This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4550 Views
  • 0 replies
  • 1 Likes

Issues with SSH and Telnet access only on the passive firewall. GUI access is working fine.

I’m having an issue accessing the passive firewall in my cluster via SSH or Telnet. I can access it normally through the GUI and authenticate using LDAP or my local admin user. The active firewall authenticates both GUI and CLI without any problems. What I’ve tried: Restarted the firewall. Reset the SSH service via API and also rebooted the dev...

jtjesus by L0 Member
  • 484 Views
  • 0 replies
  • 0 Likes

Abnormal display of traffic log BYTES filed

The customer found that some traffic logs have extremely large bytes, reaching 281.5T, Looking at the log details, it was found that: Question 1: Details: Type end Bytes 281474976579754 ---- I think this is an incorrect display? Bytes Received 2147483647 Bytes Sent 170 Repeat CountPackets1 Packets Sent 2 Bytes= Bytes sent + Bytes Receiv...

Felixcao_2-1692495616125.png
Felixcao_0-1692495416644.png
Felixcao_1-1692495460261.png
Felixcao by L3 Networker
  • 6293 Views
  • 8 replies
  • 0 Likes

validation error "poe unexpected here"

I'm trying to push policy from Panorama (11.1.6) to a PA-440 (10.2.13). In Panorama, when looking at the config of an interface such as Ethernet1/1, it has a tick box for "PoE". However, on the same dialog on the PA-440 there is no PoE depicted. Now, when i try to push policy (whether PoE is ticked or not) it comes back with: Validation Error:n...

Global Protect Mac-OS Received fatal alert IllegalParameter from client

Hello team,I have an issue with the Global Protect 6.2.7 app running on an Apple Mac OS X Sequoia15.3.1 in the SSL negotiation process,The error on the Global Protect say "The network connection is unreachable or the portal is unresponsive. Check the network connection and reconnect."On the NGFW logs see somes decrypt errors on the traffic and d...

DanielSRomero_0-1740714068271.png
DanielSRomero_1-1740714215213.png
DanielSRomero_2-1740714813788.png
DanielSRomero_3-1740714853802.png

Unable to patch Windows Server to utilize UIA

Hello Team, We are currently experiencing this knowledge issue in our environment. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001Vcg I understand that this can be resolved by applying a patch.However, we are unable to install or uninstall patches in our environment. Is there any other way to work around this ...

About the output of the "show ctd-agent status security-client" command

Hi everyone, I'm using a PA-5250. When I ran the "show ctd-agent status security-client" command, I noticed that the output had changed:"Security Client UrlCat(2)" had disappeared, and "Security Client WifUpload(0)" was displayed instead. [Before]Security Client UrlCat(2) <<<<<<<<<<<<<Current cloud server: ...

Otsuka by L1 Bithead
  • 743 Views
  • 0 replies
  • 0 Likes

Cortex XDR EDL

Hi, We want to integrate Cortex XDR EDL with PANGFW EDL. We did everything with this guide -- https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Manage-External-Dynamic-ListsAfter finishing setup we initiated test url access and it gave us url access error. In this case PANGFW cannot retrieve EDL added ip an...

OrkhanM by L1 Bithead
  • 1278 Views
  • 3 replies
  • 0 Likes

PA has only one admin account with "device administrator" Role

Hi everyone, My client deleted the default admin "superuser" account and replaced it with another admin "device administrator" account. Now only one admin account with only the "device administrator" privilege exists in the firewall. The problem with this account is that we cannot export the backup configurations and we cannot make other ad...

zedexxx by L1 Bithead
  • 663 Views
  • 1 replies
  • 0 Likes

Anyone with exp in Firewall PAN-OS SD-WAN without panorama for VPN S2S Dual ISP ?

Anyone with exp in PAN-OS SD-WAN without panorama for VPN S2S Dual ISP ? Hi Live PAN-community, how's it going ? Does anyone have operational functional experience of pan-os sdwan ( firewall sdwan without panorama and without cloudgenix appliances ) deployments operating and running sites with two ISPs for IPSEC S2S VPN connections. Today ...

Metgatz by L4 Transporter
  • 2639 Views
  • 3 replies
  • 0 Likes

DNS-Proxy vs management dns queries

Hi,We have a fw on 11.1.12 and we are seeing behaviour we don't expect.The management is set to use an internal dns server.We have proxy-dns objects that use EXTERNAL dns servers for our public wifi network.We see that when a client on this network wants to resolve an ip the gateway sends the request to the external dns. So far so good.However w...

gov.in Website not accessible

Hi Guys, I have a case in which customer not able to access Karnataka gov websites. We have created any-any test rule as well. Despite that still website not accessible. Also, not able to see any packets drop counter and pcaps on firewall. In traffic logs, I can see application incomplete and session end reason as aged-out.

Mist AP and user-id

Hello all, I'm trying to get our new Juniper Mist ap's to work with user-id on a PA440, from reading around I see that only AD joined devices will work with user-id, and that's how its been for us for a while now, but we got the Juniper AP's and looks like there's a challenge on getting user-id to work, I'm using our on premise AD radius server,...

cdcirexx by L3 Networker
  • 1302 Views
  • 2 replies
  • 0 Likes

Resolved! DNS-Sinkhole Injection

The DNS sinkhole option works perfectly well with a Microsoft DNS environment. Unfortunately, it fails if you try to perform DNS-sinkhole injection in front of a BIND DNS server running on Red Hat Linux. Requests to malicious domains simply time out: Test-Domain from PaloAlto (works fine):nslookup -query=cname test-c2.testpanw.comtest-c2.testp...

HeinzP by L1 Bithead
  • 1615 Views
  • 3 replies
  • 0 Likes
  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks