This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4552 Views
  • 0 replies
  • 1 Likes

Resolved! Newbie Initial Setup Question

Good morning,New to PA but have configured Fortinet, Meraki, Unifi firewalls so not a complete novice. I have a PA410 trying to setup on my home lab for testing prior to deployment. Connection path to Internet as follows: PA410 ----- L2 GBe Switch ----- Unifi Dream Machine (DHCP) ----- Fibre Internet After powering on, I set it to boot in stan...

paul by L0 Member
  • 1762 Views
  • 2 replies
  • 0 Likes

KAKAO TALK APP issue

Hi All, Does anyone here encountered an issue on kakao talk app? A south Korean messaging app. We have south korean users on our malaysia site that uses this app. When the user tries to login using their own hotspot they can connect without any issues, but when user is connected on our wifi, the user tries to login and was getting an error 5...

weezy_0-1755758050671.png
weezy_1-1755758329477.png
weezy by L3 Networker
  • 3518 Views
  • 3 replies
  • 0 Likes

Upgrade Palo Alto

Hello, I have Palo Alto with current version 10.2.7-h3 that is HA and would like to upgrade to version 11.1.4.h18.I am looking for an official Palo Alto link that describes the required upgrade paths (for example: from 10.2 to 11.0, then from 11.1 to 11.1.4, etc.).I would like to share this link with my manager. I found one link, but it does not...

CPU & memory utilization (PA-820 migrate to PA-455/PA-460)

Hi team, There is one customer currently using PA-820 firewall and planning for replacement. We proposed them to go with PA-1410 but seems way exceeded client’s budget. They planned to go with either PA-455 or PA-460, since no fiber port required and the performance complies the requirement. However, they need confirmation as below: Does ...

nuranisnadiah_0-1758612104426.png
nuranisnadiah_1-1758612104427.png
nuranisnadiah_2-1758612700730.png

Authentication Error occurring creating new Super User

Hi Team, we are unable to add a local admin (Super Admin) on the firewall. We are encountering the following error: "Auth Fail - Reason: Authentication profile not found for the user." Please note that the authentication profile is set to "None", as this is a local admin account. Model :- PA 440 Software version :- 11.1.10-h1 Kindly assist i...

FTP Evasion Detection (id:30401)

Could anyone help to explain what this threat is? FTP evasion detection (id:30401)I found this threat in the log, also checked the logs in FTP server, but don't get it. here is the log from the source IP of this threat in FTP server (Microsoft IIS FTP). 2025-09-16 04:43:54 8.34.210.54 - 10.10.10.31 21 ControlChannelOpened - - 0 0 8bb7b510-d8db-4...

YanQian by L1 Bithead
  • 455 Views
  • 0 replies
  • 0 Likes

SSH Proxy Decryption issue

On the PA-440 firewall, I created a decryption policy for SSH Proxy (LAN to WAN zone). When I initiate an SSH session to the same firewall’s management IP (192.168.29.25), decryption does not occur, as seen in the traffic logs. However, when connecting to another firewall’s management IP (192.168.29.206), decryption is successful. Both traffic i...

SCM management routing mode change failed

Hi, I’m trying to manage PA-460 from SCM, but I still get error, even after a factory reset. The firewall still disconnects and cannot complete bootsrap process, but SCM receive telemetry data. I also try to change [routing mode] to advanced routing, same result. PAN OS version is 11.1.6-h3 (preferred) Strata cloud management essential No str...

JTurcotte_0-1745857522021.png
JTurcotte_1-1745857534120.png

How to configure pool.ntp.org or us.pool.ntp.org as ntp server

I configured them both using fqdn on the security policy with source as firewall management interface but ntp status shows rejected. How do I fix this. Please helpAll services to the internet use management interfaceDNS configured 1.1.1.1 and 8.8.8.8Firewall can ping 1.1.1.1 and 8.8.8.8Allowed application ntp and ntp baseI checked the monitor t...

NGFW Saas Azure Logging

I have deployed the NGFW in Azure in a vnet. We had to redeploy due to a spelling error now we cannot set up the logging . We enable logs and save to a log analytics workspace. Acts like it is going to save but does not . Error provided . Error reading Log settings for firewall name xxxxxxxxx. Exception : Exception of type 'Microsoft.Liftr.PAN.S...

Unable to Ping Palo Alto Interface – Connectivity Appears One-Sided

We are working with a client who has a network setup where a Palo Alto firewall is connected to a Check Point firewall. The client reports that they are unable to ping the IP address of the Palo Alto firewall's interface ethernet1/8.Troubleshooting Steps Performed:Initial Test Between Firewalls:The Palo Alto firewall is connected to the Check Po...

Terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic!

When multiple users access a terminal server from a single IP address, the firewall cannot distinguish which user generated which traffic. The firewall maps the IP address to only one user. After research, I resolved this issue with TSA, but I wanted to know if it's possible to determine which user actually owned the traffic from the past, bef...

  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks