This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4527 Views
  • 0 replies
  • 1 Likes

Resolved! Intergrations of External Dynamic Lists (EDL) with External Systems

Hi! I’m looking for guidance on whether entries from External Dynamic Lists (EDL) in Palo Alto Networks can be programmatically accessed or integrated with external systems for broader threat intelligence use. Specifically, I would like to understand: Whether EDL contents (IP, domain, URL indicators) can be retrieved via API or another support...

Request for Assistance: PA-850 Recovery Boot and Support Account Registration

I am writing to request urgent assistance with a Palo Alto PA-850 device in our possession. The device details are as follows:Model: PA-850Serial: ******P/N: ***Issue summary:The device’s SSD has failed and I have replaced it with a new blank 240GB SSD.I am unable to boot into maintenance mode and cannot proceed with recovery.When attempting to ...

admin by L0 Member
  • 749 Views
  • 2 replies
  • 0 Likes

site to site VPN between Palo Alto Firewall and Cisco ASA Power fire firewall communication issue

I have configured a site-to-site VPN between my Cisco ASA Firepower 2140 firewall and a partner using a Palo Alto firewall. The VPN tunnel is up, and the partner’s server defined in Phase 2 is able to reach my server successfully.However, my server is unable to reach the partner’s server.Could you please assist in identifying the issue and provi...

How to Patch Vulnerability - Plugin 43160 (CGI Generic SQL Injection) on GlobalProtect

Body: We have detected a blind SQL injection vulnerability (Plugin ID: 43160) on GlobalProtect login CGI (/global-protect/login.esp) using Nessus. Details: - CVSS Score: 7.5 (High) - Affected Parameter: 'action' - Example: /global-protect/login.esp?action=';WAITFOR DELAY '00:00:3';-- Environment: PAN-OS version: [Your Version] GlobalProtect ...

Resolved! Inquiry Regarding CEF Configuration Guide and Custom Log Format Variables for PAN‑OS 11

Attention: Global TPM team Question ①: Regarding the CEF Formatting Guide for PAN-OS 11The following link contains CEF formatting guides for various versions of PAN-OS, but I cannot find a guide for PAN-OS 11. https://docs.paloaltonetworks.com/resources/cef Is it correct to understand that the CEF configuration guide for PAN-OS 11 is not current...

Issues with credit card processing terminals

We have about 560ish credit card terminals from Bank of America, the hardware is from PAX. We are constantly getting reports of transactions failing due to “communication” issues with BoA. It’s not just one terminal and it’s not every single transaction. It’s random terminals and it’s random transactions. BoA is telling us that the transactions ...

andber by L0 Member
  • 677 Views
  • 2 replies
  • 0 Likes

port issue / nmapping

Hi everyone, I’m facing a strange issue and would appreciate your input. We created a security policy to block certain ports. When we check the traffic logs and packet captures, they clearly show that the traffic is being dropped. However, when we run an Nmap scan, it still reports the ports as open, even though they should be closed. I also che...

wally4 by L2 Linker
  • 1903 Views
  • 11 replies
  • 0 Likes

About UIA SSL connection

Hello Team, I'm currently dealing with an issue where UIA is unable to validate certification. The certificate does not have a SAN setting. I plan to change the certificate to one that has both CN and SAN set, but have not been able to do so yet. The certificate validation has occurred since applying an OS patch, so I have asked the OS ven...

Upgrading Active/Passive pair, pause in between upgrades?

When upgrading PAN-OS on an Active/Passive pair, does any pause for 1 or more days after upgrading the first firewall (and before upgrading the second firewall)? The idea here is we will have a bit more time to test for issues. If there is a failure post upgrade, we will have the option to suspend the upgraded firewall and make the firewall th...

jambulo by L4 Transporter
  • 1347 Views
  • 4 replies
  • 0 Likes

Resolved! Best practices for Palo Alto security policy when destination IP/FQDN is dynamic or unknown

Group Company A is implementing surveillance cameras and requires communication to send data from the cameras to an external cloud server. The cloud server (destination) cannot be restricted by IP address or FQDN (only ports can be restricted), so IP addresses and FQDNs must be opened with ANY. ※ Restricted ports are TCP 443 (HTTPS), UDP 123 (NT...

Question regarding source NAT in S2S VPN

Hi All, I need to create a S2S Tunnel to a customer. We need to reach 1 Server on their side (e.g. 192.168.100.1). The connection is needed from multiple Hosts from 2 different Subents on our Side (10.0.112.0/21 and 172.18.2.0/24). The customer does not want to allow both subnets instead they want to allow only 1 IP.Now my question is: Is it pos...

shaq4242 by L0 Member
  • 1022 Views
  • 3 replies
  • 0 Likes

while do the factory reset of pa 5250 showing error: findfs: unable to resolve 'label=sysroot0

Hi , We have Palo alto 5250 we have forgotten the password so we are planning to do factor reset of the device but we have done factor reset to but while completing the percentage automatically it's reboot and went again maintenance mode when we click the factory reset again it's Looping again and again same maintenance mode if go disk image al...

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks