This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

What is the seq number in userID log ?

What is the seqno field in userID logs(below link) ? What is the range for that? Will it rollover when it reaches the maximum ? https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/monitoring/use-syslog-for-monitoring/syslog-field-descriptions/user-id-log-fields User-ID

saswins by L1 Bithead
  • 2592 Views
  • 2 replies
  • 0 Likes

DNS rewrite

Hello, I am using DNS rewrite for a hosted service that we are connecting to, however, the global nature of this feature is causing me some problems now as we are connecting a network we do not manage to our firewall which causes routing to fail to the rewritten addresses. One of the solutions I am considering is creating a new vsys on the fir...

Prevent Credential Phishing with UPN (userPrincipalName)

Hi World, I'm have my first contact with this Prevent Credential Phishing feature. With the option "IP User", because UserID Mapping is already in place, i'm able to detect sAMAccountName Username submissions. But a lot of phishing sites are focused on the UPN, but the UPN username filed submission is not detected by the firewall.sAMAccountName ...

fhu_omi by L1 Bithead
  • 2918 Views
  • 2 replies
  • 0 Likes

PA-5450 - HA1 on NC possible?

Hi folks, I came across a situation where there are insufficient number of transceivers for the new PA-5450's HA1 and HA2 (with backup interfaces). The HSCI ports are use for HA3 (Active/Active deployment). I have to use one SFP+ transceiver for the MGT-A interface. As I was running out of transceivers, the hardware doc pointed out that I can us...

pa850 spf+ interface speed setting separately

I set pa850 one spf+ interface speed to 1000M,the pa850 report commit fail, "Error,invalid forced speed/duplex for ethernet1/12,interface configuration error..." in cli mode, the command of setting interface speed is only "set system setting ports-9-12-speed" parameter; I want to know whether the speed of interface on 9-12 ports can be set sep...

huanga by L0 Member
  • 1742 Views
  • 0 replies
  • 0 Likes

No Internet Access or Cannot ping to global dns

Dear Team, I have layer two switch which is connected to core switch (layer 3) and created the trunk link between these switched and the core switch is connected to my firewall and created route port to firewall from this core switch. outside my firewall directly connected to the internet with one PC. In layer two switch i have two pc which is...

76407559-0A19-4599-969C-B33ADC886490.jpeg

MIGRATE ASA Firewall to Palo alto(3410)

We want to migrate from ASA to PA(3410) , we are using expedition tool. But when we try try to add device in expedition migration tool (v 1.2.34), we don't see any drop down for 3400 series firewall. Is there any solution for this? Can I proceed by selecting 3200 or 3000 series firewall? Please note you are posting a public message where co...

VPatil6 by L0 Member
  • 1941 Views
  • 0 replies
  • 0 Likes

DNAT fails to work on PA-VM

Hi PA experts, I've been racking my brain to figure out the DNAT problem when doing the tests on PA-VM. It should be a very common scenario which is why I really don't get why the common DNAT doesn't work. On PA, the inside interface is 192.168.1.1/24 connected to a router 192.168.1.10/24. The outside interface is 1.1.1.1/24 connect...

RiceWu by L1 Bithead
  • 3707 Views
  • 2 replies
  • 0 Likes

User-id & group information miss mapping issue

Hello, I faced user-id and group information miss mapping issue in active/active configuration. However, I couldn't find the problem, so I need your advice. Device info: Device : PA-3220 PAN-OS : 9.1.11-H3 Active-Active, V-wire Currently, we receive user information through the aruba clearpass and xml-api linkage. There is no group setting on ...

PANOS 10.1.0 upgrade to 10.1.6-h3

Hi, I am at the tail end of upgrading our environment from 10.1.0 to 10.1.6-h3 with one system left and the software install bar has been at 45% for the last 5 hours. The system responds fine to commands, the GUI works, but the install isn't completing in a timely manner. I can't seem to find a log entry relating to the install to help deter...

clindsay by L0 Member
  • 1552 Views
  • 0 replies
  • 0 Likes

Best Practice for URL policy question

So the scenario is we have an app on a server which needs to access several URLs. My colleague setup a custom URL Category and applied it to the policy, but the problem is this isn't working. From my reading on URL Categories, this applies to web-browsing traffic, not URLs themselves as destinations. Meaning if traffic is deemed to be something ...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks