This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Firwall is uable to send logs to the Panorma (Log collector is showing inactive)

Hi Team, I am currently managing multiple firewalls through Panorama; however, one of the HA firewalls is not forwarding logs to Panorama. Please find the CLI output below for your reference. show logging-status -----------------------------------------------------------------------------------------------------------------------------Type Las...

Increasing config size beyond max reccomended values 450s

Hi I have a customer who is getting the following alert on their Palo Alto PA-450 on 11.1.13, I believe these alerts have come about with new features on 11.1. To try and clear error we have set to the max recommended configuration file size per this article for the model. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1...

HMcGoldrick_0-1775642951067.png

Intrazone-default Rule

I have a question and would like some advice! We currently operate by applying an “any-any deny” policy at the bottom of the stack and opening ports only for necessary traffic.I noticed that the hit count is increasing on the “intrazone-default” allow policy at the bottom, even though the “any-any deny” policy is in place.I enabled logging for t...

Decryption policies and Short-Lived Certificates

Hi All, So basically, certificate validity will be shortened gradually until it is down to 47 days. The prospect of importing and reconfiguring our decryption policies that often is not very appealing. The problem i see is that, while we can automate certificate renewal on the servers, and the actual import process using CLI/API, there's sti...

Resolved! Unable to find "Hide My IP" application on firewall (Applipedia shows it exists

Hi Team, I’m trying to block the application “Hide My IP” on the firewall, but I’m unable to find it in the application list while creating the policy. However, when I search for it in Palo Alto Networks Applipedia, I can see that the application does exist.Dynamic updates are already up to date on the firewall.

Screenshot 2026-04-07 101655.png

Config/System Logs Not Forwarding to Syslog Server

I am currently facing an issue where Configuration and System logs are not being forwarded to the syslog server, even though the configuration appears to be correct. Standalone Firewall PAN-OS Version: 11.x Syslog Server: (configured and reachable for traffic logs) Anyone encountered this issue? despite being following the ref article by Pal...

Resolved! Translate Pop-up Feature Block

We recently started experiencing an issue with the google translate pop-up feature in browsers. When users try to use the google translate pop-up feature on any webpage the request is being denied by the firewall however accessing the google translate website directly works without any issue. On a sidenote we're currently using SSL decryption on...

How to make Router BGP ping into IP inside Palo Alto

Good Afternoon guys, how i could reach network 10.100.111.0/24 inside Palo Alto from Router BGP? i have success to get routing table of 10.100.111.0/24 from Router BGP, but unfortunately i can't ping into gateway of 10.100.111.252/24. How to solve this? Thank youThis is route inside Router BGP : And this is Configuration Inside STL-CORE-01 : STL...

Mikhailzd_0-1774930708413.png
Mikhailzd_1-1774930782934.png
Mikhailzd_2-1774930921598.png
Mikhailzd_3-1774930940370.png

Continuous Threat Logs Showing Management Server IP as Source

Hi Friends, I am facing an issue with my PA-440 firewall after the recent update to 11.1.13 i have been encountring an continous threat logs generation for the threat id : 765344918 with the threat type as : spyware and the threat id name as : generic:vikingindustries.in and the destinations as : 8.8.8.8 / 4.2.2.2 respectively The service ro...

Satyak by L3 Networker
  • 1432 Views
  • 3 replies
  • 0 Likes

Stealth Rule Question

Hi everyone,Could someone please explain the correct way to create a Stealth rule in Palo Alto? My understanding is that it involves creating a rule that denies all traffic destined for the firewall’s public IP addresses.I’m also unsure whether this will impact IPsec tunnels or GlobalProtect connections that terminate on those same IPs. Addition...

ititsw by L0 Member
  • 771 Views
  • 4 replies
  • 0 Likes

Resolved! Internal IP's hitting sinkhole policy

Hello all, We have a sinkhole configured on our PA440, and we're seeing some IP's hitting it and getting sinkholed, there's 1 endpoint that's an old NT4 legacy machine that runs on our production environment. And other ones that are windows and probably wifi endpoints like phones. I have no way of scanning the old NT4 box, and that only ran our ...

cdcirexx by L3 Networker
  • 4129 Views
  • 8 replies
  • 0 Likes

Resolved! Intergrations of External Dynamic Lists (EDL) with External Systems

Hi! I’m looking for guidance on whether entries from External Dynamic Lists (EDL) in Palo Alto Networks can be programmatically accessed or integrated with external systems for broader threat intelligence use. Specifically, I would like to understand: Whether EDL contents (IP, domain, URL indicators) can be retrieved via API or another support...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks