8.1.13 version running on it. Because of the organization limitation, there is no internet on the firewall so we couldn't actively upgarde the firmware version. Now

...

IPsec tunnel PA-Forcepoint Up but no traffic passing through

Hi ,

I'm configuring an ipsec tunnel between PA-5410 (route based )and Forcepoint Firewall (policy based), and showing up but when i try to ping from LAN-to-LAN i could not recieve any trafic or logs . from system log,

""PSec key deleted. Deleted

...

SIP TRunk over PA6-440 not working

Hi

we have just migrated from Cisco ASA to palo alto 440 firewall

we have a SIP trunk between IP telephony server CUCM installed on our site and another installed on remote site

the communication is done over a tunnel ipsec VPN

from our site we can p

...

Resolved! Need Assistance for recover Customer Support portal account

Hi team,

I hope all are doing great. I am facing a problem that is, We have PaloAlto firewalls and these firewall are licensed. But now we are unable to remember which email account was used for customer support portal account. Now we need to know

...

Resolved! vulnerabiliy

Hi Team,

We are managing VM-firewalls which are NGFW on CSX platform (Cloud), how to do we confirm that our version is Cloud NGFW and not affected.

Custom URL to match allow policy matches halfway through URL

Custom URL category containing one line similar to this:

abc.com/string1-string2/string3-string4/string5

After the domain name are a series of strings with some dashes and forward slashes. String5 is meant to be a filename in the string3-string4 dire

...

IPSEC Tunnel monitor for policy based site to site VPN

We have connected site to site VPN tunnel with remote peered using policy based. so ca we monitor this IPsec VPN tunnel if it goes down with some trigger mechanism over email.

Resolved! 3260 Upgrade to 11.1.0

Hey Community,

My environment recently went through some changes requiring it to be shutdown for a few months and be moved to a new location. It is now settled in and back up, however we still do not have internet yet and I want to start patching the

...

PA3260 HA secondary SNMP credential not working

we have paloalto HA configured and i configured snmp server trap profile in primary firewall. when i pull data from snmp manager it successfully pull data from primary firewall. but when i tried to pull data from secondary it shows me credential wron

...

IKE phase-1 negotiation is failed as initiator, aggressive mode.

Hi All,

We are facing an issue where IKE phase-1 negotiation has failed as the initiator in aggressive mode. The SA (Security Association) has failed between 199.X.X.X [500] and 162.X.X.X [500], with the cookie: fa14dad50518163e:0000000000. Can someon

...

Block URLs with exceptions

Hello everyone,

my name is Phil and I am in charge of the network structure in a municipal utility with 2 other people. We have 2 PA-3220s with software version 11.0.2-h2 and several PA-400s in use.

We are faced with the following problem:
We want to

...

Resolved! Exploring Decryption and Encryption Strategies with Palo Alto Firewalls

Is it possible for the Palo Alto firewall to decrypt inbound traffic and deliver decrypted text to the internal server? I don't want the traffic to be re-encrypted after PA analysis.

Is it possible to decrypt inbound traffic and re-encrypt it with

...

Resolved! PAN-OS 5400f or PAN-OS 5400

Trying to determine which PAN-OS I am going to install. How do I determine if I am to select 5400f or 5400? This is for a 5410.

Resolved! Restricting non work related downloads and applications

We have users that are able to download games from url site not classified as games on their work laptops to their personal folder on the fileserver. Is there anyway to restrict access to .exe file downloads and use without having to have a huge exce

...

Resolved! Firewall subinterface

Greetings,

i have some doubts in configuring sub interface. i have eth1/1 (physical interface)ip-10.0.2.1 now for some testing i want to configure a sub interface for eth1/1 with same subnet like 10.0.2.2 and without vlan tag.

will this work ???

...

Discussions

PAN OS 8.1.25-h3 for PA-850

IPsec tunnel PA-Forcepoint Up but no traffic passing through

SIP TRunk over PA6-440 not working