Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Panorama Validation error

Hi all,

I have cloned a template where I am changing the interface from 1g to 10g. Also, I am planning to retain the IP address. In the new template, GP gateway related configs are not being copied to the new template. So I added them manually . while

...

Palo Alto unable to resolve its own static entries

When I try ping host abc.com

it says ping : abc.com : System error

How do I fix this?

There is a static entry for abc.com on the palo alto

Using external zone in DNAT policy

Hi Team,

We have 2 VSYS configured to communicate.

VSYS 1 has 172.25.80.254 zone L3 : DC

VSYS 2 has 172.25.70.254 zone L3 : DMZ

I added two external zone (DC to DMZ) and (DMZ to DC) to allow communication between vsys and also the routing between

...

Configure PAN OS locally when panorama is down

Hello team,

I want to ask if when the panorama VM is down , and we need to configure firewalls locally, in this case , when we turn on the panorama , how would be the behaviour :

1- Panorama will detect that configuration is not sync and will inher

...

Resolved! External virtual network pointing to many internal ip

hello,

We are migrating from forcepoint to PA. we face the case below: a virtual network (172.28.66.0/24) is assigned to multiple servers , behind it , there is a group for Such LB in FPT (pointing on 28.66.0 means : one for 172.28.72.2 and 172.28.72

...

PAN-OS 10.1.15

Hi Team,

When is the expected release date for PAN-OS 10.1.15.

Resolved! DoS Block Table API

Good Morning!

I am looking to create a Powershell script to list and clear IPs that have been added to the DoS Block-Table. I have tried this through Powershell PoshSSH and OpenSSH but can't get neither to work fully. I looked around for the API to

...

Resolved! Secondary Firewall Tap Interface Showing down

Hi All,

Can anyone help me to understand the behavior of tap interfaces. Currently they are showing down on passive firewalls whereas on active firewalls they are showing up.

Searched for KB article but not getting enough information, can you ple

...

Path error issue when performing SCP from CLI of Paloalto NGFW.

Hello, I'm currently trying to transfer Stat-dump to NAS using scp by specifying a desired period.

I think the connection has been made since the NAS user authentication step has been completed through the CLI command.

However, an error occurs saying t

...

DAG object matching app-id as a destination address

Hello there,

I'm reviewing some security policies and came across something peculiar. I'm curious why a DAG would be used as a destination address that matches on app-id and the same app-id in the application field.

Is there any technical behaviour

...

Why restarting management server helps to solve Panorama GUI access problem

How does restarting management server solves the GUI access problem. Besides that, why does the websrvr gets stopped by itself.

"Use Default Browser" option not showing in Strata cloud manager

Hello Team,

We have client firewall managed with strata cloud manager. We were trying to use the default browser for SAML authentication. When we checked that option on firewall under GlobalProtect Portal > Authentication >"Use Default Browser" it wo

...

Frequent flaps with DPD timeout between a Palo Alto device and AWS VPN.

I have been experiencing frequent flaps with DPD timeout between a Palo Alto device and AWS VPN.

Do not Palo Alto devices go well with AWS VPN ?

Are any specific settings needed to be taken care of for stable connection to AWS VPN ?

Issue with Intermittent Blocking of ChatGPT URL-Not-resolve

Hi Team,

I’ve noticed that in my environment, the chatgpt.com URL is intermittently categorized as unresolved and is being blocked.

For your reference, I am attaching a snapshot highlighting this behavior.

Please let me know if additional informa

...

Device transfer query

Hi All,

Facing below error while registrating the device.

" Device and support code do not match support account. Please contact super user to send you a registration link for approraite support account."

Also what could be the steps to device transf

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! Panorama Validation error

Palo Alto unable to resolve its own static entries

Using external zone in DNAT policy

Configure PAN OS locally when panorama is down

Resolved! External virtual network pointing to many internal ip

PAN-OS 10.1.15

Resolved! DoS Block Table API

Resolved! Secondary Firewall Tap Interface Showing down

Path error issue when performing SCP from CLI of Paloalto NGFW.

DAG object matching app-id as a destination address

Why restarting management server helps to solve Panorama GUI access problem

"Use Default Browser" option not showing in Strata cloud manager

Frequent flaps with DPD timeout between a Palo Alto device and AWS VPN.

Issue with Intermittent Blocking of ChatGPT URL-Not-resolve

Device transfer query

Newbie Initial Setup Question

Investigate Bandwidth utilization on Palo Alto Firewall

Reason: Authentication profile not found for the user

Downgrade the feature version from 11.1.4-h7 to 10.2.13-h10 in HA mode

Security Policy

Re: Newbie Initial Setup Question

Re: Newbie Initial Setup Question

Re: Move license between active NGFW

Re: Microsoft WNS App ID

Re: Concerns of Firewall 5250 dropping packets and enabled DSRI (Disable Server Respponse Inspection) relieve issues for a few hours but came back

Unlock your full community experience!

Rules and Best Practices

Resolved! Panorama Validation error

Resolved! External virtual network pointing to many internal ip

Resolved! DoS Block Table API

Resolved! Secondary Firewall Tap Interface Showing down