This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4551 Views
  • 0 replies
  • 1 Likes

Step by Step Radius Configuration for PA-1410

Dear Everybody, I have a problem in configuring Radius on PaloAlto Firewall 1410 series , I find different manual for different methods as below :Configuring Administrator Authentication with Windows 2008 RADI... - Knowledge Base - Palo Alto NetworksHow To Configure RADIUS Server Profile and Add it to an Authent... - Knowledge Base - Palo Alto N...

Mokhairy by L0 Member
  • 1171 Views
  • 1 replies
  • 0 Likes

Palo Alto Kerberos for sso

Anyone hit the same issue before? 2025-08-16 20:35:38.768 +0800 debug: pan_auth_cache_get_authprof_info(pan_auth_cache_authprof_n_authseqprof.c:218): prof "KRB-SSO", vsys "vsys1" (method: Kerberos pre-auth) has sso hash table id: 1 (0 means no or invalid keytab)

Policy destination field when using URL filtering

I need to write a rule that looks like this Source zone: Internal Destination zone: External Source address: 10.38.105.201 Destination address: This is where it is tricky, I need the destination addresses to be *.myqlink.biz *.med.myqlink.net *.internapcdn.net but am aware you cannot use wildcards for FQDN objects, and needs to be done v...

Kc_Dodds by L0 Member
  • 1180 Views
  • 1 replies
  • 0 Likes

Finding IP of threat blocked via DNS Proxy

As our PA is configured at the moment, I see some notifications in the threat logs where a request from the Palo DNS proxy has been blocked from looking up something determined to be spyware. I can't find a matching log anywhere to indicate the IP which made the DNS request to the Palo's DNS proxy. I'd appreciate some direction. I'm aware some...

SASY-IT by L0 Member
  • 1257 Views
  • 1 replies
  • 0 Likes

Data plane cpu 100% (pa-3410)

Hello! We have a PA-3410 in our corporate network, and yesterday we encountered a problem: the data plane CPU reached 100%, and disabling the Decryption rules helped. Are there any solutions to this issue? Device is up : 53 days 12 hours 43 mins 57 sec Packet rate : 232,316/s Throughput : 1,559,508 Kbps ...

A.Bekim by L1 Bithead
  • 1243 Views
  • 4 replies
  • 0 Likes

Renew of Self Signed SSL Forward Trust Certificate without Root CA

Hello,I have a self-signed (self-generated) certificate without a Root CA on a firewall, which is used for SSL Forward Proxy to decrypt traffic. The certificate is valid for 10 day and has been imported on client machines as a trusted root CA.The question is that : If I renew this certificate on the firewall, will I need to re-import it on ...

fkuecuek_1-1755079916908.png

HA error when configuring

High-availability ha1 encryption requires an import of the high-availability-key(Module: ha_agent) client ha_agent phase 1 failure Any ideas why this is happening? I have configured 3 other HA pairs with no issue. PA1 PA2

MAllen_1-1755178114085.png
MAllen_0-1755178085803.png
MAllen_2-1755178169452.png
MAllen_3-1755178206678.png
M.Allen by L1 Bithead
  • 1212 Views
  • 1 replies
  • 0 Likes

Security Profile Evaluation

Hey Community! In Palo Alto NGFW, when multiple Security Profiles (like Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, File Blocking, DLP, etc.) are applied to a Security Policy How does the inspection happen? Is it sequential (one profile after another)?Or is it parallel (all inspections happen simultaneously)?Also, if a pack...

Edsnow by L3 Networker
  • 662 Views
  • 1 replies
  • 0 Likes

PALO ALTO FIREWALL , lan interface internet issue

I currently have a palo alto VM on my VMware esxi environment and i have setup the LAN and WAN interfaces and also created a dhcp scope on my lan interface and connected it to my windows server 2019 also on the esxi environment but i can se traffic to the internet and google dns 8.8.8.8 on palo alto traffic logs but on the windows server 2019 it...

HA Links Over DWDM

Currently have a couple pairs of Palos (internal and external), with an HA pair over at a remote location. These 2 sites at connected via redundant DWDM devices (SmartOptics to be precise). Currently the HA links are just connected to a core switch, then passes to the other site over a stretched VLAN. Just seeing if it'd be wise to just move the...

Errors with Data Redistribution (User-ID Agent) on Labs Environment

Hi all, I am searching Palo Alto User-ID configuration and build Labs on EVE-NG use Palo Alto KVM. Now I can set up LDAP and Group Mapping , it's working. But I can not set up Data Redistribution, Connection between Firewall and User-ID Agent is No. (Connected No, log as bellow). I created Certificate and add it to Agent already. I am using P...

Clientless VPN and Remote Desktop

I have a question about clientless VPN and Remote Desktop. We have a Global Protect portal, but we only use it with the client. I have a new project to provide remote access via RDP to an internal windows computer for a select user. I've never done clientless VPN on a palo before, but as I understand it is possible. Expectation is that the use...

  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks