This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4558 Views
  • 0 replies
  • 1 Likes

Inbound Policy-Based Forwarding Issue - Intermittent loss of connectivity

Hello, Got a strange one, that I am hoping someone with deep knowledge of PBF and symmetric return can advise on. We have two (2) virtual-routers due to two different ISPs. The history of it is we are migrating off of one ISP to finally decommission it. Most of the internal DMZs are on VR1 New VR2 is the new ISP We have eBGP between VRs u...

SD-WAN Traffic Control from the Hub Side

Hi Guys, our Palo Alto on the HUB side is equipped with a single 10G uplink interface. On the Spoke side, there are three uplinks with varying bandwidths, and in this setup, the Panorama SD-WAN plugin generates three IPsec tunnels. I can manage traffic from the Spoke to the HUB using SD-WAN Rules and Traffic Distribution Profiles. However, is it...

D.Henze by L1 Bithead
  • 1425 Views
  • 2 replies
  • 0 Likes

Resolved! Where to check Threat IDs?

Hi Guys, I was reading this article https://security.paloaltonetworks.com/CVE-2024-0012.Per the article, 'Additionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Thre...

tinhnho by L3 Networker
  • 5144 Views
  • 3 replies
  • 0 Likes

4-Node Cluster (2x Active/Active) and "orphaned" zone

Hi,I'm looking for some insight into the workings of the multi-node cluster functionality when there are more than two nodes. Let's say I have two Active/Active pairs that are clustered with a HA4 Interface. In this case I more specifically wonder how the behavior of session/state synchronization would work if the HA-Pairs had a Zone named d...

Johande by L1 Bithead
  • 1219 Views
  • 1 replies
  • 0 Likes

Resolved! IP address being blocked by PAN Malicious IP Feeds Inbound on PA820

Hello, IP address 74.102.229.126 is being blocked by Palo Alto's Malicious IP Feeds Inbound rule. However this is a network that should be allowed on customer s company. We cannot see a way of submitting an IP address to whitelist. on below link we have: https://urlfiltering.paloaltonetworks.com/query/  URL: 74.102.229.126  Categori...

Resolved! BGP sessions reset or not - Active-Standby HA

Hello All, I have a few BGP related questions regarding Palo Alto Network firewalls HA active-standby setup. Scenario:* eBGP to internal/trust network* static default route for WAN/untrust side* floating IPs are used Qs:1. During failover, is the the BGP session state re-established on the passive firewall? That is, the BGP session is not synce...

Resolved! Assistance Required for Firewall HA Peer Upgrade

Hi Team, We are planning to upgrade our firewall HA peer to the preferred release. Currently, the firewalls are running the following versions: 10.1.14-h6 11.0.6-h1 I need assistance with the following points: <1> Can you confirm the latest preferred release for our firewall? I came across an article indicating 11.1.4-h7 as the preferred v...

M.Manwal by L0 Member
  • 1400 Views
  • 1 replies
  • 0 Likes

Resolved! Downgrade of Active - Passive PA-220 HA Pair

We have a pair of PA -220 (Active - Passive) Currently on 10.2.11 The customer want to downgrade these back to the 10.1 Feature Release. They were on 10.1.13 earlier in the year, before we upgraded them to 10.2.9-h1 and then again to 10.2.11 to try and fix an issue with disk space etc. I just want to double check the downgrade instructio...

G.Blake by L0 Member
  • 1284 Views
  • 1 replies
  • 0 Likes

Zone protection profile

Hi All, I'm planning to implement Zone protection on outside interfaces using Strict IP Address Check" or only "Spoofed IP address" in the packet based attack protection of the zone protection profile. Does it drop legitimate traffic as per below points 1) Configure static one to one Snat and vice versa for reverse natting2) Does it impact if a...

How to actually get support?

Purchased a pair of PA-1410's last month. Within 3 days one of the power supplies was dead. Account rep said submit a tac case, but the device isn't showing up in the portal so i'm blocked there. Tried calling the support number which sent me here then hung up. Any thoughts? Wonding if one of my fortigate power supplies that have run for 7 ...

S.Mack by L0 Member
  • 1105 Views
  • 2 replies
  • 0 Likes
  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks