This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4507 Views
  • 0 replies
  • 1 Likes

HA error when configuring

High-availability ha1 encryption requires an import of the high-availability-key(Module: ha_agent) client ha_agent phase 1 failure Any ideas why this is happening? I have configured 3 other HA pairs with no issue. PA1 PA2

MAllen_1-1755178114085.png
MAllen_0-1755178085803.png
MAllen_2-1755178169452.png
MAllen_3-1755178206678.png
M.Allen by L1 Bithead
  • 1119 Views
  • 1 replies
  • 0 Likes

Security Profile Evaluation

Hey Community! In Palo Alto NGFW, when multiple Security Profiles (like Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, File Blocking, DLP, etc.) are applied to a Security Policy How does the inspection happen? Is it sequential (one profile after another)?Or is it parallel (all inspections happen simultaneously)?Also, if a pack...

Edsnow by L3 Networker
  • 613 Views
  • 1 replies
  • 0 Likes

PALO ALTO FIREWALL , lan interface internet issue

I currently have a palo alto VM on my VMware esxi environment and i have setup the LAN and WAN interfaces and also created a dhcp scope on my lan interface and connected it to my windows server 2019 also on the esxi environment but i can se traffic to the internet and google dns 8.8.8.8 on palo alto traffic logs but on the windows server 2019 it...

HA Links Over DWDM

Currently have a couple pairs of Palos (internal and external), with an HA pair over at a remote location. These 2 sites at connected via redundant DWDM devices (SmartOptics to be precise). Currently the HA links are just connected to a core switch, then passes to the other site over a stretched VLAN. Just seeing if it'd be wise to just move the...

Errors with Data Redistribution (User-ID Agent) on Labs Environment

Hi all, I am searching Palo Alto User-ID configuration and build Labs on EVE-NG use Palo Alto KVM. Now I can set up LDAP and Group Mapping , it's working. But I can not set up Data Redistribution, Connection between Firewall and User-ID Agent is No. (Connected No, log as bellow). I created Certificate and add it to Agent already. I am using P...

Clientless VPN and Remote Desktop

I have a question about clientless VPN and Remote Desktop. We have a Global Protect portal, but we only use it with the client. I have a new project to provide remote access via RDP to an internal windows computer for a select user. I've never done clientless VPN on a palo before, but as I understand it is possible. Expectation is that the use...

Header Insertion doesn't work

Hi, I try to enable HTTP Header Insertion to allow only my company's domain. I see the header insertion in the logs, but I got an error: This account is not allowed to sign in within this network. Please talk to your network administrator for more information." I got this error when I try to use a Gmail domain, for example, but even if I ...

K.Balas by L0 Member
  • 463 Views
  • 0 replies
  • 0 Likes

About upgrade an HA configuration

Hello Team, Standalone PAs can be upgraded by skipping multiple versions starting with 10.1. Is this skip feature supported for HA? I checked the documentation, but I couldn't find anything that clearly stated that it was supported in an HA configuration. HA configurations didn't work if the minor versions were more than two apart. Howev...

Dos Policy Value Finetune

Hello, We are currently using PA-3420 appliance & we have configured DOS Policy with default values, which is as below: Action Current Value Alarm Rate 10000 Activate Rate 10000 Max Rate 40000 Block Duration (Sec) 300 We have feteched last 30days connection per second report & as per the report max...

Single interface failing LACP negotiation after PAN-OS update

I'm having an issue with a single interface in an aggregate bundle failing LACP negotiations after updating one network's firewalls from PAN-OS 10.2.13 to 11.1.6.I have two separate networks (Network A and Network B) each with two PA firewalls in Active/Passive HA. I have these firewalls cross connected to each other to provide a transit network...

P.Betts by L0 Member
  • 1063 Views
  • 0 replies
  • 0 Likes

Failover whilst HA2 link is down?

Hi! We have two PA440 in A/P HA. We have HA1, HA1 Backup, HA2 and HA2 Backup configured.We are planning on eliminating HA2 Backup to gain one extra interface and we were wondering which would be the downtime if (for some very unlikely reason) our main HA2 link fails and, at the same time, something else triggers a Failover. I realize the HA2 lin...

mR00t_s5 by L2 Linker
  • 649 Views
  • 0 replies
  • 1 Likes

UserID Redistribution Filters working weirdly

Hi thereI have a customer setup with a central "Hub"/HQ-Firewall (Pair) and a lot of smaller "Spoke"/Site firewalls connected via S2S Tunnels. Each Site and the HQ have local AD DCs and UserID-Agent Server to collect User/IP-Mappings locally. Also in some Sites and HQ ther is Global-Protect running (adds more mappings). The customer needs all th...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks