Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Cyberark RDP sessions aging-out, disconnecting users

We are working on a deployment of CyberArk for identity management. At this point our problems are not with integrating it for authentication with the Palo. Our problem is that the connectors for CyberArk in our datacenter are dropping connections

...

Palo Alto PA-850 basic configuration without any licenses

What can you configure on a Palo Alto PA-850 without any license ? What are the differences between having a license and not having a license ? Also how many licenses are there and if any are required for firmware updates ?

Resolved! LINOTP is support with Palo Alto

Hello Team

Kindly confirm whether the LINOTP MFA RADIUS server is compatible with Palo Alto. If so, is there any standard documentation available for it?

Regards

TD Team

Resolved! 11.1.4h7 and 11.1.5 h1 high cpu

Hi

Ugraded 11.1.4h1 to 11.1.4h7 On PA440 and PA415, causing high both planes cpu.

rolled back to 11.1.4h1 fixed

Upgraded to 11.1.5h1 - same issue.

Rolled back to 11.1.4h1.

How to trigger a "Response page" on Palo Alto NGFWs using URL filtering & Decryption

Hi All,

I want to share my experience on very latest configuration I did in my company Firewall infra. With the genAI evolution & most of the companies trying to develop their own homegrown genAI app, it was becoming headache for my Cyber Risk team

...

Best Practices for Multiple External IP

Hello Community

I have 2 blocks of public IP addresses assigned by our ISP. They are on different networks . They culminate at the single gateway provided on premise by our ISP.

An external (untrust) port on our 1410 is assigned to an IP address f

...

Resolved! Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

In PAN-OS, if a specific issue (e.g., PAN-XXXXX) is addressed in a certain maintenance release, will the fix automatically be included in all later maintenance and hotfix releases of the same major/minor version, even if it is not explicitly mentione

...

Resolved! Application list via show running security-policy is incomplete

Hey guys, I need to export a bunch of security rules of one of our FWs (PA-5250; 10.2.10-h9). I decided to do this via cli, but certain rules seem to have an incomplete list of applications. It looks like this:

application/service [0:ms-scheduler/tcp

...

Using NAT64 to reach overlapping ipv4 networks

Hello!

My problem is a little more complex than the scenario below, but I'm trying to keep it simple.

Let's say I have a machine "v6client" on an IPv6-only network with IP 2001:db8::10. It's directly connected to an interface in virtual router vr

...

Any good way to block DeepSeek by PaloAlto Firewall(PA-820)

Could you tell me a good method to block DeepSeek ? Thank you very much.

Resolved! Pan-OS 10.2.13-h4 known issues

Hello everyone,

Can I ask if anyone already installed Pan-OS 10.2.13-h4 on their firewalls? Any issues with this hotfix?

I am hesitant to install it after reading reddit comments about the 10.2.13-h3 and how it breaks IPv6.

Resolved! PA-440 logging tab emtpy

Hi there,

just got my new HA pair of two PA-440's up and running. I noticed a strange thing, the logging tab is empty, what's the cause of this?

Btw, the cli shows logs via "show log traffic direction equal backward dst in x.x.x.x"

Thx

Daniel

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Cyberark RDP sessions aging-out, disconnecting users

Palo Alto PA-850 basic configuration without any licenses

Resolved! LINOTP is support with Palo Alto

Resolved! 11.1.4h7 and 11.1.5 h1 high cpu

How to trigger a "Response page" on Palo Alto NGFWs using URL filtering & Decryption

Best Practices for Multiple External IP

Resolved! Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

Resolved! Application list via show running security-policy is incomplete

Using NAT64 to reach overlapping ipv4 networks

Any good way to block DeepSeek by PaloAlto Firewall(PA-820)

Resolved! Pan-OS 10.2.13-h4 known issues

Source account mapped

Download PAN OS 9.1.16-h5 for PA-3020 FW

GlobalProtect enforcer exceptions not staying in registry

Resolved! PA-440 logging tab emtpy

How to create bandwidth capping of 20 mbps in vpn tunnel on Palo Alto Firewalls

User-ID & LDAPS service account AD permissions

New User-Account (__telemetryuser) with PanOS 11.2.10

Palo Alto wildcards for whitelist

High availability system alarms

Re: Performance impact of using higher DH group for site-to-site VPNs

Duplicate DNS packets

Re: PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

LACP Features on Palo Alto Firewall

Unlock your full community experience!

Rules and Best Practices

Resolved! LINOTP is support with Palo Alto

Resolved! 11.1.4h7 and 11.1.5 h1 high cpu

Resolved! Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

Resolved! Application list via show running security-policy is incomplete

Resolved! Pan-OS 10.2.13-h4 known issues

Resolved! PA-440 logging tab emtpy