This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

How to avoid split brain in active passive cluster

Hi, We've got a installation with active-passive devices in different datacenters. We need to ensure that the primary device is always the active device when there is some problem between datacenters. We have configured virtual router path monitoring in the secondary device so it can check that the primary device is not reachable. But for so...

LACP load balancing algorithm

Hello Team, Where I can find information about how traffic balance between physical interfaces in case when LACP used?Can I choose balancing method in configuration (source/destination, MAC/IP Addr, L4 Ports)? I found information about traffic distribution mechanism in LAG for early versions of software (prior 6.1😞https://knowledgebase.paloalto...

PA-VM HA Clustering architecture

Hi All, We are working to deploy 4xPA-VM 300 firewalls in our 2 DCs. We would like to have a pair of Active/Passive firewalls in each DC. We would then want these 4 firewalls to be in a cluster as well. Our objective is to have complete redundancy across DCs and intra-DC as well, but these firewalls to work as logically same firewalls and a...

EDL and Custom URL

Hi There, Problem Statement : We have custom URL lists(To allow Azure Endpoints only), also we have EDL(With Minemeld) integrated. As per our Infosec Policy we should not use Minemeld feed for Microsoft as it has some of many wildcard. So desperately creating custom URL for each MSFT end points(viz Defender, AAD heath etc,,) But some of URL is ...

Ramakrishnan_0-1656531514731.png
Ramakrishnan_1-1656531743034.png
Ramakrishnan_2-1656531871704.png

PA220 Slow management on 10.x

Hi. So on the 10.1.6 known issues list, it still lists 220's as taking more than an hour to upgrade and has slow management interfaces. However, I don't see that it's mentioned on the known issues nor the addressed issues for 10.2.x. Is it still an issue? Hesitant to upgrade to 10.2 in fear of completely breaking my 220's. TIA

rudiGQ by L0 Member
  • 1978 Views
  • 0 replies
  • 0 Likes

Globalprotect clientless portal link persistence using SAML through cloud identity engine.

Hello, Just wondering if someone can shed some light on link persistence when redirecting through Palo Alto cloud identity engine. In our previous config which was Local user authentication based, an automatically generated link which would open a response page on a server within our AWS VPC could be clicked and it would take us to the local GP ...

Palo alto Implementation issue

Dears, I'm Trying To implement Palo alto based on VMWARE ESXI Machine and i need to Take in place the Redundancy in Network Design.The Image has been ttached which I am Trying to reach it with optimum solution Network Toplogy What I can do In Palo ALto and ESXI to make the design is successful to be executed ?Thanks and Regards 

8ec5b1af-b984-42b0-9982-d8410a185f7c.jpg
m.zedan by L0 Member
  • 1648 Views
  • 0 replies
  • 0 Likes

Palo alto Implementation issue

Dears, I'm Trying To implement Palo alto based on VMWARE ESXI Machine and i need to Take in place the Redundancy in Network Design.The Image has been ttached which I am Trying to reach it with optimum solution Network Toplogy What I can do In Palo ALto and ESXI to make the design is successful to be executed ?Thanks and Regards 

8ec5b1af-b984-42b0-9982-d8410a185f7c.jpg
m.zedan by L0 Member
  • 1667 Views
  • 0 replies
  • 0 Likes

Resolved! Permit statement isn't capturing all the traffic

We have a school tied to our organization that's using a PA-850 and is running 10.1.6, and we're trying to get Battle.net working. After considerable troubleshooting, I put in a rule at the very top to permit the "zESports" zone to get to any IP on any zone. See the eSport_to_all_rule image. For some reason, some packets completely bypass this r...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks