This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4512 Views
  • 0 replies
  • 1 Likes

Unable to Login on Secondary Device in Active Passive HA Using Superuser

Hello Team, We are currently facing an issue with logging into the secondary firewall in an Active-Passive HA setup using any superuser credentials other than the admin credentials. When we create a new superuser account or make changes on the active firewall, they are successfully replicated on the passive firewall, indicating that HA synch...

HIP-Check for tennant id check with regestry (CID)

Hello, im trying to do a hip check for the registry of the CID for CrowdStrike. in this link you can find the registry path and the registry itself for the CID. https://stackoverflow.com/questions/70030265/how-do-i-view-alphanumeric-registry-values-with-powershell but when doing th hip check with the data in there it dosent work, i dont get an ...

n.major by L1 Bithead
  • 631 Views
  • 0 replies
  • 0 Likes

PA-1400 Series Power Supply Specifications

Hello everyone, I would like to know the following three points about the specifications of the A-1400 series power supply. 1. The maximum power consumption value is different between the PA-1400 series spec sheet and the hardware reference. Is the maximum power consumption value of the A-1400 series listed in the hardware reference correct?...

IPSEC behind NAT

Hi all, I am trying to enable a IPSEC from PA1 to PA2 However PA1 sits behind a NAT device which I have no control of and the PA outside interface is been given a 192.16.1.X address I have gone through the following KB https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClopCAC but this still fails to function. Seems ...

Configuration for GUI access through public IP

Hello all, I'm new to the Palo Alto firewalls and pardon me for my bad English as I'm not a native English speaker.I'm trying to build the below network we currently have in my workplace in an eve-ng lab. I'm not able to access the GUI through the address of eth 0/0 HQ_ISP address (203.189.70.2) with my current config. I have configured a Manag...

dilsarahm2_0-1741326588717.png

Security update for Palo Alto 5050

Colleagues, good afternoon,We have encountered an issue where, due to unforeseen circumstances, we had to revert to the old hardware. Could someone help with updating the security patches? We need to load them onto the device.Is there a way to download and send the updates to us? Unfortunately, we cannot officially request them as our technical ...

Cyberark RDP sessions aging-out, disconnecting users

We are working on a deployment of CyberArk for identity management. At this point our problems are not with integrating it for authentication with the Palo. Our problem is that the connectors for CyberArk in our datacenter are dropping connections when our Admins are using the RDP sessions. CyberArk gave us some docs re: creating an applicat...

How to trigger a "Response page" on Palo Alto NGFWs using URL filtering & Decryption

Hi All, I want to share my experience on very latest configuration I did in my company Firewall infra. With the genAI evolution & most of the companies trying to develop their own homegrown genAI app, it was becoming headache for my Cyber Risk team to track usage of 3rd party genAI apps (like ChatGPT, Gemini) & doing comparative analysi...

PS007 by L2 Linker
  • 2709 Views
  • 0 replies
  • 0 Likes

Best Practices for Multiple External IP

Hello Community I have 2 blocks of public IP addresses assigned by our ISP. They are on different networks . They culminate at the single gateway provided on premise by our ISP. An external (untrust) port on our 1410 is assigned to an IP address from our first block of IP addresses. That works fine and since it needs to be up all the time I ...

peeryog by L1 Bithead
  • 571 Views
  • 0 replies
  • 0 Likes

Resolved! Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

In PAN-OS, if a specific issue (e.g., PAN-XXXXX) is addressed in a certain maintenance release, will the fix automatically be included in all later maintenance and hotfix releases of the same major/minor version, even if it is not explicitly mentioned in the release notes? For example, if an issue is fixed in PAN-OS 10.2.4 and I upgrade directly...

Resolved! Application list via show running security-policy is incomplete

Hey guys, I need to export a bunch of security rules of one of our FWs (PA-5250; 10.2.10-h9). I decided to do this via cli, but certain rules seem to have an incomplete list of applications. It looks like this: application/service [0:ms-scheduler/tcp/any/any 1:ms-scheduler/udp/any/any 2:ms-netlogon/tcp/any/49152-65535 3:ms-netlogon/tcp/any/135 4...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks