This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4507 Views
  • 0 replies
  • 1 Likes

PAN OS integrated Use ID agent Server monitoring Status Showing "Access Denied"

Hi Team Pan OS Integrated User ID is connected with one of our DC server with out having any issues while configuring in the other DC servers we are getting the "ACCESS Denied" in the server monitoring. While seeing in the >less mp-log useridd.log I have seen in he following error: tail follow yes mp-log useridd.log 2025-02-20 14:1...

Cannot Access Primary in HA Pair – Need Failover & Recovery Advice"

**Subject: Unable to Access Primary Firewall in HA Setup — Need Guidance on Failover and Recovery**Hello Palo Alto Community,We are currently facing an urgent issue with our Active/Passive Palo Alto firewall setup:Palo Alto Model:PA-3220VERSION:10.2.5UPTIME:765 DAYS- The primary firewall (IP .165) is active but we have lost admin login access du...

Resolved! PDF report generate and date is not in order

hi all, I have an issue where I generated and exported my custom report in PDF and the timestamp is not in order. And the "sort-by" option is limited, refer to the attached. Is there a way to view my report in the correct order based on the timestamp? My Palo alto software version is 10.1.8

Palo Alto Firmware Downgrade

I want to downgrade the firmware of PA-410R from 11.1.4-h7 to 10.1.10-h1. I am trying to access the support portal, but it's not accessible, and I cannot even reach the help line numbers. I want to integrate the firewall with the existing Panorama with 10.1.10-h1 firmware. Need the community support to get access to the firmware, to the support ...

GKumar by L0 Member
  • 1564 Views
  • 2 replies
  • 0 Likes

Request Advice – BGP Failover Route-Based IPsec VPN With WatchGuard (WG)

Hi Everyone, I’m looking for guidance on the best-practice way to set up redundant route-based VPN tunnels using BGP between a Palo Alto firewall (PA-VM) and a WatchGuard firewall. The goal is to implement primary/secondary failover with dynamic routing instead of static proxy-ID tunnels. Environment Palo Alto: PAN-OS 10.x VM-Series WatchGu...

Issue with IOS 26 and SMTP

Hi everyone, We are experiencing a persistent issue with SMTP sending from iOS devices (specifically 26.1) when SSL Forward Proxy / Decryption is enabled on the firewall(10.2.16-h4). Is there any bug or limitation published related to this? Thanks in advance!

Clarification Needed: PAN-OS 11.2.x Vulnerability Status and Mitigation

1) Version Clarification Is PAN-OS 11.2.x (specifically 11.2.4-h1) affected by CVE-2023-48795 (Terrapin SSH Attack)? The advisory lists up to 11.1.x but does not mention 11.2.x. 2) Mitigation Confirmation If 11.2.x is affected, does disabling chacha20-poly1305and Encrypt-then-MAC algorithms fully mitigate the risk, or is an upgrade required? 3) ...

N.Parre by L0 Member
  • 673 Views
  • 1 replies
  • 0 Likes

Error log ": MLAV Server certificate validation failed. " received

Hello Team, Just few hours ago we have upgraded our pa 1410 panos from ver 11.1.10-h1 to 11.1.12 recommended by tac to solve error log "devsrsr: virtual memory limit exceeded, restarting ". Now through these few hours after apparently a successful upgrade we are receiving many new error log. eventid: tls-X509-validation-failed object: fmt: 0...

Issue with call recording (flow_predict_convert_rtp_drop)

Hi Team,We’ve been experiencing issues with the communication between a Cisco softphone and the call recorder. Below is the scenario and a description of the problem:When users place calls from a Cisco softphone, the call is established successfully, and both parties can hear each other. However, the issue arises because the call is supposed to ...

aalfaro by L2 Linker
  • 538 Views
  • 0 replies
  • 0 Likes

Bonjour mDNS Reflector Layer 3 Vlan Interface

Just curious if anyone out there knows why Palo Alto has never implemented the Bonjour Reflector feature in Layer 3 Vlan interfaces. PAN implemented this a long time ago but it is only available on physical Layer 3 interfaces (or subinterfaces) or aggregate links. - Is there a technical reason for not implementing on L3 Vlans or just that the...

BaudMatt by L1 Bithead
  • 1632 Views
  • 2 replies
  • 1 Likes

How to allow a user only to push the changes made by him/her on Panorama

Hi Team, How do I allow a user to Push only the changes made by him/her. I tried restricting the access using "Allow push for other admins" option but this is disabling the access for any push. I've tried multiple options but none of them is helping. We're on PAN-OS 11.2.4-h7 and it's Panorama VM series. Thanks for all your help, Bram

OSPF & Static Routes

Hi, I have OSPF configured on PA460 firewall with profile redistributing Static. I have another redistribution profile not to redistribute certain subnets/routes. Now I want to add some new routes with metric higher than that of OSPF. Will these routes be redistributed in OSPF. Thanks

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks