This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4517 Views
  • 0 replies
  • 1 Likes

Resolved! How can I extract the IKEv2 encryption keys SK_ei and SK_er on PAN-OS 11.2?

How can I extract the IKEv2 encryption keys SK_ei and SK_er on PAN-OS 11.2 (for the purpose of decoding a packet capture file in Wireshark)? The following article describes the procedure: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLMzCAO This worked fine on PAN-OS 11.1. But it does not seem to work on PAN-O...

brunor by L1 Bithead
  • 2795 Views
  • 2 replies
  • 0 Likes

Palo Alto Admin UI SAML authentication failures

A few months ago, a failure occurred with SAML authentication configured between Azure and Palo Alto for firewall management. It is believed to have arisen from a flaw that occurred with Microsoft in late October and early November.The issue is that the SSO works in even takes you to Microsoft authentication with their MFA and such and it redire...

nportilla_0-1735839255571.png
nportilla_1-1735839291165.png

Issue connecting to GlobalProtect with public wifi

Hi guys, I'm at a coffee shop and using their public wifi to connect to my company GP VPN. I was able to enter my credentials and MFA. The GP showed that I'm connected, but I'm not able to connect to my company's local stuff and can't browse the internet while connected. The GP client also popped up a message below every few minutes:After 20 min...

tinhnho_0-1733243948609.png
tinhnho by L3 Networker
  • 2224 Views
  • 1 replies
  • 0 Likes

Unable to upgrade past 11.0.4-h1

Trying to get to 11.1 but when we upgrade, after a period of time, usually 30-60 minutes after the upgrade outbound traffic begins to fail. We see traffic allowed and going out but 0 returned. We have tried several versions of 11.1 as well as even 11.0.6-h1 and always have the same issue and have to revert to 11.0.4-h1. We are hearing that oth...

Minor patch release date for 11.1.8

I have run into a situation when we upgraded our environment to 11.1.4-h7, where from the Panorama, I can not modify existing rule sets with my radius authenticated account. This environment is government, so STIGS are used (this should allay any odd questions). The only solution TAC gave was to create a local admin account and use for said mod...

Phishing email? - Important: Palo Alto Networks Informational Security Bulletin

I just received what looks like an official PA email which suggests I visit (which appears to be legit)https://security.paloaltonetworks.com/PAN-SA-2024-0015 For important security information about how to configure my management interface. Yet when I look at the link I'm being asked to click, I see something which doesn't look at all related to...

CraigAr_0-1731165412234.png
CraigAr by L0 Member
  • 4057 Views
  • 2 replies
  • 0 Likes

Resolved! SNMP OID

Hi Team, OID Name: ifCounterDiscontinuityTimeOID: 1.3.6.1.2.1.31.1.1.1.19 Does this OID support the firewall models below? PA-440 PA-3250 PA-3250 PA-5220 PA-3220 PA-3260 PA-3260

QoS Maximum Egress 5000

We used to have a PA-3260 but moved to the PA-1420. I noticed that in the QoS profile for our interfaces, I can only set a maximum egress of 5000. We used to set this to 10,000 as we have a 10gbps handoff and a 10gbps connection to our internal equipment. Looking at my interfaces on the 1420, I see that we are using a 10000Mbps, full duplex conn...

Resolved! QoS Policy Class Selection

Hello, I have a question regarding QoS policies, When you create a QoS policy, you don't have the option to select a QoS profile, you can only select a class.My understanding is that the class pulled will be the one from the profile applied to the egress interface.For example if I have a rule like this: Source 192.168.100.1 Destination 192.168.2...

Punite by L1 Bithead
  • 1263 Views
  • 2 replies
  • 0 Likes

Difference between Rulebase Security Rules and security policy in CLI

Hello! I am struggling with some CLI config as we don't have access to the gui at the moment. I am trying to create an allow rule for ping, and searching around has directed me to use the syntax "set rulebase security rule". I did that and the rule committed successfully. When I 'show run security policy' I see the rule I just created at ...

Resolved! Slow Download and Uploads From Various Cloud Providers

Hello All,3220 running 10.2.10h7We have recently migrated a couple of our services to cloud providers away from prem and have since had issues with slowness with uploads and downloads to the servers. - 2-1Gb connections but for now we have PBF Rule sending traffic out to a preferred uplink- No QoS- App overrides in place and traffic is being ide...

Tshaw89 by L1 Bithead
  • 2174 Views
  • 3 replies
  • 0 Likes
  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks