Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4631 Views
  • 0 replies
  • 1 Likes

Resolved! PALOALTO NGFW HIP

Hi,I need help with configuring Host Information Profiles (HIP) using device attributes such as MAC address, serial number, or host ID. When creating a HIP object with these attributes, where should I add the list of devices so they are recognized by the firewall?Thanks,

OrkhanM by L1 Bithead
  • 1588 Views
  • 4 replies
  • 0 Likes

Dynamic IP at Spoke site in PAN-OS SD-WAN Hub/Spoke topology

HiI am new to PAN-OS SD-WAN and need to clarify Internet service requirement at new spoke site. My client has PAN-OS SD-WAN hub-and-spoke topology, the hub PA firewall has a static public IP for its internet service.All spoke PA firewalls also use static public IPs, but we now will have a new spoke with a dynamic public IP. I am hoping to confir...

Bootstrap 4.3 reaching EOS

Hello community, we have been informed that Bootstrap 4 is reaching EOS and this could cause a vulnerability, and I would like to know if there is any information about which firmware version uses this ? Is it a real potential threat? Thanks in advance!

Concerns of Firewall 5250 dropping packets and enabled DSRI (Disable Server Respponse Inspection) relieve issues for a few hours but came back

Good evening, Working with one of the top Microsoft engineers today who performed numerous wireshark traces regarding huge concerns that Palo Alto Firewall 5250 firewall was dropping packets. Identified exact time and sequence as well as size of packets and sequence being lost in transit. Noticed over tens of thousands of these re-transmits ...

wechang by L0 Member
  • 1193 Views
  • 2 replies
  • 0 Likes

Resolved! In PAN version 9, public IP addresses and the VPN were accessible from the Intranet.

Hello everyone, I have a question: In PAN version 9.0, public IP addresses and the VPN were accessible from the Intranet. However, now that it has been updated to versions 10 and 11, access is no longer possible. Why did this happen, or is there anything else I can do with the firewall with these new versions?

Resolved! HA1-Backup Failing when setting to Management

I have a pair of 1410's configured for HA. Because the firewalls are not in the same room, I need to use the management interface for the HA1 backup. When I do the commit in Panorama, it commits without error. However, when I go to push it out, I get: Details: . Validation Error: . deviceconfig -> high-availability -> interface -&...

jwill2 by L2 Linker
  • 1899 Views
  • 5 replies
  • 0 Likes

Limit IP address range bandwidth during recurring time period

Need to limit residence hall users bandwidth to Internet monday-friday 8:00 a.m. to 5:00 p.m. The following is how it was done previously on Cisco ASA. Need to translate to PA5430. object-group network MV_NETWORKnetwork-object 192.168.0.0 255.255.0.0 access-list MV_TRAFFIC extended permit ip object-group MV_NETWORK any time-range RegularHours ...

What is Certificate Pinning and how to deal with SSL Decryption

Certificate pinning was developped to help prevent man in the middle attack. But what is the Certificate Pinning? Traditionally, SSL Handshake consists on the validation of the server’s certificate, let’s say collab.com. The validation is done using the CA’s certificate located in the certificate store of the web browser. The certificate sto...

Capture d'écran 2024-05-02 171322.png
SSL Decryption exclude.png
rmeddane by L2 Linker
  • 25496 Views
  • 3 replies
  • 2 Likes

VPN Performance over Prisma Access : slow downloads

Hi, Can somebody tell met what you can expect from downloading a file over prisma access backbone. Our datacenter is connected to service connection and when I try to download a 200 Mbps file from the datacenter to a remote network located in the same region, I am getting a download speed of 500Kbps per second.(smb transfer) Within the remote ...

zGomez by L3 Networker
  • 8694 Views
  • 8 replies
  • 0 Likes

LACP LINK DOWN FW PALO ALTO

Hi, I have a customer who's firewall unexpectantly failed over recently, looking at the logs before failover LACP links appeared to fail negotiation right before which triggers failover. Unfortunately HA logs don't stretch back enough! Looking at the l2ctrid.logs (LACP log files on TSF) See the bellow error constantly thrown leading up to ...

Traffic hits policy with URL Category even though the traffic is not for that URL

We have several policies that permit traffic to 80/443 with no specific destination address, but with a URL category set for a specific URL. For example, we have a post-rule for VPN users to access our internal Splunk server via the URL. The issue I'm seeing is that I am trying to connect to another device using https://ipaddress and the traf...

jwill2 by L2 Linker
  • 1394 Views
  • 3 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Liked Authors