This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4521 Views
  • 0 replies
  • 1 Likes

URL filtering or tightening up on GlobalProtect security rule?

I have a security rule for my GlobalProtect, and want to see if I can make it even tighter.... Source Zone: untrust (outside) Address\User\Device: Any Destination Zone: untrust Address: IP of my interface/GlobalProtect IP Device: Any Application Any Service/URL GP-4501 (4501/udp) service-https Category: Any Actions Just a vulnerab...

FIPS-CC cannot log into firewall

We have an HA pair PA-440's running 11.1.6-h3 in FIPS-CC Recently the Active firewall stopped allowing us to log into it or connect with Global Protect using local user accounts. Neiither the GUI or SSH works - it just times out. Seeing how its in FIPS-CC mode the console port is turned off so I could not test access via console. The standby ...

sos66sos by L1 Bithead
  • 1094 Views
  • 2 replies
  • 0 Likes

Terminal Service Agent with Azure Virtual Desktop

Our organization is moving away from Citrix VDI and exploring Azure Virtual Desktop (AVD). One of Security's requirements is that we get userID from the endpoints. We have successfully installed the TS Agent on the AVD and can get UserID; no issues here. The challenge we have is that our Desktop team is planning to dynamically stand up and tea...

MarceloM by L0 Member
  • 4427 Views
  • 4 replies
  • 0 Likes

IPSec tunnel throughput drops to 0mbps after some time

While testing for maximum throughput over an IPSec tunnel, I noticed that after a while throughput drops to 0mbps. When the test started, both ends of the tunnel had about 4.5gbps throughput total. But at around the 18 minute mark of the test, the throughput dropped to 0mbps. It self recovered on one end but the other end did not. Subsequent te...

Internet issues

Dear all, I connect ISP directly to the Cisco switch and from the same Cisco switch I connect the outer ISP interface and connect To Firewall , the Firewall LAN interface again passes through the Cisco switch to the internal network. Are there any compatibility issues between palo alto and Cisco switch? which means i used cisco switch as media...

Zola12_0-1746209698627.png
Zola12 by L1 Bithead
  • 601 Views
  • 1 replies
  • 0 Likes

Expedition not supported/available anymore?

Hello, I heard Expedition would not be improved and in the future partners should rely on PANW professional services for migrations. Anyone know more than me and has an update? I also heard from other sources, that Expedition like app would be available under Strata Cloud Manager and the offline version would not be supported/improved officially...

F.Kakar by L0 Member
  • 758 Views
  • 1 replies
  • 0 Likes

RDP Freeze

Good morning,I have a problem with connections in RDP. Basically, the client VLAN at the branch office behind a PA450 cluster is experiencing freezes in RDP connections to the HQ servers behind a PAVM300 cluster. This is all handled by Panorama, and the rules to allow the traffic have been created correctly. I have already tried disabling UDP on...

Resolved! PA-1410 - Web Management - Cannot Open in Other Computer

Totally new here, when i say "web management2 it is the web page where you see the dashboard of the firewall, policies, monitor, devide, etc. I can access it in my computer by entering the IP Address, https://ab.cde.efg.h. Problem is i need to retire my pc where i can access the firewall. However, i cannot access https://ab.cde.efg.h.from othe...

Transferring the config from defective PA850 to new PA 850

Hi All, I'm still newbie on PA configuration and I need your suggestion or help. We are replacing the defective PA 850 with new one and these are the steps that i'm thinking 1. On Panorama Remove the defective GBY PA-PRI850 on PANORAMA on template and device 2. On Panorama under the device remove the Serial number of deflective GBY PA-PRI 8...

weezy by L3 Networker
  • 1225 Views
  • 3 replies
  • 0 Likes

¿Category = License Expired? Palo Alto 5200 series firewall

On a Palo Alto 5200 series firewall running PAN-OS 11.1, the THREAT log documentation says:"CATEGORY: For WildFire subtype, it is the verdict on the file and is either ‘malware’, ‘phishing’, ‘grayware’, or ‘benign’; For other subtypes, the value is ‘any’. "https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monit...

PAN-DB cloud list loading failed (ERROR:SSL connect error

The active firewall is connected while the passive is not connected. In that case sometimes we getting, PAN-DB cloud list loading failed (ERROR:SSL connect errorI believe we can ignore this error message if it's getting the error once in awhile since it could be failed due to SSL connectivity error to Palo Alto update server.The concern is it b...

PAN-184708 known issue

PAN-184708 know issue is closed report groups to create and there workaround but isnt good idea with me, that on all 11.1.any ,PAN-OS ... support if there other method to turn on this feature or if mandatory wait the hotfix just tell

Palo Alto 5450

I need specifics on the DC cables provided with the 5450. The specs page shows AC cables. Can someone provide me the specifics around the DC cables that come with the 5450? Thanks

rh440f49 by L0 Member
  • 716 Views
  • 2 replies
  • 0 Likes
  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks