Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Syslog forwarding to Microsoft Sentinel

hello everyone.

seems we got a weird one here.

So we took the CEF format that the pdf guide says

https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-10-0-cef-configuration-guide.pdf

heres the weird thing.

we truncated it to

...

HA Passive interfaces not coming up.

Hi All, I have searched the community before posting however I cannot find a solution for the issue I am experiencing.

We have a very straightforward physical topology. A cisco 9500 sw switch stack operating as a stackwise-virtual chassis. On Switc

...

Traffic Issues

Hi Friends,

We are seeing this issue with one of our customer in recent few days where a particular destination traffic which should go via security rule are passing via PBF policies which is not expected.

The Destination address which is not spe

...

Resolved! secure-web-gateway -> enablement -> explicit-proxy is unexpected secure-web-gateway -> enablement is invalid

Hi team,

I'm attempting to set up an explicit proxy on the PAN-OS 11.0 Firewall, but I'm encountering an error when I try to enable it.

secure-web-gateway -> enablement -> explicit-proxy is unexpected secure-web-gateway -> enablement is invalid

Yo

...

OSPF Area Question

Can you have an area be normal on 1 interface and NSSA on another interface?

Say you have area 1.

Area 1 has neighbor on interface 1 with normal type.

Can another Area 1 interface be brought online on different interface 2 with NSSA type?

Resolved! wildfire is not reporting in the wildfire submission

Hello Friends,

I have configured the paloalto wildfire feature:

- kept the default file settings in Device --> wildfire --> General settings.

checked Report Benign Files, and grayware files too.

- created a wildfire profile that con

...

Untrust interface is not coming up after firmware upgrade

Untrust interface is not coming up after firmware upgrade in PA-220

Resolved! Test IPSEC tunnel Throughput

Hi Team,

I just started working on PaloAlto FW, I want to test ipsec tunnel throughput form my firewall to end Device. Can any tell the steps via GUI or cmd. and what is the correct way to trubleshoot if customer expericening the slowness to access i

...

PA-820 random Decyption Error

Since a few month we got more and more random outbound decryption errors. When the user wait a moment the website will automatically open correct. The browser error messages are "err_connection_reset" or net:err_cert_authority_invalid". In the decryp

...

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

Hi everyone,

1) End user has confirmed that these users' computers do not have the LINE application installed. However, the 443 traffic is being identified as "naver-line," with a subcategory of "voip-video." Could you please help us understand the

...

palo alto 850 firmware upgradation

Hi All,

Need to upgrade an palo alto 850 from 9.1.4 to 11.0. Basically i need a confirmation on below points.

1.Have only hardware support license, will it sufficient for firmware upgradation. PFA snapshot

2. As per below article i need to only d

...

Resolved! PA-820 management network don't have internet how do I get the device certificate working

My Palo don't have internet on the management network but I will need devices certificate on the devices to do the AIOPs logs but can't seems to get it work not sure which service on the service reroute to send it to the WAN interface.

Resolved! Max Connections per Second on PA3260

Hi,

I'm trying to configure Flood Protection in the Zone Protection Profile of my PA3260 and wanted confirm what the Maximun connections per second is. The number I came across was 84,000. Is this correct? I should also add I'm using SYN cookies as

...

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Hi Experts,

I'm going to upgrade from PANOS PANOS 10.2.8-h3 to 11.1.2-h3. Could you please advise me the download and install path. Additionally, Tell me how many reboots. It would require reaching out to 11.1.2-h3.

Thanks in advance

Resolved! EDL for major Linux distros

Hi All,

Do you have anu idea, if there is some external or unofficial EDL list with mirror servers for main Linux distros, so I can use it in the firewall rules?

E.g. Fedora has this list of all mirror servers available online - Mirrors - MirrorMa

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Syslog forwarding to Microsoft Sentinel

HA Passive interfaces not coming up.

Traffic Issues

Resolved! secure-web-gateway -> enablement -> explicit-proxy is unexpected secure-web-gateway -> enablement is invalid

OSPF Area Question

Resolved! wildfire is not reporting in the wildfire submission

Untrust interface is not coming up after firmware upgrade

Resolved! Test IPSEC tunnel Throughput

PA-820 random Decyption Error

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

palo alto 850 firmware upgradation

Resolved! PA-820 management network don't have internet how do I get the device certificate working

Resolved! Max Connections per Second on PA3260

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Resolved! EDL for major Linux distros

Plugin Issues with PA-410

PA-1410 - Web Management - Cannot Open in Other Computer

Normal mode failure. Software-integrity self-tests failed - files changed

Package manager upgrade failures to certain sites

openSSH version 9.8 or later in PAN-OS

Re: The same traffic is getting allowed by one rule and blocked in firewall by another (please refer scrnshot)

Re: Anyone with exp in Firewall PAN-OS SD-WAN without panorama for VPN S2S Dual ISP ?

Packet Flow Sequence KB is Missing

Re: Bottom most Explicit deny all policy not capturing URLs for Url filtering logs.

Re: The same traffic is getting allowed by one rule and blocked in firewall by another (please refer scrnshot)

Unlock your full community experience!

Rules and Best Practices

Resolved! secure-web-gateway -> enablement -> explicit-proxy is unexpected secure-web-gateway -> enablement is invalid

Resolved! wildfire is not reporting in the wildfire submission

Resolved! Test IPSEC tunnel Throughput

Resolved! PA-820 management network don't have internet how do I get the device certificate working

Resolved! Max Connections per Second on PA3260

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Resolved! EDL for major Linux distros