This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4551 Views
  • 0 replies
  • 1 Likes

Resolved! Detect high bandwith consumption

Hello everyone! I´m looking for a way to identify a user or IP when they have high bw consumption Lets say a user is downloading something and is using all my ISP bw, how can I identify it in that moment? I was able to do this but when the session was finished, in my scenario my user downloaded something for 2hs an I had to wait until that to ...

procom by L1 Bithead
  • 2610 Views
  • 5 replies
  • 0 Likes

A commit is in progress. Please try again later

Running 10.2.13 on a PA-440. Current config issues mean a commit fails. The unit keeps trying to auto commit very frequently (which fails). If i try to change the config and commit, i get the message "A commit is in progress. Please try again later". If i try to install a different software version i get the same error. How can i disable auto co...

Resolved! My IPSEC tunnel not able to UP

less mp-log ikemgr.log [PERR]: Couldn't find configuration for IKE phase-1 request for peer IP 52.a.b.115[500].2025-07-25 00:32:54.452 +0700 [PERR]: Couldn't find configuration for IKE phase-1 request for peer IP 52.a.b.115[500].2025-07-25 00:33:35.355 +0700 [PERR]: Couldn't find configuration for IKE phase-1 request for peer IP 52.a.b.115[500]....

Application Shift and How to allow linkedIn but block specific linkedin-posting application

When you want to allow the linkedin-base application with a specific Security Policy Rule, for example Linkedin-Rule, the Implicit applications it depends to are automatically allowed by the firewall, this means that the Security Policy Rule Linkedin-Rule that matches the linkedin-base application will automatically allow the web-browsing and SS...

rmeddane_0-1708248019818.jpeg
rmeddane_1-1708248019825.jpeg
rmeddane_2-1708248019832.jpeg
rmeddane_3-1708248019840.jpeg
rmeddane by L2 Linker
  • 4252 Views
  • 1 replies
  • 1 Likes

UserID mapping for users usings Azure VPN Gateway and AzureAD

Hi All, I have a unique scenario. We have a PA VM Firewall in Azure. We use Azure VPN Gateway to allow users to VPN in if need be (mainly 3rd party support) to get to services on the other side of the FW. The user's credentials authenticate against AzureAD using MFA. I need to know if there is a way to implement UserID, or something similar, t...

Resolved! Can NGFW Block Trafic Depending on the client and source IP

Hello,We have a requirement to control connections from local virtual machines (VMs) to public endpoints. Specifically, we need to enforce access policies based on:The type of client submitting the request (e.g., web browser vs. desktop tool)The IP address of the VM from which the request originates Is it possible to implement such granular cont...

pan_iv by L0 Member
  • 1766 Views
  • 2 replies
  • 0 Likes

VPN Users Report not showing properly

Hi Team, We have a customer whose requirement is to generate a VPN reports in such a format, which includes both login and logout times for users. Currently, he is receiving a single entry per user per day, showing only the last login and logout time. If a user logs in multiple times during the same day, the report does not capture all sessi...

Resolved! Clarification on System Log Subtypes Categorized as Security Events

I’m currently reviewing the subtypes available under System Logs in Palo Alto Networks, and I’d like to confirm which of the following subtypes are categorized or considered as Security related events.here is the list I've: Authcryptodhcpdnsproxydosgeneralglobal-protecthahwnatntpdpbfportpppoerasroutingsatdsslmgrsslvpnuseridurl-filteringvpnwildfi...

Palo Alto Wildcard Policy

New to Palo Alto and looking for some assistance. Trying to create an ACL policy that'll allow outbound traffic to *.domain.com, although when creating the Destination Object and selecting FQDN it will not accept the wildcard. How can I achieve a FQDN wildcard to include in my policy? Thanks for any help you can afford!

IPv6 userid Redistribution

Hi, does ipv6 redistribution work for firewall or panorama? I did many configurations and no success. I have globalprotect clients connecting to vsys4. They get both ipv6 and ipv4 addresses. The id hub is vsys1. I can redistribute ipv4 addresses directly from vsys4 to vsys1 or by panorama (two ways), but it doesn't work for ipv6. I didn't check ...

dgorka by L0 Member
  • 422 Views
  • 0 replies
  • 0 Likes

Resolved! BFD Between Virtual routers

Dear Community, I'm sure this is a loaded question without any actual configuration data. But I was wondering are there any Limitation for BFD between two Virtual routers on the same firewall. We had a query from a customer stating that BFD looks like it does not want to work between 2 Virtual routers. From what I can gather, they are using BG...

PA7080 Bonded Mgmt interfaces failover issue

I am having an issue with a pa7080 connecting to an ex4300Port map: PA7080 >>> EX4300Mgmt A=Eth0/1<===>ge-1/0/1 Up/Up (MAC table entry)Mgmt B=Eth0/2<===>ge-1/0/2 Up/Up (No MAC table entry) Both interfaces show as UP/UP but only one is passing traffic and reporting a MAC. I sort of (assuming) expect that as they are bonded. I...

Resolved! Management CPU Utilization

Here's the issue we encounter our new PA-3420 appliance is hitting the Management CPU Utilization up to 75% or higher as observed. So, I was wondering if there's something we need to know and do to fix this issue, and if there is a recommended documentation that we can go through to fix the issue. (I've attached a screenshot of what is going on

  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks