This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4507 Views
  • 0 replies
  • 1 Likes

VPN Users Report not showing properly

Hi Team, We have a customer whose requirement is to generate a VPN reports in such a format, which includes both login and logout times for users. Currently, he is receiving a single entry per user per day, showing only the last login and logout time. If a user logs in multiple times during the same day, the report does not capture all sessi...

Resolved! Clarification on System Log Subtypes Categorized as Security Events

I’m currently reviewing the subtypes available under System Logs in Palo Alto Networks, and I’d like to confirm which of the following subtypes are categorized or considered as Security related events.here is the list I've: Authcryptodhcpdnsproxydosgeneralglobal-protecthahwnatntpdpbfportpppoerasroutingsatdsslmgrsslvpnuseridurl-filteringvpnwildfi...

Palo Alto Wildcard Policy

New to Palo Alto and looking for some assistance. Trying to create an ACL policy that'll allow outbound traffic to *.domain.com, although when creating the Destination Object and selecting FQDN it will not accept the wildcard. How can I achieve a FQDN wildcard to include in my policy? Thanks for any help you can afford!

IPv6 userid Redistribution

Hi, does ipv6 redistribution work for firewall or panorama? I did many configurations and no success. I have globalprotect clients connecting to vsys4. They get both ipv6 and ipv4 addresses. The id hub is vsys1. I can redistribute ipv4 addresses directly from vsys4 to vsys1 or by panorama (two ways), but it doesn't work for ipv6. I didn't check ...

dgorka by L0 Member
  • 399 Views
  • 0 replies
  • 0 Likes

Resolved! BFD Between Virtual routers

Dear Community, I'm sure this is a loaded question without any actual configuration data. But I was wondering are there any Limitation for BFD between two Virtual routers on the same firewall. We had a query from a customer stating that BFD looks like it does not want to work between 2 Virtual routers. From what I can gather, they are using BG...

PA7080 Bonded Mgmt interfaces failover issue

I am having an issue with a pa7080 connecting to an ex4300Port map: PA7080 >>> EX4300Mgmt A=Eth0/1<===>ge-1/0/1 Up/Up (MAC table entry)Mgmt B=Eth0/2<===>ge-1/0/2 Up/Up (No MAC table entry) Both interfaces show as UP/UP but only one is passing traffic and reporting a MAC. I sort of (assuming) expect that as they are bonded. I...

Resolved! Management CPU Utilization

Here's the issue we encounter our new PA-3420 appliance is hitting the Management CPU Utilization up to 75% or higher as observed. So, I was wondering if there's something we need to know and do to fix this issue, and if there is a recommended documentation that we can go through to fix the issue. (I've attached a screenshot of what is going on

Request for confirmation of issue IDs regarding version upgrade from PAN-OS v10 to v11

Hello community. We are planning to upgrade our PAN-OS from 10 to 11. As we upgrade, we would like to know if there are any detailed conditions that cause problems with the following Issue IDs, and how to work around them. ・PAN-286848・PAN-254240https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-6-known-and-addressed...

Software EOL 10.2

10.2 is listed on https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary#pan-os-panorama as having an EOL in August followed by a limited support EOL in 2026. It's notated as continuing to be supported on certain models of hardware until their end of life. Trying to wrap my head around this. Will reac...

moorek by L0 Member
  • 3940 Views
  • 1 replies
  • 1 Likes

PANOS exposure API?

Anyone know of an API exposure of the information presented by Security Advisories | Palo Alto Networks and/or Palo Alto Networks Security Advisories The goal is to be able to maintain a database of exposures and affected products/versions suitable for generating per-customer and/or cross customer/global reports (we're a MSSP) from our SD pla...

J.Winks by L1 Bithead
  • 402 Views
  • 0 replies
  • 0 Likes

Load balancing using ecmp

Hello All, Configure load balacing between 2 isp router following below link using ecmp protocol. Now we have below requirementhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK site to site will be from secondary isp link only voice /video traffic should be prioritise first before any other traffic using both isp ...

Palo NAT Question

About the setup:1. Both DC's are connected to partner via IPSec tunnel2. Always prefer DC-1 & use DC-2 as backup3. Panorama mgmt IPs gateways is on core switch4. Palos point traffic to mgmt subnet towards core switch5. Vendor access panorama using 3.3.3.99 (Nat IP) Requirement:1. The Nat IP needs to be advertised via BGP to DC-1. This can be...

palohelp_0-1752765717065.png
palohelp by L0 Member
  • 403 Views
  • 0 replies
  • 0 Likes

Azure VM-300 Firewall subinterfaces and multiple VNETs

I am running a VM-300 series firewall in Azure. I currently have 4 interfaces on the device (management, HA, untrust and trust). In Azure I have 8 VNETs. I would like to send all VNET to VNET traffic to the firewall for inspection and policy application. Can I create sub-interfaces (one zone per sub interface) on the VM-300 to accomplish this? I...

ocejiasa by L0 Member
  • 978 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks