Next-Generation Firewall Discussions

client gp_broker phase 1 failure commit failed

Hello,

If someone experiences an auto-commit failure after an upgrade with the error message "client gp_broker phase 1 failure commit failed," here i provide a workaround solution :

show jobs all
Enqueued Dequeued ID PositionInQ Type Status Result Compl

Finding FQDNs for blocked IP's or SSL-Inspection

Once a week, someone reports having issues accessing a site.  Today that issue involves a credit card processing page that is aging-out because there is no SSL inspection exception.  FW Logs of course show an IP address (no URL/FQDN), and the rule to

Dual ISP setup on 1 virtual router kb issue

Hello.

so I need to setup a dual ISP setup and found below kb.
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAO

I know there is also one using different virtual routers but for this specific setup it seems this one is

PA-445 on PAN-OS 11.1.2-h3

First time posting so please bare with me.

Currently running into an issue that looks like a potential bug or an issues specifically with the PA-445 model (Support Case has been submitted and is in the works; but we'll see what happens) Two differe

EDL is accessible but IP addresses are not populting in firewall

Hi All, I am currently facing an issue where the EDL is not populating with IP addresses, however, from the same EDL server URL list is populating fine. The EDL is already applied to a policy, and for testing i have added only one IP address in it. A

Root Partition Full

Hi All,

I am trying to clear root partition on our passive FW.

It was suggested in one of the articles(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS)that we can try to delete Core Files.

But Im kind of hesita

delayed traffic logging

Hi All,

Some weird stuff going on on our unit: what are the chances that the firewall logged traffic that it received hours ago?

In our case, the firewall logged RDP connections that occurred in the early morning. However, the target servers didn

Paloalto standalone user-id agent and PANOS compatibility

Can standalone user-id agent version 9.1.5 work seamlessly with PANOS 11.1.5?

In this compatibiltiy matrix User-ID Agent it shows only the compatibility between the user-id agent, the installed servers and the monitored server.

Thank you for your he

IPSec Down - Question

Hello,

I need help, my ipsec is always dropping at the same time
Estimated time is 7 minutes below.
This happens every day, from 9:08 am to 9:15 am.
This happens when we all get to work.

Thanks

Direct DNS Resolution on Palo Alto Without DNS Proxy Enabled

Hello,

It is possible to perform a DNS resolution directly from the Palo Alto firewall without relying on the current network configuration (such as the default configured DNS). The idea is to bypass internal DNS and use a public DNS directly, such

block ransomware

Hello i am new to palo alto . what's the recommended way to block ransomware in a firewall policy? Antivirus profile? High Risk category?  Please provide a screenshot if possible showing me how to do it.

Outlook is not working with Outside internet mails are getting slow

Hello Team,

I hope everyone doing well!

One of my customer is facing issue with  Outlook is not working with Outside internet mails are getting slow. Below steps we have followed:

Outlook keeps getting stuck when connected via a personal hotspot

Palo alto HA enquiry

Hi guys,

Currently firewall is configured in HA active/passive mode.

We are trying to find out if we are able to change the HA mode to active/active.

What are the impacts and requirements if decides to change the HA mode.