This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4507 Views
  • 0 replies
  • 1 Likes

DNS-Proxy vs management dns queries

Hi,We have a fw on 11.1.12 and we are seeing behaviour we don't expect.The management is set to use an internal dns server.We have proxy-dns objects that use EXTERNAL dns servers for our public wifi network.We see that when a client on this network wants to resolve an ip the gateway sends the request to the external dns. So far so good.However w...

gov.in Website not accessible

Hi Guys, I have a case in which customer not able to access Karnataka gov websites. We have created any-any test rule as well. Despite that still website not accessible. Also, not able to see any packets drop counter and pcaps on firewall. In traffic logs, I can see application incomplete and session end reason as aged-out.

Mist AP and user-id

Hello all, I'm trying to get our new Juniper Mist ap's to work with user-id on a PA440, from reading around I see that only AD joined devices will work with user-id, and that's how its been for us for a while now, but we got the Juniper AP's and looks like there's a challenge on getting user-id to work, I'm using our on premise AD radius server,...

cdcirexx by L3 Networker
  • 1200 Views
  • 2 replies
  • 0 Likes

Resolved! DNS-Sinkhole Injection

The DNS sinkhole option works perfectly well with a Microsoft DNS environment. Unfortunately, it fails if you try to perform DNS-sinkhole injection in front of a BIND DNS server running on Red Hat Linux. Requests to malicious domains simply time out: Test-Domain from PaloAlto (works fine):nslookup -query=cname test-c2.testpanw.comtest-c2.testp...

HeinzP by L1 Bithead
  • 1548 Views
  • 3 replies
  • 0 Likes

Header Fields for Syslog for Rapid7

I'm troubleshooting an issue with Rapid7 ingestion of our logs from our Palo Alto firewalls into what they call an "IDS log." We need to write a custom parser to properly parse the source data, but that means we need the headers for all of the fields so that we can translate them into Rapid7's lingo. It seems like this "IDS log" is a combinati...

Anti virus profile not able to scan a file?

While Studying PCNSE and the topic is Using PA FW AV & WildFire I notice that the anti virus profile was not able to block the eicar.com file that keith barker downloaded on the FW. He created a decryption policy in order to block that file. On our FW on office we don't use decryption services because it is a CPU memory intensive. Altho...

weezy_0-1759715485043.png
weezy by L3 Networker
  • 970 Views
  • 2 replies
  • 0 Likes

2 LANs are not reachable to eachother

In Palo Alto Firewall, we are facing an issue. we have configured 2 LANs and 2 WANs. working fine even load balancing also works.But LANs cannot ping/reachable with eachother. even both lans having internet access.How can we configured that LAN can reachable with eachother and rest of configuration remain same.Thanks

Outbound SSL Decryption Quirk

Hello, I have established an outbound SSL decrypt policy that I have enabled for only myself as I test functionality. Over the past few months, I've noticed a quirk that I'm unsure of the reasoning behind. With the policy enabled, sometimes connections to certain destinations will require a reload of the webpage to establish connection. For ...

RH747 by L2 Linker
  • 2357 Views
  • 2 replies
  • 0 Likes

Regarding the support for Cisco ISE integration with PAN-OS 12.x.

Hello, ExpertI have a question regarding the support for Cisco ISE integration with PAN-OS 12.x. In the PAN-OS 11.0 (EoL) documentation, it appears that integration with Cisco ISE (TrustSec) is supported through the Panorama Plugin:https://docs.paloaltonetworks.com/pan-os/11-0/pan-os-new-features/panorama-features/static-security-group-tag-sgt-s...

boyuzhan by L0 Member
  • 729 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks