This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4558 Views
  • 0 replies
  • 1 Likes

Minor patch release date for 11.1.8

I have run into a situation when we upgraded our environment to 11.1.4-h7, where from the Panorama, I can not modify existing rule sets with my radius authenticated account. This environment is government, so STIGS are used (this should allay any odd questions). The only solution TAC gave was to create a local admin account and use for said mod...

Phishing email? - Important: Palo Alto Networks Informational Security Bulletin

I just received what looks like an official PA email which suggests I visit (which appears to be legit)https://security.paloaltonetworks.com/PAN-SA-2024-0015 For important security information about how to configure my management interface. Yet when I look at the link I'm being asked to click, I see something which doesn't look at all related to...

CraigAr_0-1731165412234.png
CraigAr by L0 Member
  • 4219 Views
  • 2 replies
  • 0 Likes

Resolved! SNMP OID

Hi Team, OID Name: ifCounterDiscontinuityTimeOID: 1.3.6.1.2.1.31.1.1.1.19 Does this OID support the firewall models below? PA-440 PA-3250 PA-3250 PA-5220 PA-3220 PA-3260 PA-3260

QoS Maximum Egress 5000

We used to have a PA-3260 but moved to the PA-1420. I noticed that in the QoS profile for our interfaces, I can only set a maximum egress of 5000. We used to set this to 10,000 as we have a 10gbps handoff and a 10gbps connection to our internal equipment. Looking at my interfaces on the 1420, I see that we are using a 10000Mbps, full duplex conn...

Resolved! QoS Policy Class Selection

Hello, I have a question regarding QoS policies, When you create a QoS policy, you don't have the option to select a QoS profile, you can only select a class.My understanding is that the class pulled will be the one from the profile applied to the egress interface.For example if I have a rule like this: Source 192.168.100.1 Destination 192.168.2...

Punite by L1 Bithead
  • 1309 Views
  • 2 replies
  • 0 Likes

Difference between Rulebase Security Rules and security policy in CLI

Hello! I am struggling with some CLI config as we don't have access to the gui at the moment. I am trying to create an allow rule for ping, and searching around has directed me to use the syntax "set rulebase security rule". I did that and the rule committed successfully. When I 'show run security policy' I see the rule I just created at ...

Resolved! Slow Download and Uploads From Various Cloud Providers

Hello All,3220 running 10.2.10h7We have recently migrated a couple of our services to cloud providers away from prem and have since had issues with slowness with uploads and downloads to the servers. - 2-1Gb connections but for now we have PBF Rule sending traffic out to a preferred uplink- No QoS- App overrides in place and traffic is being ide...

Tshaw89 by L1 Bithead
  • 2269 Views
  • 3 replies
  • 0 Likes

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Recently upgrade to version 10.1.14-h6 and now firewall is giving the below warning message.The firewall HA pair is operating with no issues and all commits are successful. I don't do any advanced routing in the firewall - only one vr. Is there a way to clear this alert? It's something unique to this 10.1.14-h6 and wasn't there prior. Any sugg...

Policy configured with Application ID but sarda cloud saying I need to configure services as well ?

Hi everyone, I have my policies configured with the Application ID, and I’ve set the service to "any" because some applications use random ports. However, Strata Cloud is recommending that I configure the services explicitly as well. I was under the impression that if I configured the application in the policy, only that application would be all...

din100 by L3 Networker
  • 1013 Views
  • 2 replies
  • 0 Likes

Resolved! DHCP with ISP router don't work :/

Hi,just purchased a PA-3260 and trying to configure it to use DHCP with my ISP router.The DHCP server works fine on the ISP router, tried it on my laptop.I reset the PA-3260 than i removed the wired interface and select the first interface and set ip up as DHCP client with default router and untrust zone.The zones are in Layer3 mode. But it stuc...

Ertu57 by L1 Bithead
  • 29012 Views
  • 30 replies
  • 0 Likes

DNS Failover Service

We are testing a 3rd party DNS failover service and they need a way to verify if our ISP is up. My thought on this was to allow ping/icmp on our external nic from the vendor's public IP range, however that isn't an option. We could allow http/https but I really hate the idea of opening the administrative access to the public, even if it is jus...

B.Fisher by L1 Bithead
  • 734 Views
  • 0 replies
  • 0 Likes

Resolved! How to ping External Interface IP

Hi I am trying to setup the ability to ping an external interface's IP address. I have setup a MGMT profile that allows PING assigned to the physical interface where our public IP addresses are. I also created a security rule that allows ICMP and PING to that particular IP. The rule is setup as follows Type: Universal source zone: External...

B.Fisher by L1 Bithead
  • 2443 Views
  • 3 replies
  • 0 Likes
  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks