This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

How to configure pool.ntp.org or us.pool.ntp.org as ntp server

I configured them both using fqdn on the security policy with source as firewall management interface but ntp status shows rejected. How do I fix this. Please helpAll services to the internet use management interfaceDNS configured 1.1.1.1 and 8.8.8.8Firewall can ping 1.1.1.1 and 8.8.8.8Allowed application ntp and ntp baseI checked the monitor t...

NGFW Saas Azure Logging

I have deployed the NGFW in Azure in a vnet. We had to redeploy due to a spelling error now we cannot set up the logging . We enable logs and save to a log analytics workspace. Acts like it is going to save but does not . Error provided . Error reading Log settings for firewall name xxxxxxxxx. Exception : Exception of type 'Microsoft.Liftr.PAN.S...

Unable to Ping Palo Alto Interface – Connectivity Appears One-Sided

We are working with a client who has a network setup where a Palo Alto firewall is connected to a Check Point firewall. The client reports that they are unable to ping the IP address of the Palo Alto firewall's interface ethernet1/8.Troubleshooting Steps Performed:Initial Test Between Firewalls:The Palo Alto firewall is connected to the Check Po...

Terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic!

When multiple users access a terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic. The firewall maps the IP address to only one user. After research, I resolved this issue with TSA, but I wanted to know if it's possible to determine which user actually owned the traffic from the past, bef...

Custom Report Query 질문

When I search for "name-of-treatid contains 'Command and Control'" in the Threat Log, I get logs that contain that string in the Threat ID/NAME field. To save this log in PDF format, I selected only the desired fields from the Custom Report menu and used the same query to filter it. However, instead of finding logs that contain "Command and Cont...

Threat로그에서는 먹힘.png
커스텀리포트 필터.png
커스텀리포트 필터 안먹힘.png

Audit Logs Not Showing Committed Versions

Hi Community, We're currently experiencing an issue on our Palo Alto Networks 34xx Series firewall with Multi-VSYS enabled. Issue:The Audit Logs are only showing the backed-up versions rather than the committed versions. We are unable to track which configuration version was committed via the audit logs, which is critical for our change tracking...

Intermittent IPSec Tunnel Monitoring Issue

We experienced an issue this morning , where the IPSec Tunnel Monitoring status went down for a few minutes before coming back up again. However, after checking the peer firewall, there were no signs of the tunnel going down, no related logs or status changes were made on their side. This issue only affected a few IPSec sites, so it does not app...

How to backup and restore from PA3220 to PA1420 for a Global Protect Portal & Gateway

Hi, I have been doing researching for how to migrate from old palo alto firewall model to new. Seem like it will working if using configuration snapshot xml file from old model and restore on the new model and the old & new model is similar. However, I read the kb from https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000...

JLowZheTing_0-1757646337335.png

NPN Incident - Suggest a "software repository" URL Category?

Hi! I've been investigating the NPN supply chain attack here, one strand of which was looking at servers who had fetched from the repository using URL filtering. Our servers _alert_ on "computers-and-internet-info" (which registry.npmjs.org is categorised as) but client devices don't. And it occurred to me that if registry.npmjs.org was cate...

URL Filtering: Categories for Suicide Promotion/Self-Harm Promotion

Hi! Unless I've been dumb enough to miss them, the Palo Alto URL filtering database lacks a category for suicide/self-harm promotion sites. I've now been asked for a second time if we could block such sites. As a higher education institute, we're really rather interested in such blocking such categories - who knows? It may be the tipping point...

Microsoft WNS App ID

I work with a network scenario where we have two firewall towards the internet and the desktop PCs are behind PaloAlto as perimeter and Cisco as internal firewall, so we can compare the same traffic whether it is identified properly or not. It seems that PaloAlto has some problem identifying traffic from Windows Push Notification Service. Not ...

PAN-OS 11 GUI Responsiveness - PA-1410

We have some new PA-1410's which are to replace some older oversized PA-3220's. The downsize is the PA-1400 series require us to use PAN-OS 11. Even with minimal out of the box config (management IP etc) the web UI on both units is very slow and unresponsive. At times the web GUI fails to load at all and needs several refreshes. A restart help...

Resolved! Investigate Bandwidth utilization on Palo Alto Firewall

In Palo Alto, we are facing an issue where when our office is open, our bandwidth graph reaches its maximum, and when the office is closed, the bandwidth graph is down. We need to verify which IP address on the LAN network is creating this cause. LAN network connected to Palo Alto firewall, and DHCP is configured

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks