Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! QoS Policy Class Selection

Hello, I have a question regarding QoS policies,

When you create a QoS policy, you don't have the option to select a QoS profile, you can only select a class.

My understanding is that the class pulled will be the one from the profile applied to the eg

...

Difference between Rulebase Security Rules and security policy in CLI

Hello!

I am struggling with some CLI config as we don't have access to the gui at the moment. I am trying to create an allow rule for ping, and searching around has directed me to use the syntax "set rulebase security rule".

I did that and the

...

Resolved! Slow Download and Uploads From Various Cloud Providers

Hello All,
3220 running 10.2.10h7
We have recently migrated a couple of our services to cloud providers away from prem and have since had issues with slowness with uploads and downloads to the servers.

- 2-1Gb connections but for now we have PBF Rule s

...

Resolved! Custom URL Category Not working Properly

Hi All,

I have created a custom URL category with wildcard *.docker.io, But when I run test command as below It is not matching any custom category.

test custom-url url test.docker.io

the PAN-OS Version is 10.2.x Is there any known issue or behavi

...

Terminal Service Agent with Azure Virtual Desktop

Our organization is moving away from Citrix VDI and exploring Azure Virtual Desktop (AVD). One of Security's requirements is that we get userID from the endpoints. We have successfully installed the TS Agent on the AVD and can get UserID; no issues

...

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Recently upgrade to version 10.1.14-h6 and now firewall is giving the below warning message.The firewall HA pair is operating with no issues and all commits are successful. I don't do any advanced routing in the firewall - only one vr. Is there a way

...

Policy configured with Application ID but sarda cloud saying I need to configure services as well ?

Hi everyone,

I have my policies configured with the Application ID, and I’ve set the service to "any" because some applications use random ports.

However, Strata Cloud is recommending that I configure the services explicitly as well.

I was under the

...

Upgrade PAN-OS from 10.1.10-h5 to 10.2.10-h9

Hello team, I am asked to update the PA-5220 Firewall through Panorama, the FW are in HA.
The requested update is PAN-OS from 10.1.10-h5 to 10.2.10-h9.

How many jumps does it require?

Resolved! DHCP with ISP router don't work :/

Hi,

just purchased a PA-3260 and trying to configure it to use DHCP with my ISP router.

The DHCP server works fine on the ISP router, tried it on my laptop.

I reset the PA-3260 than i removed the wired interface and select the first interface and set ip

...

Restart button is grayed out under both IKE Info and Tunnel Info on IPSec tunnels

Hello folks,

I am not sure when this happened but I suspect it when we upgraded to PAN-OS 11.1.3.

On my PA-3250 when I go into Network > IPSec Tunnels in PAN-OS, and then click either IKE Info or Tunnel Info, I am no longer able to restart the connec

...

DNS Failover Service

We are testing a 3rd party DNS failover service and they need a way to verify if our ISP is up. My thought on this was to allow ping/icmp on our external nic from the vendor's public IP range, however that isn't an option. We could allow http/https

...

Resolved! How to ping External Interface IP

Hi

I am trying to setup the ability to ping an external interface's IP address. I have setup a MGMT profile that allows PING assigned to the physical interface where our public IP addresses are. I also created a security rule that allows ICMP and

...

Resolved! PDF report generate and date is not in order

hi all, I have an issue where I generated and exported my custom report in PDF and the timestamp is not in order.

And the "sort-by" option is limited, refer to the attached.

Is there a way to view my report in the correct order based on the timest

...

Inbound Policy-Based Forwarding Issue - Intermittent loss of connectivity

Hello,

Got a strange one, that I am hoping someone with deep knowledge of PBF and symmetric return can advise on.

We have two (2) virtual-routers due to two different ISPs. The history of it is we are migrating off of one ISP to finally decommis

...

SD-WAN Traffic Control from the Hub Side

Hi Guys,

our Palo Alto on the HUB side is equipped with a single 10G uplink interface. On the Spoke side, there are three uplinks with varying bandwidths, and in this setup, the Panorama SD-WAN plugin generates three IPsec tunnels. I can manage traff

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! QoS Policy Class Selection

Difference between Rulebase Security Rules and security policy in CLI

Resolved! Slow Download and Uploads From Various Cloud Providers

Resolved! Custom URL Category Not working Properly

Terminal Service Agent with Azure Virtual Desktop

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Policy configured with Application ID but sarda cloud saying I need to configure services as well ?

Upgrade PAN-OS from 10.1.10-h5 to 10.2.10-h9

Resolved! DHCP with ISP router don't work :/

Restart button is grayed out under both IKE Info and Tunnel Info on IPSec tunnels

DNS Failover Service

Resolved! How to ping External Interface IP

Resolved! PDF report generate and date is not in order

Inbound Policy-Based Forwarding Issue - Intermittent loss of connectivity

SD-WAN Traffic Control from the Hub Side

LINOTP is support with Palo Alto

Internal IP's hitting sinkhole policy

11.1.4h7 and 11.1.5 h1 high cpu

Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

Where to check Threat IDs?

Re: Internal IP's hitting sinkhole policy

Re: Bi-direction Nat logic

Re: Deepseek addition to artificial-intelligence subcategory ETA?

Re: Errors and commit warnings after 11.1.2-h3 upgrade

Re: Pan-OS 10.2.13-h4 known issues

Unlock your full community experience!

Rules and Best Practices

Resolved! QoS Policy Class Selection

Resolved! Slow Download and Uploads From Various Cloud Providers

Resolved! Custom URL Category Not working Properly

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Resolved! DHCP with ISP router don't work :/

Resolved! How to ping External Interface IP

Resolved! PDF report generate and date is not in order