This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4551 Views
  • 0 replies
  • 1 Likes

Header Insertion doesn't work

Hi, I try to enable HTTP Header Insertion to allow only my company's domain. I see the header insertion in the logs, but I got an error: This account is not allowed to sign in within this network. Please talk to your network administrator for more information." I got this error when I try to use a Gmail domain, for example, but even if I ...

K.Balas by L0 Member
  • 484 Views
  • 0 replies
  • 0 Likes

About upgrade an HA configuration

Hello Team, Standalone PAs can be upgraded by skipping multiple versions starting with 10.1. Is this skip feature supported for HA? I checked the documentation, but I couldn't find anything that clearly stated that it was supported in an HA configuration. HA configurations didn't work if the minor versions were more than two apart. Howev...

Dos Policy Value Finetune

Hello, We are currently using PA-3420 appliance & we have configured DOS Policy with default values, which is as below: Action Current Value Alarm Rate 10000 Activate Rate 10000 Max Rate 40000 Block Duration (Sec) 300 We have feteched last 30days connection per second report & as per the report max...

Single interface failing LACP negotiation after PAN-OS update

I'm having an issue with a single interface in an aggregate bundle failing LACP negotiations after updating one network's firewalls from PAN-OS 10.2.13 to 11.1.6.I have two separate networks (Network A and Network B) each with two PA firewalls in Active/Passive HA. I have these firewalls cross connected to each other to provide a transit network...

P.Betts by L0 Member
  • 1132 Views
  • 0 replies
  • 0 Likes

Failover whilst HA2 link is down?

Hi! We have two PA440 in A/P HA. We have HA1, HA1 Backup, HA2 and HA2 Backup configured.We are planning on eliminating HA2 Backup to gain one extra interface and we were wondering which would be the downtime if (for some very unlikely reason) our main HA2 link fails and, at the same time, something else triggers a Failover. I realize the HA2 lin...

mR00t_s5 by L2 Linker
  • 674 Views
  • 0 replies
  • 1 Likes

UserID Redistribution Filters working weirdly

Hi thereI have a customer setup with a central "Hub"/HQ-Firewall (Pair) and a lot of smaller "Spoke"/Site firewalls connected via S2S Tunnels. Each Site and the HQ have local AD DCs and UserID-Agent Server to collect User/IP-Mappings locally. Also in some Sites and HQ ther is Global-Protect running (adds more mappings). The customer needs all th...

Upgrade 5450 to 11.1.6h10

I am currently on 10.2.10-h9 going to 11.1.6h10 (preferred). Has anyone experienced any issue with the new release on 5450 FW? In the past I upgraded to 11.1.4-h7 and it went horribly BAD. Not the upgrade process but that release 11.1.4-h7 has bugs. Non of the websites we are hosting were accessible. sometimes it works and other time so mu...

BFP with OSPF graceful restart causing outages during failover

Dear community! In a active/passive configuration with OSPF graceful restart and BFD enabled, when we do failover we experience a downtime 1 minute after the failover and it takes about 10 seconds to be fixed. Checking the logs it looks like the firewall builds the new BFD sessions with the core switch, but after 1 minute after the failover th...

Carracido by L4 Transporter
  • 1914 Views
  • 1 replies
  • 0 Likes

About BUG PAN-226361 for PA-820 device running version 10.2.10-h9

HelloI wanted to ask you a question about a problem I just encountered, I have seen the BUG PAN-226361 reproduced in the PA-820 equipment is in version 10.2.10-h9 and yet this BUG has been corrected in the hotfix 7 of the same version, does anyone know if it has been re-activated in higher versions and what is the recommendation of Paloalto in t...

Alpalo_0-1754045210096.png
Alpalo by L4 Transporter
  • 1080 Views
  • 1 replies
  • 1 Likes

Paloalto firewall google drive blocking -- quic based problem

Hello,We are experiencing an issue with blocking Google Drive access through Palo Alto Firewall despite applying several mitigation steps.Current Setup:SSL Decryption is enabled and functioning.Security policies and URL filtering are configured to block:drive.google.comdrive.google**.drive.google.com*.google.com (selectively for Drive-related se...

OrkhanM by L1 Bithead
  • 2380 Views
  • 2 replies
  • 0 Likes

Subject: GlobalProtect Connection Issue After SSL/TLS Certificate Renewal

Hello Team, We’re currently experiencing an issue where GlobalProtect is not accessible after renewing the server certificate associated with the SSL/TLS profile used by our GlobalProtect portal. Error message:GlobalProtect: Connection Failed. The network is unreachable or the portal is unresponsive. Check the network connection and reconnect. T...

Jagdeep1 by L2 Linker
  • 1291 Views
  • 1 replies
  • 0 Likes
  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks