Next-Generation Firewall Discussions

Palo Alto DHCP Relay Stops Working After Reboot

After rebooting the firewall due to a power activity, we noticed that the DHCP relay stopped working. We could see the DHCP Discover and Offer messages in Wireshark, but the firewall’s DHCP relay did not seem to function properly.

The firewall was ru

Monitoring Palo Alto VPN IPSEC tunnels on PRTG

Hi,

Our company recently acquired new Palo Alto PA440 and have set up VPN IPSEC tunnels (both Ikev1 and ikev2).

We currently need to montitor thise tunnels efficiently using PRTG to be alerted in case one of the tunnels go down.

Can anyone who did th

CNGFW Integration with Panorama, its Stability, & Performance

To integrate the Cloud NGFW service with Panorama virtual appliance, panorama running software version 10.2, 11.0, or 11.1 and not greater than 11.1 as per the below KB Article.

Panorama Integration Prerequisites

However, I recently deployed VM Ser

set system setting target-vsys is not an option 10.2.10-h9

I am trying to test the authentication profile for ldap.  However I am unable to successfully because it is checking vsys0 and the ldap is set for vsys1.  but when using set system setting the target-vsys is not an option for the command.  I just get

Change of the interface's name order in the commit

Hello,

when I verify the configuration changes on the firewall before committing them I see a line that begins with "interface [" and lists all the interface and subinterfaces that exist, but in the running config they have an order and in the candid

Packet Capture Issue

Hi Team, 

I am seeing an active session for a specific traffic , but when I try to capture the packets there is no packets has been captured. 

Also "debug dataplane packet-diag show filter-marked-session" command also not showing any session details.

Testing interfaces on Passive Node

Dear Community,

I have a strange problem related to my PAN1410. My FW are build to HA Active-Passive. Everythink works until failover occcure.. after that I lost connections to GlobalProtect.

It seems that I have problem with WAN interface, because w

Rule Order Best Practice

We recently migrated to the Palo Alto Firewalls. I am looking for best practice/recommendations on how to properly order firewall rules. We have all our block rules first (geoblocking, malicious sites, specific apps, etc) up top. But what about the r

SIP/RTP Traffic Issues in Palo Alto Active-Active vWire Setup Causing MAC Flapping In L3 devices

In a Palo Alto Active-Active vWire setup, traffic entering a port on Device A is not supposed to egress from any port on Device B. The HA3 link is typically used to forward packets from the active-secondary device to the active-primary device for pro

How to calculate max concurrent session and new session persecond in firewall

Hi

Please help to calculate ma concurrent session and news session per second in firewall

Not appending new address object in address group through REST API

We have been trying to append a new address object to an address group in the firewall. However, when we use the PUT method in Postman to insert it into the group, it replaces the existing address objects instead of adding the new one. Additionally,