This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4518 Views
  • 0 replies
  • 1 Likes

Resolved! Custom URL Category Not working Properly

Hi All, I have created a custom URL category with wildcard *.docker.io, But when I run test command as below It is not matching any custom category. test custom-url url test.docker.io the PAN-OS Version is 10.2.x Is there any known issue or behavior changes.

Edsnow by L3 Networker
  • 1499 Views
  • 1 replies
  • 0 Likes

Resolved! Warning: Advance Routing mode is disabled , feature not supported

Recently upgrade to version 10.1.14-h6 and now firewall is giving the below warning message.The firewall HA pair is operating with no issues and all commits are successful. I don't do any advanced routing in the firewall - only one vr. Is there a way to clear this alert? It's something unique to this 10.1.14-h6 and wasn't there prior. Any sugg...

Policy configured with Application ID but sarda cloud saying I need to configure services as well ?

Hi everyone, I have my policies configured with the Application ID, and I’ve set the service to "any" because some applications use random ports. However, Strata Cloud is recommending that I configure the services explicitly as well. I was under the impression that if I configured the application in the policy, only that application would be all...

din100 by L3 Networker
  • 970 Views
  • 2 replies
  • 0 Likes

Resolved! DHCP with ISP router don't work :/

Hi,just purchased a PA-3260 and trying to configure it to use DHCP with my ISP router.The DHCP server works fine on the ISP router, tried it on my laptop.I reset the PA-3260 than i removed the wired interface and select the first interface and set ip up as DHCP client with default router and untrust zone.The zones are in Layer3 mode. But it stuc...

Ertu57 by L1 Bithead
  • 28168 Views
  • 30 replies
  • 0 Likes

DNS Failover Service

We are testing a 3rd party DNS failover service and they need a way to verify if our ISP is up. My thought on this was to allow ping/icmp on our external nic from the vendor's public IP range, however that isn't an option. We could allow http/https but I really hate the idea of opening the administrative access to the public, even if it is jus...

B.Fisher by L1 Bithead
  • 719 Views
  • 0 replies
  • 0 Likes

Resolved! How to ping External Interface IP

Hi I am trying to setup the ability to ping an external interface's IP address. I have setup a MGMT profile that allows PING assigned to the physical interface where our public IP addresses are. I also created a security rule that allows ICMP and PING to that particular IP. The rule is setup as follows Type: Universal source zone: External...

B.Fisher by L1 Bithead
  • 2381 Views
  • 3 replies
  • 0 Likes

Inbound Policy-Based Forwarding Issue - Intermittent loss of connectivity

Hello, Got a strange one, that I am hoping someone with deep knowledge of PBF and symmetric return can advise on. We have two (2) virtual-routers due to two different ISPs. The history of it is we are migrating off of one ISP to finally decommission it. Most of the internal DMZs are on VR1 New VR2 is the new ISP We have eBGP between VRs u...

SD-WAN Traffic Control from the Hub Side

Hi Guys, our Palo Alto on the HUB side is equipped with a single 10G uplink interface. On the Spoke side, there are three uplinks with varying bandwidths, and in this setup, the Panorama SD-WAN plugin generates three IPsec tunnels. I can manage traffic from the Spoke to the HUB using SD-WAN Rules and Traffic Distribution Profiles. However, is it...

D.Henze by L1 Bithead
  • 1390 Views
  • 2 replies
  • 0 Likes

Resolved! Where to check Threat IDs?

Hi Guys, I was reading this article https://security.paloaltonetworks.com/CVE-2024-0012.Per the article, 'Additionally, if you have a Threat Prevention subscription, you can block these attacks using Threat IDs 95746, 95747, 95752, 95753, 95759, and 95763 (available in Applications and Threats content version 8915-9075 and later). For these Thre...

tinhnho by L3 Networker
  • 4694 Views
  • 3 replies
  • 0 Likes

4-Node Cluster (2x Active/Active) and "orphaned" zone

Hi,I'm looking for some insight into the workings of the multi-node cluster functionality when there are more than two nodes. Let's say I have two Active/Active pairs that are clustered with a HA4 Interface. In this case I more specifically wonder how the behavior of session/state synchronization would work if the HA-Pairs had a Zone named d...

Johande by L1 Bithead
  • 1184 Views
  • 1 replies
  • 0 Likes

Resolved! IP address being blocked by PAN Malicious IP Feeds Inbound on PA820

Hello, IP address 74.102.229.126 is being blocked by Palo Alto's Malicious IP Feeds Inbound rule. However this is a network that should be allowed on customer s company. We cannot see a way of submitting an IP address to whitelist. on below link we have: https://urlfiltering.paloaltonetworks.com/query/  URL: 74.102.229.126  Categori...

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks