This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

HA Configurations in Strata Cloud Manager (SCM) with NGFW.

Good Day fellow techies I am writing this article because I was very confused at the SCM tech writing of the Admin Guide, in regards to HA. I REALLY tried to follow along with the steps, but could not understand. I think I am not the only one. So, in basic terms, create your folder structure as you would for NGFW FWs, that you will be manag...

SCantwell_0-1730985799439.png
SCantwell_1-1730984808101.png
SCantwell_2-1730984845856.png
SCantwell_3-1730984916648.png

The required '11.1.0' base image must be loaded before this image can be loaded

Hi Team, My Panorama device is currently on Software Version 11.0.5, and I am looking to upgrade to 11.1.4-h1. In Panorama, I navigate to Panorama > Software, and run 'Check Now' to refresh available updates. I can see that 11.0.0 (base) and 11.0.4-h2 (preferred) images are already downloaded (as well as 11.0.5 which is not a base or pref...

OKelly by L1 Bithead
  • 7150 Views
  • 4 replies
  • 3 Likes

Palo alto firewall incorrect time

Hi Everyone,PA-440 appliance running on 11.2.4 firmwareIs anyone experiencing issue in time being incorrect and keeps going back to wrong time and date?Already tried synching it on NTP server and it shows on CLI that it is synched and reachable however on GUI it still shows the incorrect time and date. Also tried manually set time and date on De...

RVizcarra by L4 Transporter
  • 1016 Views
  • 1 replies
  • 0 Likes

failed auth

2025-02-20 16:36:56.159 -0800 debug: pan_auth_cache_user_is_allowed(pan_auth_cache_allowlist_n_grp.c:789): user "jdelossantos" is NOT in allow list of auth prof/vsys "AD_AUTH/shared" (vsys in request "shared")2025-02-20 16:36:56.159 -0800 failed authentication for user 'jdelossantos'. Reason: User is not in allowlist. auth profile 'AD_AUTH', vsy...

Firewall with L2 Interfaces and dual uplinks to switch.

Question on L2 Interfaces and internal VLANs. We are connecting a 220R with all interfaces in L2. We have 2 gateway switches so this firewall with have dual uplinks (one to each GW). How do I apply a VLAN to these interfaces? Do I even need to? One some other deployments where we've had dual uplinks (but usually to the same switch, not sep...

jwill2 by L2 Linker
  • 1135 Views
  • 1 replies
  • 0 Likes

GW ARP reply..

From the tcpdump output, the device with the MAC address b4:0c:25:e0:40:10(FW being the GW) is repeatedly broadcasting ARP requests, asking for the MAC addresses of multiple IPs within the 10.248.8.x range. It is sending these requests to identify the MAC addresses of devices associated with those IP addresses. This is resulting connectivity iss...

MS Teams Aplication Performance Issue –Intermittently

Hi Team, We have received reports from three customers experiencing intermittent performance issues with the MS Teams application, specifically with audio and video not functioning properly. Troubleshooting Steps Performed (Palo Alto Firewall): ✔ Removed all security profiles from the policy✔ Configured QoS and assigned guaranteed bandwidth for ...

Resolved! ERROR DURING THE BOOT PROCESS( Suggest the resolution)

Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.29 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration fi...

How can I block browser extensions (VPN)?

Greetings and happy new year. I have seen that from my internal network people use VPNs that are installed as extensions in the Google Chrome browser (veepn) to circumvent the URL Filtering of the FW. Does anyone know how to block these extensions? In the URL Filtering I have blocked the categorization of Proxies and Anonymous. But it seems that...

ccortijo by L2 Linker
  • 4374 Views
  • 3 replies
  • 1 Likes

VM-Series Esxi and KVM

Hi guys I have received a 30-day trial vm series for ESXi and KVM to my official email ID to check its features, we have deployed it in our virtual environment in ESXi and KVM, but it shows an error during the login as shown in the screenshot, I have sent an email but no response from PA, rather they some link there login unexpected error to in ...

Are there any cases where certificates are marked as UNKNOWN other than when using CRLs with IDP extension?

Hello everyone, From the following knowledge, I understand that in CRLs with IDP Extension, certificates not listed in the CRL are marked as UNKNOWN. PAN-OS Behaviour for CRLs with IDP Extension: Certificate marked Unknown" if not listed in the CRL"https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldJCAS Are there ...

Static route path monitoring using a destination within a different virtual router

Hi, Is it possible to set up path monitoring for a static route using a destination IP address in a different virtual router? My scenario is within virtual router 'A' I have a static route with a destination of a NAT range pointing to an interface to get it in to the routing table and then advertising it via BGP. Traffic destined for the NAT IP'...

potential issue with RADIUS traffic passed through Palo devices

Hi all, There is a good chance this is not in fact a firewall issue at all. But I just wanted to ask people who have more experience than me. Has anyone experienced an issue where despite RADIUS traffic being passed through a Palo appliance successfully, RADIUS authentication has still failed? The scenario I describe is from Meraki AP's to a w...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks