Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4631 Views
  • 0 replies
  • 1 Likes

I have a question about capture conditions, etc. when using packet dump in IPSec VPN.

Hi I am experiencing latency between Palo Alto of internal server and peer of internal server in IPSec and am trying to perform packet dump on Palo Alto firewall. And I performed packet dump with the following conditions However, Syn and Ack packets are not recognized by the firewall However, Syn-ack is confirmed (It is thought that this p...

2025-04-02_14-37-43.png

URL filtering is not functioning as expected.

Hello Team, We are experiencing an issue with URL filtering on a Palo Alto PA-440 running version 11.1.4 -h7. Despite having valid licenses, URL filtering is not functioning as expected. Here’s what we’ve tried so far: Cleared the cache and deleted the URLs from the database multiple times. Created rules with custom URL categories, ensuring ...

Jagdeep1 by L2 Linker
  • 2126 Views
  • 4 replies
  • 0 Likes

Resolved! Data Filtering with Google Drive

Hello, Looking for some guidance with Data Filtering. I've created a data pattern with the predefined pattern for Credit Cards. I've assigned the pattern to my data filtering profile and applied it to my outbound web traffic security rule. I have set the threshold for blocking to 1 so that it blocks any occurrence that fits the credit card p...

Queries on Packet Captures.

Hi Friends, I have few queries on the Packet captures and traffic logs 1. If we are pinging from the management ip to the gateway ip i am able to ping but how can i see those logs on the GUI of the firewall. According to my understanding the Traffic logs which we see completely rely on the data plane and the test which i am doing is on the...

Satyak by L3 Networker
  • 2366 Views
  • 2 replies
  • 0 Likes

VM-Series Next-Gen Virtual Firewall w/Advanced Threat Prevention (PAYG)の契約変更について

AWS MarketPlaceで、VM-Series Next-Gen Virtual Firewall w/Advanced Threat Prevention (PAYG)をの購入を検討しています。構築期間中は時間払い(OnDemand)とし、本番稼働後は年間一括払い(365-day contract)に切り替えることは可能でしょうか。

API auth REST vs SOAP

I'm having an issue authenticating via RESTful API, PAN OS version 11.1 Using SOAP to fetch my API key, then storing it here $header = @{"X-PAN-KEY" = $apikey} Then Invoke-Restmethod like this Invoke-RestMethod -Uri $newURI -Method get -ContentType "application/json" -Headers $header URI is https://ip_address/restapi/v11.1/Device/VirtualSy...

BBagent by L0 Member
  • 1166 Views
  • 1 replies
  • 0 Likes

Integrated User-ID Agent - auto password rotation.

Hi all, Has anybody here ever worked on a solution to automatically change the password of the user-id agent via a PAM solution? My goal would be to have our PAM solution change the password in AD, than, via API if possible, change the password of the agent via Panorama. I've started my journey and going through the API guide today but, figur...

sefrat by L0 Member
  • 1414 Views
  • 1 replies
  • 0 Likes

Resolved! New admin accounts could not login in web gui

Hello, I have done the setup of a new PA-445 running software version 11.2.3 I have added new device admins as superuser in Device-->Administrators But when I try to login I get the message "failed authentication for user \'adm-test\'. Reason: Authentication profile not found for the user. From: %ipaddress%.' How can I solve this problem? ...

M.Bock by L2 Linker
  • 2151 Views
  • 5 replies
  • 0 Likes

VPN PA-400 to PFSense

Hi all! I've created an IPsec VPN site-to-site between Palo Alto and PFSense.We are facing problems because the tunnel doesn't connect. We see the errors below on Monitor Logs: Error1 = IKEv2 IKE SA negotiation is started as responder, non-rekey. Initiated SA: IP_PALO_ALTO[500]-IP_PFSENSE[33848] SPI:1719700341f53997:4c83ee594abb7b38. Error2 = ig...

admin by L0 Member
  • 848 Views
  • 1 replies
  • 0 Likes

PA850 last supported PANOS 11.1.x

Hey Folks, The last supported version for the PA-850 is PAN-OS 11.1.0. The PA-850 has End-of-Support (EoS) until 2029. However, I want to confirm whether security patches, threat updates, and other dynamic updates will continue to be provided until 2029. We need to ensure that the firewall remains secure against vulnerabilities throughout its...

nsingh by L0 Member
  • 3685 Views
  • 1 replies
  • 0 Likes

Proxy IDs between Peers

Hi, if the remote peer require local palo alto to set proxy IDs, what happens if the proxy IDs at PAN side doesn't match the ones at remote? would this cause any issue i.e traffic gets dropped or does palo alto forward the traffic down the tunnel as long as there is a route. Thanks

AY_FASAR by L1 Bithead
  • 746 Views
  • 1 replies
  • 0 Likes

Support regarding query

Hi All, My current PA support is ASC (Authorized Service Center) where they open a Case on my behalf. How can i change my ASC or transfer my device ownership to some other support partner. Pls note: Support is currently valid and active to my existing ASC partner

  • 1597 Posts
  • 61 Subscriptions
Top Liked Authors