Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! How to ping External Interface IP

Hi

I am trying to setup the ability to ping an external interface's IP address. I have setup a MGMT profile that allows PING assigned to the physical interface where our public IP addresses are. I also created a security rule that allows ICMP and

...

Resolved! PDF report generate and date is not in order

hi all, I have an issue where I generated and exported my custom report in PDF and the timestamp is not in order.

And the "sort-by" option is limited, refer to the attached.

Is there a way to view my report in the correct order based on the timest

...

Inbound Policy-Based Forwarding Issue - Intermittent loss of connectivity

Hello,

Got a strange one, that I am hoping someone with deep knowledge of PBF and symmetric return can advise on.

We have two (2) virtual-routers due to two different ISPs. The history of it is we are migrating off of one ISP to finally decommis

...

SD-WAN Traffic Control from the Hub Side

Hi Guys,

our Palo Alto on the HUB side is equipped with a single 10G uplink interface. On the Spoke side, there are three uplinks with varying bandwidths, and in this setup, the Panorama SD-WAN plugin generates three IPsec tunnels. I can manage traff

...

Resolved! Multicast Bidirectionel Support

Hello everyone,

Does PaloAlto currently support multicast bidirectional?

As of 2019, it seems that the above is not supported.

https://live.paloaltonetworks.com/t5/integration-discussions/multicast-bidirectionel/td-p/248160

Palo Alto Mock server for API testing

Hi Support,

We are developing a API connector to pull Traffic logs from Palo Alto firewall.
Do you guys have any mock server to test the rest API?

Resolved! Where to check Threat IDs?

Hi Guys,

I was reading this article https://security.paloaltonetworks.com/CVE-2024-0012.

Per the article, 'Additionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and

...

4-Node Cluster (2x Active/Active) and "orphaned" zone

Hi,
I'm looking for some insight into the workings of the multi-node cluster functionality when there are more than two nodes.

Let's say I have two Active/Active pairs that are clustered with a HA4 Interface.

In this case I more specifically wonde

...

RMA detail

What is the RMA timeline if a Palo box fails?

We have firewall for below details :

1. PAN-PA-3220 ; S/N-016201033390

PAN-SVC-PREM-3220

Premium support, PA-3220

Resolved! IP address being blocked by PAN Malicious IP Feeds Inbound on PA820

Hello,

IP address 74.102.229.126 is being blocked by Palo Alto's Malicious IP Feeds Inbound rule. However this is a network that should be allowed on customer s company.

We cannot see a way of submitting an IP address to whitelist.

on below li

...

Resolved! BGP sessions reset or not - Active-Standby HA

Hello All,

I have a few BGP related questions regarding Palo Alto Network firewalls HA active-standby setup.

Scenario:

* eBGP to internal/trust network

* static default route for WAN/untrust side

* floating IPs are used

Qs:

1. During failover, is the th

...

PAN Firewall process running every hour

Hi All,

I wanna ask about What processes are there in the PAN firewall that run hourly?

such as Process that can be checked
1. Signature update
2. Automated Report
3. Alert system that appears every hour

Thanks & Regards

NGFW

firmware upgrade question

When upgrading firmware, when is a reboot required? Im running something in the 10.1 series and want to upgrade to the latest in 10.1 but I can't remember if a reboot is needed or not.

Resolved! Assistance Required for Firewall HA Peer Upgrade

Hi Team, We are planning to upgrade our firewall HA peer to the preferred release. Currently, the firewalls are running the following versions: 10.1.14-h6 11.0.6-h1 I need assistance with the following points: <1> Can you confirm the latest preferred

...

Upgrade path 10.2.9-h1 to 1.1.4-h7

Hello Palo experts,

I am planning to upgrade the existing PAN 5220 HA firewall with a Panorama virtual appliance. The current PAN-OS version is 10.2.9-h1.

Could you assist with the correct and valid upgrade path from PAN-OS 10.2.9-h1 to 11.1.4-h7?

Ca

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! How to ping External Interface IP

Resolved! PDF report generate and date is not in order

Inbound Policy-Based Forwarding Issue - Intermittent loss of connectivity

SD-WAN Traffic Control from the Hub Side

Resolved! Multicast Bidirectionel Support

Palo Alto Mock server for API testing

Resolved! Where to check Threat IDs?

4-Node Cluster (2x Active/Active) and "orphaned" zone

RMA detail

Resolved! IP address being blocked by PAN Malicious IP Feeds Inbound on PA820

Resolved! BGP sessions reset or not - Active-Standby HA

PAN Firewall process running every hour

firmware upgrade question

Resolved! Assistance Required for Firewall HA Peer Upgrade

Upgrade path 10.2.9-h1 to 1.1.4-h7

HA1-Backup Failing when setting to Management

What is "UserIpMap.txt"?

Users with multiple devices: more than one ip per username

I would like to know about built in plug end for DLP do you have to disable if your moving 3430 firewall

Detect high bandwith consumption

Re: Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Re: LACP LINK DOWN FW PALO ALTO

Palo Alto Firewall Migration – VSYS Consolidation

Re: Palo Alto Kerberos for sso

Re: I would like to know about built in plug end for DLP do you have to disable if your moving 3430 firewall

Unlock your full community experience!

Rules and Best Practices

Resolved! How to ping External Interface IP

Resolved! PDF report generate and date is not in order

Resolved! Multicast Bidirectionel Support

Resolved! Where to check Threat IDs?

Resolved! IP address being blocked by PAN Malicious IP Feeds Inbound on PA820

Resolved! BGP sessions reset or not - Active-Standby HA

Resolved! Assistance Required for Firewall HA Peer Upgrade