Next-Generation Firewall Discussions

40G ports flap in PA 3430

Hi, 

We are facing uplink issues between PA 3430 40G to Cisco Cat 9407R VSS.

Tried the below,

distinguish and segregated ssh and sftp traffic

I have a requirement wherein ihave to allow the ssh access to few admins and sftp access to users all sitting in the subnet. How i can apply and allow since both works on port 22.

Thanks

Ansible Galaxy - panos - not ready for advanced routing

When will the Ansible Galaxy be ready for advanced routing? For instance on the module: panos_interface there is no option to choose the Logical router, only virtual router.

Citrix (Terminal services) UserID Deployment

Hello everyone,
I would like to deploy UserID Terminalservices Agent in a Citrix environment.
There are approx 30 servers deployed from the same Master Image.
I have TA successfully running on dedicated (non-Citrix) Terminalservers with Certificates gen

Prevent bypassing captive portal?

We are in an environment where we have captive portal (with MS SSO) but users are able to get around the authentication redirects via VPN.

We'd like to ensure that the only traffic that is allowed by unauthenticated users on this network is traffic

Palo Alto DHCP Relay Stops Working After Reboot

After rebooting the firewall due to a power activity, we noticed that the DHCP relay stopped working. We could see the DHCP Discover and Offer messages in Wireshark, but the firewall’s DHCP relay did not seem to function properly.

The firewall was ru

Monitoring Palo Alto VPN IPSEC tunnels on PRTG

Hi,

Our company recently acquired new Palo Alto PA440 and have set up VPN IPSEC tunnels (both Ikev1 and ikev2).

We currently need to montitor thise tunnels efficiently using PRTG to be alerted in case one of the tunnels go down.

Can anyone who did th

CNGFW Integration with Panorama, its Stability, & Performance

To integrate the Cloud NGFW service with Panorama virtual appliance, panorama running software version 10.2, 11.0, or 11.1 and not greater than 11.1 as per the below KB Article.

Panorama Integration Prerequisites

However, I recently deployed VM Ser

set system setting target-vsys is not an option 10.2.10-h9

I am trying to test the authentication profile for ldap.  However I am unable to successfully because it is checking vsys0 and the ldap is set for vsys1.  but when using set system setting the target-vsys is not an option for the command.  I just get

Change of the interface's name order in the commit

Hello,

when I verify the configuration changes on the firewall before committing them I see a line that begins with "interface [" and lists all the interface and subinterfaces that exist, but in the running config they have an order and in the candid

Packet Capture Issue

Hi Team, 

I am seeing an active session for a specific traffic , but when I try to capture the packets there is no packets has been captured. 

Also "debug dataplane packet-diag show filter-marked-session" command also not showing any session details.

Testing interfaces on Passive Node

Dear Community,

I have a strange problem related to my PAN1410. My FW are build to HA Active-Passive. Everythink works until failover occcure.. after that I lost connections to GlobalProtect.

It seems that I have problem with WAN interface, because w

Rule Order Best Practice

We recently migrated to the Palo Alto Firewalls. I am looking for best practice/recommendations on how to properly order firewall rules. We have all our block rules first (geoblocking, malicious sites, specific apps, etc) up top. But what about the r