This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

Finding FQDNs for blocked IP's or SSL-Inspection

Once a week, someone reports having issues accessing a site. Today that issue involves a credit card processing page that is aging-out because there is no SSL inspection exception. FW Logs of course show an IP address (no URL/FQDN), and the rule to allow access or exclude from ssl inspection requires using an FQDN. The page URL in address ba...

ppeeters by L0 Member
  • 1314 Views
  • 1 replies
  • 0 Likes

Dual ISP setup on 1 virtual router kb issue

Hello. so I need to setup a dual ISP setup and found below kb. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLL8CAOI know there is also one using different virtual routers but for this specific setup it seems this one is a slightly better match. however 1 thing in the kb bothers me and in the past when I did this set...

Resolved! Policy clarification for NTP

I have a policy configured on Palo Alto firewall with source as subnet 10.140.12.0/24 and destination as 10.140.13.0/24 with service as any and application has only icmp and ping. Will NTP be allowed from 10.140.12.0/24 to 10.140.13.0/24 as the service is any or will it be blocked as application allowed is only icmp and ping

Root Partition Full

Hi All, I am trying to clear root partition on our passive FW. It was suggested in one of the articles(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS)that we can try to delete Core Files. But Im kind of hesitant since its core and might be service impacting. Any one here can tell me which files can i de...

delayed traffic logging

Hi All, Some weird stuff going on on our unit: what are the chances that the firewall logged traffic that it received hours ago? In our case, the firewall logged RDP connections that occurred in the early morning. However, the target servers didn't log any login attempts at all. The alleged source IP of the connections was down during that p...

Direct DNS Resolution on Palo Alto Without DNS Proxy Enabled

Hello, It is possible to perform a DNS resolution directly from the Palo Alto firewall without relying on the current network configuration (such as the default configured DNS). The idea is to bypass internal DNS and use a public DNS directly, such as 8.8.8.8. Note that the DNS proxy is not enabled because it is not being used. Thanks

Resolved! RCS Chats from iPhone (IOS 18) broken

A fun problem got brought up that now that Apple surprisingly supports RCS (Google's SMS replacement) and for some reason it does not function on our networks.I can see in our internet firewall that there is a TCP 5223 session to us.verizon.rcs.telephony.goog (216.239.36.131) from our test client. That session is valid, I have a 3way handshake,...

block ransomware

Hello i am new to palo alto . what's the recommended way to block ransomware in a firewall policy? Antivirus profile? High Risk category? Please provide a screenshot if possible showing me how to do it.

jgodfrey by L1 Bithead
  • 918 Views
  • 1 replies
  • 0 Likes

Outlook is not working with Outside internet mails are getting slow

Hello Team, I hope everyone doing well! One of my customer is facing issue with Outlook is not working with Outside internet mails are getting slow. Below steps we have followed: Outlook keeps getting stuck when connected via a personal hotspot or WAN. This issue has been present since the initial configuration. Outlook works fine within th...

Palo alto HA enquiry

Hi guys, Currently firewall is configured in HA active/passive mode.We are trying to find out if we are able to change the HA mode to active/active.What are the impacts and requirements if decides to change the HA mode.

Firewall security managing via Zone vs multi layered firewall

Hello Experts, We are in the process to migrate from our current firewall (enterprise network) platform to Palo Alto. Current firewall infrastructures are layered hardware like one pair for perimeter, one pair for business network (internal), one pair for DMZ etc. We are exploring the option to collapse everything in one pair of firewall, handl...

Bidirectional PIM Support

Hello everyone, Does PaloAlto support bidirectional PIM? I understand that bidirectional multicast means that a device can be both a sender and a listener, and I would like to know if PaloAlto supports multicast communication in PIM-SM where a single device can be both a sender and a listener.

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks