This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4512 Views
  • 0 replies
  • 1 Likes

Root Partition Full

Hi All, I am trying to clear root partition on our passive FW. It was suggested in one of the articles(https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClaJCAS)that we can try to delete Core Files. But Im kind of hesitant since its core and might be service impacting. Any one here can tell me which files can i de...

delayed traffic logging

Hi All, Some weird stuff going on on our unit: what are the chances that the firewall logged traffic that it received hours ago? In our case, the firewall logged RDP connections that occurred in the early morning. However, the target servers didn't log any login attempts at all. The alleged source IP of the connections was down during that p...

Direct DNS Resolution on Palo Alto Without DNS Proxy Enabled

Hello, It is possible to perform a DNS resolution directly from the Palo Alto firewall without relying on the current network configuration (such as the default configured DNS). The idea is to bypass internal DNS and use a public DNS directly, such as 8.8.8.8. Note that the DNS proxy is not enabled because it is not being used. Thanks

Resolved! RCS Chats from iPhone (IOS 18) broken

A fun problem got brought up that now that Apple surprisingly supports RCS (Google's SMS replacement) and for some reason it does not function on our networks.I can see in our internet firewall that there is a TCP 5223 session to us.verizon.rcs.telephony.goog (216.239.36.131) from our test client. That session is valid, I have a 3way handshake,...

block ransomware

Hello i am new to palo alto . what's the recommended way to block ransomware in a firewall policy? Antivirus profile? High Risk category? Please provide a screenshot if possible showing me how to do it.

jgodfrey by L1 Bithead
  • 867 Views
  • 1 replies
  • 0 Likes

Outlook is not working with Outside internet mails are getting slow

Hello Team, I hope everyone doing well! One of my customer is facing issue with Outlook is not working with Outside internet mails are getting slow. Below steps we have followed: Outlook keeps getting stuck when connected via a personal hotspot or WAN. This issue has been present since the initial configuration. Outlook works fine within th...

Palo alto HA enquiry

Hi guys, Currently firewall is configured in HA active/passive mode.We are trying to find out if we are able to change the HA mode to active/active.What are the impacts and requirements if decides to change the HA mode.

Firewall security managing via Zone vs multi layered firewall

Hello Experts, We are in the process to migrate from our current firewall (enterprise network) platform to Palo Alto. Current firewall infrastructures are layered hardware like one pair for perimeter, one pair for business network (internal), one pair for DMZ etc. We are exploring the option to collapse everything in one pair of firewall, handl...

Bidirectional PIM Support

Hello everyone, Does PaloAlto support bidirectional PIM? I understand that bidirectional multicast means that a device can be both a sender and a listener, and I would like to know if PaloAlto supports multicast communication in PIM-SM where a single device can be both a sender and a listener.

Resolved! Log messages in ikemgr.log that were present in PAN-OS 11.1 are missing in PAN-OS 11.2

In PAN-OS 11.1 (running on VM-Series in AWS) I could do `debug ike global on dump` to get some [DEBG] and [DUMP] messages in `ikemgr.log` from which I could get the SK_ei and SK_er keys that allow me to decode the IKEv2 messages in a pcap using Wireshark. In PAN-OS 11.2.3-h3, it seems that many log messages that used to be logged are no longer...

brunor by L1 Bithead
  • 3212 Views
  • 1 replies
  • 0 Likes

Resolved! How can I extract the IKEv2 encryption keys SK_ei and SK_er on PAN-OS 11.2?

How can I extract the IKEv2 encryption keys SK_ei and SK_er on PAN-OS 11.2 (for the purpose of decoding a packet capture file in Wireshark)? The following article describes the procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLMzCAO This worked fine on PAN-OS 11.1. But it does not seem to work on PAN-O...

brunor by L1 Bithead
  • 2789 Views
  • 2 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks