Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Test IPSEC tunnel Throughput

Hi Team,

I just started working on PaloAlto FW, I want to test ipsec tunnel throughput form my firewall to end Device. Can any tell the steps via GUI or cmd. and what is the correct way to trubleshoot if customer expericening the slowness to access i

...

PA-820 random Decyption Error

Since a few month we got more and more random outbound decryption errors. When the user wait a moment the website will automatically open correct. The browser error messages are "err_connection_reset" or net:err_cert_authority_invalid". In the decryp

...

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

Hi everyone,

1) End user has confirmed that these users' computers do not have the LINE application installed. However, the 443 traffic is being identified as "naver-line," with a subcategory of "voip-video." Could you please help us understand the

...

palo alto 850 firmware upgradation

Hi All,

Need to upgrade an palo alto 850 from 9.1.4 to 11.0. Basically i need a confirmation on below points.

1.Have only hardware support license, will it sufficient for firmware upgradation. PFA snapshot

2. As per below article i need to only d

...

Resolved! PA-820 management network don't have internet how do I get the device certificate working

My Palo don't have internet on the management network but I will need devices certificate on the devices to do the AIOPs logs but can't seems to get it work not sure which service on the service reroute to send it to the WAN interface.

Resolved! Max Connections per Second on PA3260

Hi,

I'm trying to configure Flood Protection in the Zone Protection Profile of my PA3260 and wanted confirm what the Maximun connections per second is. The number I came across was 84,000. Is this correct? I should also add I'm using SYN cookies as

...

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Hi Experts,

I'm going to upgrade from PANOS PANOS 10.2.8-h3 to 11.1.2-h3. Could you please advise me the download and install path. Additionally, Tell me how many reboots. It would require reaching out to 11.1.2-h3.

Thanks in advance

Resolved! EDL for major Linux distros

Hi All,

Do you have anu idea, if there is some external or unofficial EDL list with mirror servers for main Linux distros, so I can use it in the firewall rules?

E.g. Fedora has this list of all mirror servers available online - Mirrors - MirrorMa

...

Multiple Virtual Routers on SD-WAN Hub NGFW models supported

Hello!

Is the feature "Multiple Virtual Routers on SD-WAN Hub" supported for virtual software NGFW and PA-1410, 1420 hardware NGFW?

There are supported models started from PA-3400 only.

https://docs.paloaltonetworks.com/sd-wan/3-2/sd-wan-admin/confi

...

IPsec Tunnel Down!

Hi Team,

I'm a newbie at the Palo Alto firewall, and I've been checking the IPsec connection between PA850 at my sites. I'm encountering issues with the IPsec tunnel, which is not coming up. I tried establishing IPsec using the IP use

...

CPU on 3250 series is between 50% and 60%

Hello,

We have a problem , where the DP CPU is between 50% and 60% .

We want to know the root cause . we investigated the resources consumption and everything is normal.

How can we investigate the if the problem is related to a specific traffic

...

Firewall Backup Script using powershell

Hi Team,

Does anyone having a working powershell script for to export the running config from firewall using API.

stable version for pan 10.2 or 11

Hello Team,

Currently we have virtual firewall vm100 with version 10.1.5-h1, I want to update it to 11 version.

Could you please let us know the stable version for pan 10.2 or 11.

No policy recommendation for IoT

I have my firewall (PA-440) licensed with an IoT security license. The IoT security portal is working great and recognizing devices in my network. But I have a problem: I don't know why, when I go to the policy recommendation for IoT, the profiles fr

...

software update question

When updating Palo firewalls, why the need to update through each base version as well as a preferred maintenance version?

e.g. if going from version 8.1.x, to 10.1.x, why 9.0 > 9.0.x > 9.1 > 9.1 > 10.0 etc.

IF each baseline version release e.g.

...

Next-Generation Firewall Discussions

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! Test IPSEC tunnel Throughput

PA-820 random Decyption Error

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

palo alto 850 firmware upgradation

Resolved! PA-820 management network don't have internet how do I get the device certificate working

Resolved! Max Connections per Second on PA3260

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Resolved! EDL for major Linux distros

Multiple Virtual Routers on SD-WAN Hub NGFW models supported

IPsec Tunnel Down!

CPU on 3250 series is between 50% and 60%

Firewall Backup Script using powershell

stable version for pan 10.2 or 11

No policy recommendation for IoT

software update question

Plugin Issues with PA-410

PA-1410 - Web Management - Cannot Open in Other Computer

Normal mode failure. Software-integrity self-tests failed - files changed

Package manager upgrade failures to certain sites

openSSH version 9.8 or later in PAN-OS

Re: Anyone with exp in Firewall PAN-OS SD-WAN without panorama for VPN S2S Dual ISP ?

Re: The same traffic is getting allowed by one rule and blocked in firewall by another (please refer scrnshot)

Re: URL category for anydesk

Re: HA Configuration Issue with Panorama-Managed Firewall with reason TCP channel failed ,reverting configuration.

Re: Cortex XDR EDL

Unlock your full community experience!

Next-Generation Firewall Discussions

Rules and Best Practices

Resolved! Test IPSEC tunnel Throughput

Resolved! PA-820 management network don't have internet how do I get the device certificate working

Resolved! Max Connections per Second on PA3260

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Resolved! EDL for major Linux distros