This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4590 Views
  • 0 replies
  • 1 Likes

GlobalProtect enforcer exceptions not staying in registry

We have GlobalProtect with "Enforce GlobalProtect" enabled and a set of IP and FQDN exclusions. Additionally, the captive portal exception timeout is configured to 900 seconds. However, we’ve encountered an issue when users are connected to GlobalProtect, put their laptop to sleep, and then travel to a different location (e.g., a hotel). Upon wa...

Jagdeep1 by L2 Linker
  • 1905 Views
  • 3 replies
  • 0 Likes

User-ID Redistribution Agent : Close Connection to Agent

I am getting high severity alerts for user id connection agent Failure - Redistribution Agent <Agent Name> (Vsys1):Close Connection to Agent. Would appreciate if anyone can help me understand the log to check if the issue occurred due to firewall or by someone did it manually. If occurred on its own, then what could be the reason. When ...

Suggestion for a good model.

Hello Guys, We wants to deploy 10 PaloAlto firewalls in our 10 multiple locations. So pls suggest a good model which can capture all type of logs and having advance features.And wants to deploy one centralised firewall which can control all location's firewall.

Security policy not matching for CP authenticated LDAP users

Objective: Configure Captive portal for non-windows users to authenticate, but use AD credentials through LDAP authentication. Configuration performed.1. LDAP profile, Group mapping settings, server monitoring. (test command authentication is successful in CLI)2. Captive Portal config - Authentication portal setting / Certificates / SSL profil...

Pangps service stop after system restart in windows 11.

Global Protect service not running after restart the machine. When i try to enable the pangps service i am getting Error 1053 error. I have done the below troubleshooting. This issue raises in Windows 11 only. 1. Set delayed start 2. Changed option in registry 3. Uninstall and reinstalled 4. version upgrade 6.2.8 c223 to 6.2.8 c663 version. 5....

Question on "default" VLAN Interface

This may be a stupid question, but is there a purpose for the default vlan Interface (named just "vlan") that gets created on network templates? I have a couple of deployments that use vlan interfaces, but I noticed that the default vlan interface is the only one that has a mac address. Is this interface necessary?

jwill2 by L1 Bithead
  • 314 Views
  • 0 replies
  • 0 Likes

Resolved! Telemetry - Hostname/url is in illegal/bad format

Hello - Any idea on how to troubleshoot this? Device Telemetry Statistics:device-health-performance: last-attempt: Fri Oct 6 13:29:13 UTC 2023last-success: Fri Oct 6 12:19:14 UTC 2023num-of-failed-attempts: 2reason: Hostname/url is in illegal/bad formatstatus: failedproduct-usage: last-attempt: Fri Oct 6 13:29:13 UTC 2023last-success: Fri Oct ...

Duplicate DNS packets

I'm encountering and issue where we are seeing duplicate DNS (UDP) packets coming out of the palo to the resolving server. Specifically TXT records with multiple packets at the server (resolver) side vs. the normal request/response. At the client side we see the normal request response (2 packets). The server side there are up to 6 packets for ...

Limit User-ID Agent queries to cerain Windows event-IDs

We have been using PA-User-ID Agent for years an it was working fine. The Agent is connecting to Domain-Controller Log and maps user-name and ip-address of successful logins for firewall-policy usage. Yesterday we changed GPOs on the Domain Controller to enable Kerberos-Ticket Logging and since then we received unwanted mappings: A user starting...

SBegass by L0 Member
  • 670 Views
  • 1 replies
  • 0 Likes

Resolved! Performance impact of using higher DH group for site-to-site VPNs

“Clarification on the meaning and performance implications of ‘Integrated Crypto Assistant’ for PA-1420 IPSec VPNs” Hi all, I’m working with a PA-1420 appliance in a site-to-site VPN deployment and I’d like to better understand the hardware/crypto architecture. Specifically: The PA-1420 architecture diagram lists “Integrated Crypto Assistant...

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks