This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Resolved! Inter-VR Routing issue with public IP addressees

Hi Team, I’m running into an issue with inter-VR routing and need some help. Here are the details: PA-1410 is connected to two ISPs. A /27 IP range is advertised from both ISPs to the firewall. We have P2P links between the firewall and each ISP, where the additional /27 and default route are advertised to our firewall. Current Configuration...

Ikev2 liveness check

Hello, I have a couple of questions regarding IKEv2 Liveness Check and DPD (Dead Peer Detection) on Palo Alto Networks firewalls. I’ve come across some conflicting information in various articles. Some mention that DPD is always active and cannot be disabled in IKEv2, while others suggest that the Liveness Check is the new version of DPD in IKEv...

Do you know why you cannot check the Block IP list in other models except PA3200 , PA5200, PA5400 and PA7000 Series

Hi I should look at 'monitor > Block IP List' However, the tab could not be checked in the VM series and 3400 series. And after checking the document, I found that only the 3200, 5200, 5400, and PA7000 Series support H/W Block IP List. Are there any differences between the models mentioned above and the 3400? And is it correct that there ...

ADEM for on premises options?

Is this going live with ADEM for on premise firewalls? It seems the programming is already inside global protect, it's just a matter of turning on inside the firewalls.Does anyone have a timeline or some info regarding when this will come live for on premise firewalls?

Sec101 by L4 Transporter
  • 733 Views
  • 0 replies
  • 0 Likes

Enabling CTD inspection

CVE-2020-2035 PAN-OS: URL filtering policy is not enforced on TLS handshakes for decrypted HTTPS sessions For this CVE, the solution was to enable CTD inspection May I know is there any impact to the system by enabling the CTD inspection?

Resolved! Panorama Validation error

Hi all,I have cloned a template where I am changing the interface from 1g to 10g. Also, I am planning to retain the IP address. In the new template, GP gateway related configs are not being copied to the new template. So I added them manually . while committing in panorama , I am getting the below error. Validation Error:devices -> localhost...

amrkaur by L0 Member
  • 1779 Views
  • 2 replies
  • 0 Likes

Using external zone in DNAT policy

Hi Team, We have 2 VSYS configured to communicate. VSYS 1 has 172.25.80.254 zone L3 : DC VSYS 2 has 172.25.70.254 zone L3 : DMZ I added two external zone (DC to DMZ) and (DMZ to DC) to allow communication between vsys and also the routing between VR of both Vsys. In DC , i have DNAT policy allowing a load balancing to 2 SRV located in zone L3...

Configure PAN OS locally when panorama is down

Hello team, I want to ask if when the panorama VM is down , and we need to configure firewalls locally, in this case , when we turn on the panorama , how would be the behaviour : 1- Panorama will detect that configuration is not sync and will inherit from FW? 2- or , the changes will not apear in panorama , and how to add these changes to pano...

Resolved! External virtual network pointing to many internal ip

hello, We are migrating from forcepoint to PA. we face the case below: a virtual network (172.28.66.0/24) is assigned to multiple servers , behind it , there is a group for Such LB in FPT (pointing on 28.66.0 means : one for 172.28.72.2 and 172.28.72.3 for exemple). in PALOALTO, i created DNAT rules for dynamics load balancing between addresses....

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks