This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

Soft and hard lifetime in IPSec

Hi, I think I understand what is soft lifetime, but I can't see anywhere in Ipsec config to set it, is it something that palo alto set by default based on the hard lifetime. Also having some issues with my tunnel and when set the debug the soft lifetime between palo alto and other end (different vendor) doesn't match, can this cause the issue...

AY_FASAR by L1 Bithead
  • 1948 Views
  • 1 replies
  • 0 Likes

Resolved! openSSH version 9.8 or later in PAN-OS

Hi Guys,Hope you are all doing well.Just wanted to confirm which PAN-OS currently has an openSSH 9.8 version or later? Following this kb article: How to check the OpenSSH version the PAN-OS device is using - Knowledge Base - Palo Alto NetworksI did try to check it on Palo Alto networks OSS Licenses, however seems like the most updated PAN-OS tha...

RVizcarra by L4 Transporter
  • 3413 Views
  • 2 replies
  • 0 Likes

Tunnel inside of Tunnel

I have a site to site configure and tunnel established between palo alto and juniper vsrx. I am trying to route an IPSec tunnel through the existing tunnel. I am able to ping through the existing tunnels so connectivity exist. I have applied and "ANY/ANY" policy as well. The issue I is the traffic from the "spoke/remote" is able to send the ...

skey4867 by L0 Member
  • 1136 Views
  • 2 replies
  • 0 Likes

DNS-related issues - PAN-OS 11.1.6-h3

Hi, We’ve been facing some DNS-related issues on one of our Palo Alto firewalls running PAN-OS 11.1.6-h3. Specifically, we’re seeing this event: PAN_ELOG_EVENT_DNS_CLOUD_TIMEOUT Description: DNS Security cloud query timeout Type: dns-security Severity: Medium It looks like DNS queries through the DNS Security service are intermittently fai...

Conditional Advertisement, Revert Back Options

Good day all, I was working with PA support I may be just be getting confused with the information. I'm trying to use conditional advertisement to advertise a single subnet via BGP only when another a particular learned route is down. I got this portion working. But, how do I revert back when BGP learned route comes back? According to PA sup...

I have a question about capture conditions, etc. when using packet dump in IPSec VPN.

Hi I am experiencing latency between Palo Alto of internal server and peer of internal server in IPSec and am trying to perform packet dump on Palo Alto firewall. And I performed packet dump with the following conditions However, Syn and Ack packets are not recognized by the firewall However, Syn-ack is confirmed (It is thought that this p...

2025-04-02_14-37-43.png

URL filtering is not functioning as expected.

Hello Team, We are experiencing an issue with URL filtering on a Palo Alto PA-440 running version 11.1.4 -h7. Despite having valid licenses, URL filtering is not functioning as expected. Here’s what we’ve tried so far: Cleared the cache and deleted the URLs from the database multiple times. Created rules with custom URL categories, ensuring ...

Jagdeep1 by L2 Linker
  • 1972 Views
  • 4 replies
  • 0 Likes

Resolved! Data Filtering with Google Drive

Hello, Looking for some guidance with Data Filtering. I've created a data pattern with the predefined pattern for Credit Cards. I've assigned the pattern to my data filtering profile and applied it to my outbound web traffic security rule. I have set the threshold for blocking to 1 so that it blocks any occurrence that fits the credit card p...

Queries on Packet Captures.

Hi Friends, I have few queries on the Packet captures and traffic logs 1. If we are pinging from the management ip to the gateway ip i am able to ping but how can i see those logs on the GUI of the firewall. According to my understanding the Traffic logs which we see completely rely on the data plane and the test which i am doing is on the...

Satyak by L3 Networker
  • 2240 Views
  • 2 replies
  • 0 Likes

VM-Series Next-Gen Virtual Firewall w/Advanced Threat Prevention (PAYG)の契約変更について

AWS MarketPlaceで、VM-Series Next-Gen Virtual Firewall w/Advanced Threat Prevention (PAYG)をの購入を検討しています。構築期間中は時間払い(OnDemand)とし、本番稼働後は年間一括払い(365-day contract)に切り替えることは可能でしょうか。

API auth REST vs SOAP

I'm having an issue authenticating via RESTful API, PAN OS version 11.1 Using SOAP to fetch my API key, then storing it here $header = @{"X-PAN-KEY" = $apikey} Then Invoke-Restmethod like this Invoke-RestMethod -Uri $newURI -Method get -ContentType "application/json" -Headers $header URI is https://ip_address/restapi/v11.1/Device/VirtualSy...

BBagent by L0 Member
  • 1062 Views
  • 1 replies
  • 0 Likes

Integrated User-ID Agent - auto password rotation.

Hi all, Has anybody here ever worked on a solution to automatically change the password of the user-id agent via a PAM solution? My goal would be to have our PAM solution change the password in AD, than, via API if possible, change the password of the agent via Panorama. I've started my journey and going through the API guide today but, figur...

sefrat by L0 Member
  • 1287 Views
  • 1 replies
  • 0 Likes

System Log "'tls-X509-validation-failed"

Dear All, As today 31-May, 2024, From PA Firewall it show system log on "tls-X509-validation-failed" CloudAuthService Server certificate validation failed. Dest Addr: app-registry-service.apps.paloaltonetworks.com, Reason: unable to get local issuer certificate. Does any facing with this log and can help advice on this ? This log happen for pe...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks