Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4631 Views
  • 0 replies
  • 1 Likes

How to trigger a "Response page" on Palo Alto NGFWs using URL filtering & Decryption

Hi All, I want to share my experience on very latest configuration I did in my company Firewall infra. With the genAI evolution & most of the companies trying to develop their own homegrown genAI app, it was becoming headache for my Cyber Risk team to track usage of 3rd party genAI apps (like ChatGPT, Gemini) & doing comparative analysi...

PS007 by L2 Linker
  • 3093 Views
  • 0 replies
  • 0 Likes

Best Practices for Multiple External IP

Hello Community I have 2 blocks of public IP addresses assigned by our ISP. They are on different networks . They culminate at the single gateway provided on premise by our ISP. An external (untrust) port on our 1410 is assigned to an IP address from our first block of IP addresses. That works fine and since it needs to be up all the time I ...

peeryog by L1 Bithead
  • 635 Views
  • 0 replies
  • 0 Likes

Resolved! Are Fixes from Previous PAN-OS Maintenance Releases Always Included in Later Versions?

In PAN-OS, if a specific issue (e.g., PAN-XXXXX) is addressed in a certain maintenance release, will the fix automatically be included in all later maintenance and hotfix releases of the same major/minor version, even if it is not explicitly mentioned in the release notes? For example, if an issue is fixed in PAN-OS 10.2.4 and I upgrade directly...

Resolved! Application list via show running security-policy is incomplete

Hey guys, I need to export a bunch of security rules of one of our FWs (PA-5250; 10.2.10-h9). I decided to do this via cli, but certain rules seem to have an incomplete list of applications. It looks like this: application/service [0:ms-scheduler/tcp/any/any 1:ms-scheduler/udp/any/any 2:ms-netlogon/tcp/any/49152-65535 3:ms-netlogon/tcp/any/135 4...

Using NAT64 to reach overlapping ipv4 networks

Hello! My problem is a little more complex than the scenario below, but I'm trying to keep it simple. Let's say I have a machine "v6client" on an IPv6-only network with IP 2001:db8::10. It's directly connected to an interface in virtual router vr1. Then, let's say I have two servers "server1" and "server2". Both of them have the same IP 19...

Resolved! PA-440 logging tab emtpy

Hi there, just got my new HA pair of two PA-440's up and running. I noticed a strange thing, the logging tab is empty, what's the cause of this? Btw, the cli shows logs via "show log traffic direction equal backward dst in x.x.x.x" Thx Daniel

pa440-logging.png
Netzer by L3 Networker
  • 3035 Views
  • 5 replies
  • 0 Likes

Resolved! Bi-direction Nat logic

hi I have configured a static bidirection NAT which is Trust to Untrust source address 10.149.192.32 destination 10.90.129.51 service any source translation 200.22.1.32 and turned the bi-directional: yes. I have the security policy any and routing 10.149.0.0/16 and 200.22.0.0/16 is Trust,10.90.129.51 Untrust. I have done troubleshooting from Tru...

IAmJi1 by L3 Networker
  • 2866 Views
  • 5 replies
  • 0 Likes

issues with traffic passing through vWire

hi guys, i'm trying to set up a new Palo Alto firewall, a PA 440, for a customer. But they want minimal impact on their network and don't want to change anything, so i proposed setting up a vWire so they change nothing and can benefit from the inspection features of the new Palo box. pretty much here's how it kinda looks like: ISP Router --> ...

D.Sine by L1 Bithead
  • 1633 Views
  • 2 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Liked Authors