This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4512 Views
  • 0 replies
  • 1 Likes

Decryption: Client and decrypt profile version mismatch

Hi folks, Have been seeing a lot of "'Client and decrypt profile version mismatch. Supported client version bitmask: 0x08. Supported decrypt profile version bitmask: 0x60. ' errors in the log lately. This article: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/decryption/troubleshoot-and-monitor-decryption/decryption-logs/decryptio...

Can we set data cap with QOS in Palo Alto for an app-id

Can we set data cap with QOS in Palo Alto for an app-id. We would like to put a datacap on the backup to 400GB per month as we have data usage to 1 TB per month. Please advise if this can be done. I am aware we can restrict only bandwidth, please advise if this is applicable.Please share configuraion that would be helpful

How to Interpret running resource-monitor avg & max

Can anyone help explain and whether my understanding is correct? avg is the average usage % in the past 7 daysmax is the peak usage % at a certain timeIs the overall DP cpu operation normal??Because max is displayed as 9x~100, it makes people feel worried Also, why is there no data displayed for Core 0.10.11?? Thanks to anyone who replies

hcheng763718_0-1750392530713.png

Resolved! PANOS 11.1.6-h3

Hi All, I am having all my Panorama & PA on-prem & VM series running with 11.1.6-h3 , Do we see any issues ? I am still required to consider another upgrade ? What will be the target PANOS? Thanks & Best Regards Yuvaraj Karvekar

Error in Outlook Email Server Profile

Hi all, I'm currently experiencing an issue with my connection to the Outlook email gateway. When using Gmail as the email gateway, everything works fine. However, I encounter problems when switching to Outlook. To test the connection from the Palo Alto firewall to the Outlook email gateway, I used my personal Outlook account. Unfortunatel...

zedexxx_0-1750837217217.png
zedexxx_1-1750837226682.png
zedexxx by L1 Bithead
  • 977 Views
  • 1 replies
  • 0 Likes

Resolved! Upgrade PAN OS 10.2.7-8 to 11.2.x

Hi Guy,I have 2 PA-3440 and 1 Panorama VM to manage them. My PA-3440 devices are on version 10.2.7-h8 and Panorama is on version 11.1.0I am on the way to upgrade Panorama and PA3440 devices to version 11.2.3-h5 or another latest version recommended (please recommend me), I tried using the Validate button to see the upgrade path, but I don't see ...

L.CTIN by L1 Bithead
  • 8221 Views
  • 6 replies
  • 0 Likes

Paloalto security Architect/Consultant - Advice

Hello Everyone, I've been working with Palo Alto firewalls for some time now and am looking to explore opportunities in solution design, architecture, and consulting. I know there are many talented professionals here who are already succeeding in this space. I’d greatly appreciate any advice, insights, or roadmaps you can share. Thank you,Murali

Resolved! Request for Free Trial Access to VM-Series Firewall and Integration Testing Support

I would like to request access to a free trial of the VM-Series Virtual Firewall for evaluation and integration testing purposes.Specifically, I am looking to:Deploy the VM-Series in a test environmentPerform basic functionality and integration validationTest log generation and forwarding (syslog, CEF, etc.)Please let me know the steps to obtain...

Resolved! Monitoring VPN Tunnel Status with SNMP Trap

Hello, I would like to use SNMP Trap to detect status changes of VPN tunnels in the PA series. Is it possible to detect VPN tunnels status changes with the following OIDs. panVPNTunnelStatusUpTrap: .1.3.6.1.4.1.25461.2.1.3.2.0.1746panVPNTunnelStatusDownTrap:.1.3.6.1.4.1.25461.2.1.3.2.0.1747 Product model:PA-220 PAN-OS version:10.2.11 B...

opaque: CloudAuthService Server certificate validation failed. Dest Addr: license.api.paloaltonetworks.com, Reason: unable to get local issuer certifi

Hi, we are getting the following 2 x alerts on the same firewalls, can you please let us know how this can be fixed - googled it but I couldn;'t find a fix:alert1:opaque: CloudAuthService Server certificate validation failed. Dest Addr: license.api.paloaltonetworks.com, Reason: unable to get local issuer certificatedg_id: 0tpl_id: 0 alert2: loud...

qasim02 by L2 Linker
  • 1021 Views
  • 0 replies
  • 0 Likes

DNS Servers Failure

In the Palo Alto firewall, we are unable to reach the DNS servers. These servers are in the cloud and act as proxy servers as well as domain controllers. From our VMs, we are able to ping the DNS IPs successfully, but in the firewall session logs, it shows "resource unavailable." Note that the same configuration is working on another Palo Alto f...

pr45031 by L0 Member
  • 703 Views
  • 1 replies
  • 0 Likes

Chromium-based traffic issue

Hello Experts, Our client experienced a drop in internet traffic. After running tests, they detected that all traffic generated with Chromium-based browsers was being dropped by the firewall for some unknown reason. Other traffic generated by other browsers, such as Firefox or ICMP traffic, was not affected in the same way.We haven't determined ...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks