Next-Generation Firewall Discussions

Diabled Application in VSYS1

I have received an high risk alert on PA3250 IOS 9.1.16  "Disabled applications in vsys1: 104apci-unnumbered-startdt-act 104apci-unnumbered-startdt-con 104apci-unnumbered-stopdt-act 104apci-unnumbered-stopdt-con 104apci-unnumbered-test-act 104apci-un

Captive Portal is not Working

I have enabled Captive portal for PA-VM 100 and configured all points related to it.

Issue raised when a user tried to connect to internet, client get error pls look in the attached snap.

NGFW Threat & Traffics Log Fields

Hi Team, 

I am going through the traffic and threat logs of the NGFW. In the logs, I am unable to get the knowledge of the following fields " domain" & "config version". 

Not able to login into URL from behind the palo alto

Dear Team,

Greeting...!

We are trying to access one URL from behind the palo alto, it was accessible but we are not able to log in to that URL, and when we checked using a mobile hotspot it was login successfully.

Additionally, we checked the t

10.2.8 DP DP Hardware Packet Buffer exhaustion bug

If upgrading to 10.2.8, keep an eye out on your DP Hardware Packet Buffer usage. We've seen it cause PA-5250's to stop processing traffic.

TAC is aware of the issue. We ended up downgrading to 10.2.7-h3 to work around the issue for now (be mindful of

Layer 2 network extension

Is it possible to extend the layer 2 network over the layer 3 network to the other site using Palo Alto

Basically I am trying to extend the VLAN to other site. Not sure if this can be achieved with Palo Alto. Any suggestion are welcome

Running 11.1.2 in production

Hi everyone

I read that 11.1.2 is now the preferred release for 34xx, and desiring to upgrade due to some of the new features, I find myself concerned about this known issue:

PAN-224763 - A TDB engine version mismatch issue affecting all firewalls,

NIPS

How do we identify NIPS logs among Paloalto Firewall logs ?

Firewalls communicating to public IPs on Management Interface

We are currently seeing the Management Plane of our Palo Alto Firewalls communicating to the following IP-Addresses:

• 34.96.84.34
• 107.178.249.217
• 35.238.108.32 

This communication occurs on different Platforms. We see more activity since PAN-OS 10, curr

AWS-Palo VPN Phase-2 Rekeying

HI Team

We have an issue with AWS Site to Site VPN, where we can see continuous rekeying of Phase-2 tunnels. It's a PA-3220 HA pair. It started happening recently as we can see previously the rekey did happen only after the Lifetime expired (Phase-

Can't use existing 'Object Group' in new Policies on 11.1.2

I'm converting from ASA to the PA 3410 running 11.1.2 code.
I am frustrated by the fact that every time I write a new policy/rule, I cannot use an already established 'Object Group' as the code forces me to make yet another new "Obj Group' even if it