Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Minor patch release date for 11.1.8

I have run into a situation when we upgraded our environment to 11.1.4-h7, where from the Panorama, I can not modify existing rule sets with my radius authenticated account. This environment is government, so STIGS are used (this should allay any odd

...

Phishing email? - Important: Palo Alto Networks Informational Security Bulletin

I just received what looks like an official PA email which suggests I visit (which appears to be legit)
https://security.paloaltonetworks.com/PAN-SA-2024-0015

For important security information about how to configure my management interface.

Yet when

...

PA-450 am using getting issue on Port forwarding

public to private port forwarding 9000-10999

it is not accepting on destination translation

is there a way to monitor PA 440 HA cluster as one machine in PRTG, if yes how to configure it

TIA

Resolved! Public Website IPs that is not a part of the address object group specified in destination is being blocked by Deny security policy

Hi Team,

I’m experiencing an unusual issue with my Palo Alto firewall. This problem started about a week ago. Prior to that, the website in question was functioning properly and being handled by the appropriate security policy.

Currently, a public

...

Resolved! SNMP OID

Hi Team,

OID Name: ifCounterDiscontinuityTime
OID: 1.3.6.1.2.1.31.1.1.1.19

Does this OID support the firewall models below?

PA-440

PA-3250

PA-5220

PA-3220

PA-3260

Software Version 11.1.5-h1 commit issue

Hi,

I noticed after upgrading to 11.1.5-h1 from 11.0.3-h5 that the commit has an issue with the initial config push. I will have to commit 2-3 times before working. Do you have any ideas on how to get this working properly?

Compatibility of New GlobalProtect Client with Older Firewall/Prisma Access Versions

Will my newer GlobalProtect client software still work if my firewall or Prisma Access is using an older version of GlobalProtect?

QoS Maximum Egress 5000

We used to have a PA-3260 but moved to the PA-1420. I noticed that in the QoS profile for our interfaces, I can only set a maximum egress of 5000. We used to set this to 10,000 as we have a 10gbps handoff and a 10gbps connection to our internal equip

...

Resolved! QoS Policy Class Selection

Hello, I have a question regarding QoS policies,

When you create a QoS policy, you don't have the option to select a QoS profile, you can only select a class.

My understanding is that the class pulled will be the one from the profile applied to the eg

...

Difference between Rulebase Security Rules and security policy in CLI

Hello!

I am struggling with some CLI config as we don't have access to the gui at the moment. I am trying to create an allow rule for ping, and searching around has directed me to use the syntax "set rulebase security rule".

I did that and the

...

Resolved! Slow Download and Uploads From Various Cloud Providers

Hello All,
3220 running 10.2.10h7
We have recently migrated a couple of our services to cloud providers away from prem and have since had issues with slowness with uploads and downloads to the servers.

- 2-1Gb connections but for now we have PBF Rule s

...

Resolved! Custom URL Category Not working Properly

Hi All,

I have created a custom URL category with wildcard *.docker.io, But when I run test command as below It is not matching any custom category.

test custom-url url test.docker.io

the PAN-OS Version is 10.2.x Is there any known issue or behavi

...

Terminal Service Agent with Azure Virtual Desktop

Our organization is moving away from Citrix VDI and exploring Azure Virtual Desktop (AVD). One of Security's requirements is that we get userID from the endpoints. We have successfully installed the TS Agent on the AVD and can get UserID; no issues

...

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Recently upgrade to version 10.1.14-h6 and now firewall is giving the below warning message.The firewall HA pair is operating with no issues and all commits are successful. I don't do any advanced routing in the firewall - only one vr. Is there a way

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Minor patch release date for 11.1.8

Phishing email? - Important: Palo Alto Networks Informational Security Bulletin

PA-450 am using getting issue on Port forwarding

is there a way to monitor PA 440 HA cluster as one machine in PRTG, if yes how to configure it

Resolved! Public Website IPs that is not a part of the address object group specified in destination is being blocked by Deny security policy

Resolved! SNMP OID

Software Version 11.1.5-h1 commit issue

Compatibility of New GlobalProtect Client with Older Firewall/Prisma Access Versions

QoS Maximum Egress 5000

Resolved! QoS Policy Class Selection

Difference between Rulebase Security Rules and security policy in CLI

Resolved! Slow Download and Uploads From Various Cloud Providers

Resolved! Custom URL Category Not working Properly

Terminal Service Agent with Azure Virtual Desktop

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Package manager upgrade failures to certain sites

openSSH version 9.8 or later in PAN-OS

Panos 11.1.4-h1

Data Filtering with Google Drive

New admin accounts could not login in web gui

Re: openSSH version 9.8 or later in PAN-OS

Re: openSSH version 9.8 or later in PAN-OS

Re: Queries on Packet Captures.

Re: Interface Errors after upgrade - VM Series

Re: Palo Alto Login issue though GUI " ERR_SSL_KEY_USAGE_INCOMPATIBLE " (Solved)

Unlock your full community experience!

Rules and Best Practices

Resolved! Public Website IPs that is not a part of the address object group specified in destination is being blocked by Deny security policy

Resolved! SNMP OID

Resolved! QoS Policy Class Selection

Resolved! Slow Download and Uploads From Various Cloud Providers

Resolved! Custom URL Category Not working Properly

Resolved! Warning: Advance Routing mode is disabled , feature not supported