This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4552 Views
  • 0 replies
  • 1 Likes

Resolved! Management CPU Utilization

Here's the issue we encounter our new PA-3420 appliance is hitting the Management CPU Utilization up to 75% or higher as observed. So, I was wondering if there's something we need to know and do to fix this issue, and if there is a recommended documentation that we can go through to fix the issue. (I've attached a screenshot of what is going on

Request for confirmation of issue IDs regarding version upgrade from PAN-OS v10 to v11

Hello community. We are planning to upgrade our PAN-OS from 10 to 11. As we upgrade, we would like to know if there are any detailed conditions that cause problems with the following Issue IDs, and how to work around them. ・PAN-286848・PAN-254240https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-6-known-and-addressed...

Software EOL 10.2

10.2 is listed on https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary#pan-os-panorama as having an EOL in August followed by a limited support EOL in 2026. It's notated as continuing to be supported on certain models of hardware until their end of life. Trying to wrap my head around this. Will reac...

moorek by L0 Member
  • 4299 Views
  • 1 replies
  • 1 Likes

PANOS exposure API?

Anyone know of an API exposure of the information presented by Security Advisories | Palo Alto Networks and/or Palo Alto Networks Security Advisories The goal is to be able to maintain a database of exposures and affected products/versions suitable for generating per-customer and/or cross customer/global reports (we're a MSSP) from our SD pla...

J.Winks by L1 Bithead
  • 423 Views
  • 0 replies
  • 0 Likes

Load balancing using ecmp

Hello All, Configure load balacing between 2 isp router following below link using ecmp protocol. Now we have below requirementhttps://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClF8CAK site to site will be from secondary isp link only voice /video traffic should be prioritise first before any other traffic using both isp ...

Palo NAT Question

About the setup:1. Both DC's are connected to partner via IPSec tunnel2. Always prefer DC-1 & use DC-2 as backup3. Panorama mgmt IPs gateways is on core switch4. Palos point traffic to mgmt subnet towards core switch5. Vendor access panorama using 3.3.3.99 (Nat IP) Requirement:1. The Nat IP needs to be advertised via BGP to DC-1. This can be...

palohelp_0-1752765717065.png
palohelp by L0 Member
  • 419 Views
  • 0 replies
  • 0 Likes

Azure VM-300 Firewall subinterfaces and multiple VNETs

I am running a VM-300 series firewall in Azure. I currently have 4 interfaces on the device (management, HA, untrust and trust). In Azure I have 8 VNETs. I would like to send all VNET to VNET traffic to the firewall for inspection and policy application. Can I create sub-interfaces (one zone per sub interface) on the VM-300 to accomplish this? I...

ocejiasa by L0 Member
  • 1036 Views
  • 1 replies
  • 0 Likes

How to block traffic from a specific ASN using DAG

I could use some assistance since AI sucks and gives you the wrong info. Here's what I would like to do, we already geoblock but I need to block malicious traffic (multible IP ranges) that's associated with a specific ASN. I've tried creating a dynamic address group with the following match criteria: 'ip.src.asnum AS14956'. I initially trie...

Resolved! File blocking upload

We have a requirement to Block uploads of file to Virustotal.com. We have SSL decryption working fine with URL filtering profiles applied. I created a new File blocking profile with application>> virustotal-base and virustotal web selected; File types>>All; Direction>>Upload; Action; Block Then i applied this profile to one int...

IPv6 and TLS 1.3?

I've been having some IPv6 issues (we're a dual-stack setup currently), and it seems like every time I fix one, I find another. The latest is an issue with some, but not all, IPv6 websites. Sometimes they'll load... sometimes they'll start to load and then stall. Sometimes they load, and then a refresh has them stalling. Looking at packet c...

jsalmans by L4 Transporter
  • 984 Views
  • 0 replies
  • 0 Likes

Resolved! PANOS upgrade to 11.1 - will UserID Agent 11.0 work?

Good afternoon, all! I'm preparing an upgrade on our PA-8XX firewall stacks from PANOS 10.2.X to the 11.1 train, which should be the last ones supported for these boxes. We are also running User-ID Agent 10.2.X, so I'll need to upgrade that, as well. However, I've not been able to accurately determine if UserID 11.0.X will work with PANOS 11.1.X...

ghughes by L1 Bithead
  • 1190 Views
  • 1 replies
  • 0 Likes

Resolved! Palo Alto wildcards for whitelist

I’m on panorama 10.2.12h-2 and have a silly question but after reading through the Palo Alto articles am a bit confused as I guess I don’t understand the difference between a URLs path vs subdomains I'm trying to whitelist https://app.e.dnv.com/e/bfs?s=861531437&lguid (<note not the full path for time and sanity reasons) but when I...

Kc_Dodds by L0 Member
  • 2881 Views
  • 1 replies
  • 0 Likes

NAT Translations Related to VPN Tunnels

Thanks for any help in advance. We have many partners that we create VPN tunnels with. To save time and to avoid IP overlap, I would like to dedicate a private subnet like 10.10.0.0/16 and route that subnet toward our Palo firewall that terminates VPNs. I would like to use IP addressing in that subnet to NAT the partner traffic as it comes...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks