Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4631 Views
  • 0 replies
  • 1 Likes

RDP Freeze

Good morning,I have a problem with connections in RDP. Basically, the client VLAN at the branch office behind a PA450 cluster is experiencing freezes in RDP connections to the HQ servers behind a PAVM300 cluster. This is all handled by Panorama, and the rules to allow the traffic have been created correctly. I have already tried disabling UDP on...

Resolved! PA-1410 - Web Management - Cannot Open in Other Computer

Totally new here, when i say "web management2 it is the web page where you see the dashboard of the firewall, policies, monitor, devide, etc. I can access it in my computer by entering the IP Address, https://ab.cde.efg.h. Problem is i need to retire my pc where i can access the firewall. However, i cannot access https://ab.cde.efg.h.from othe...

Transferring the config from defective PA850 to new PA 850

Hi All, I'm still newbie on PA configuration and I need your suggestion or help. We are replacing the defective PA 850 with new one and these are the steps that i'm thinking 1. On Panorama Remove the defective GBY PA-PRI850 on PANORAMA on template and device 2. On Panorama under the device remove the Serial number of deflective GBY PA-PRI 8...

weezy by L3 Networker
  • 1396 Views
  • 3 replies
  • 0 Likes

¿Category = License Expired? Palo Alto 5200 series firewall

On a Palo Alto 5200 series firewall running PAN-OS 11.1, the THREAT log documentation says:"CATEGORY: For WildFire subtype, it is the verdict on the file and is either ‘malware’, ‘phishing’, ‘grayware’, or ‘benign’; For other subtypes, the value is ‘any’. "https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-admin/monitoring/use-syslog-for-monit...

PAN-DB cloud list loading failed (ERROR:SSL connect error

The active firewall is connected while the passive is not connected. In that case sometimes we getting, PAN-DB cloud list loading failed (ERROR:SSL connect errorI believe we can ignore this error message if it's getting the error once in awhile since it could be failed due to SSL connectivity error to Palo Alto update server.The concern is it b...

PAN-184708 known issue

PAN-184708 know issue is closed report groups to create and there workaround but isnt good idea with me, that on all 11.1.any ,PAN-OS ... support if there other method to turn on this feature or if mandatory wait the hotfix just tell

Palo Alto 5450

I need specifics on the DC cables provided with the 5450. The specs page shows AC cables. Can someone provide me the specifics around the DC cables that come with the 5450? Thanks

rh440f49 by L0 Member
  • 781 Views
  • 2 replies
  • 0 Likes

Associating Link Tags with GRE Tunnels for SD-WAN Path Control on PA-1410

We are configuring SD-WAN path control on a Palo Alto Networks PA-1410 (PAN-OS 11.4) that connects to two Zscaler data centers (Dallas and Atlanta) over two ISP circuits. Four GRE tunnels are in place: ISP 1 → Zscaler DFW ISP 1 → Zscaler ATL ISP 2 → Zscaler DFW ISP 2 → Zscaler ATL To steer traffic, we have already created the following...

maintsst by L0 Member
  • 951 Views
  • 0 replies
  • 0 Likes

Interface Errors after upgrade - VM Series

Hello, we upgraded our Palo Alto VM to 11.1.6-h1, after the upgrade the monitoring system gave us warning about the errors increasing on the Firewall interfaces but the clients did not report any issues, so it's not affecting them at all, this is what i see on one of them: admin@paloaltoVM(active)> show interface ethernet1/5-------------...

Facebook working as application reddit-base

We are currently experiencing an issue with URL filtering and application-based policies. We’ve set up a policy to block the Facebook application, but it’s still being allowed through. In the logs, it shows as the application "Application reddit-base" instead of Facebook. When we remove the block rule, Facebook-related apps function normally, bu...

Jagdeep1 by L2 Linker
  • 1051 Views
  • 1 replies
  • 0 Likes

Deepseek Restriction

I've noticed when trying to just use the appIDs, any web traffic not able to be identified ("incomplete", "insufficient-data") will hit the policy even though the appID doesn't technically match the policy. My other thought was just to allow the unidentified traffic on 80/443 in a policy just before the deepseek policy but that is not an option ...

LBSalvat by L0 Member
  • 1450 Views
  • 0 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Liked Authors