This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

Resolved! Assistance Required for Firewall HA Peer Upgrade

Hi Team, We are planning to upgrade our firewall HA peer to the preferred release. Currently, the firewalls are running the following versions: 10.1.14-h6 11.0.6-h1 I need assistance with the following points: <1> Can you confirm the latest preferred release for our firewall? I came across an article indicating 11.1.4-h7 as the preferred v...

M.Manwal by L0 Member
  • 1432 Views
  • 1 replies
  • 0 Likes

Resolved! Downgrade of Active - Passive PA-220 HA Pair

We have a pair of PA -220 (Active - Passive) Currently on 10.2.11 The customer want to downgrade these back to the 10.1 Feature Release. They were on 10.1.13 earlier in the year, before we upgraded them to 10.2.9-h1 and then again to 10.2.11 to try and fix an issue with disk space etc. I just want to double check the downgrade instructio...

G.Blake by L0 Member
  • 1320 Views
  • 1 replies
  • 0 Likes

Zone protection profile

Hi All, I'm planning to implement Zone protection on outside interfaces using Strict IP Address Check" or only "Spoofed IP address" in the packet based attack protection of the zone protection profile. Does it drop legitimate traffic as per below points 1) Configure static one to one Snat and vice versa for reverse natting2) Does it impact if a...

How to actually get support?

Purchased a pair of PA-1410's last month. Within 3 days one of the power supplies was dead. Account rep said submit a tac case, but the device isn't showing up in the portal so i'm blocked there. Tried calling the support number which sent me here then hung up. Any thoughts? Wonding if one of my fortigate power supplies that have run for 7 ...

S.Mack by L0 Member
  • 1154 Views
  • 2 replies
  • 0 Likes

Forward Proxy & SSL Inbound Inspection Certificate Comparasion

Hello,1- The CA and Keys checkboxes in the Certificates section of Palo Alto Firewall should always be selected? respectively the certificates used for Forward Proxy and SSL Inbound Inspection should always have CA selected and Keys imported?2- We use just one self-signed certificate for Forward Trust and Untrust proxy. So we need to import this...

Software Version 11.1.5-h1

Hello, We are experiencing packet loss, and the IPsec tunnels are going down on the following version and model: Software Version: 11.1.5-h1 Model: PA-1420 After restarting the firewall, it resumes normal operation. I want to know, this version is stable, any advise.

Recent 0-Days (Watch Towr Labs findings)

We have been a client of Palo Alto's for years, but given this report and the recent 0 days are not as committed to staying with the company in the upcoming refresh. Has their been any guidance from Palo Alto on how they intend to address, what appears to be, poor software architecture in the underlying code of their firewalls?

dkaliel by L0 Member
  • 609 Views
  • 0 replies
  • 0 Likes

Resolved! Panos 11.1.4-h1

Hi All. I am a novice admin to PANOS so not too technical. Basically we did a firmware uplift from Panos 11.0 to 11.1, this worked fine. We then started uplift and upgrade Panos 11.1.4-h1 however the install seemed to error and close screen (se we could not see error message). Checking the device is still working passing traffic etc. but wh...

A.Reid by L0 Member
  • 1636 Views
  • 1 replies
  • 0 Likes

40G ports flap in PA 3430

Hi, We are facing uplink issues between PA 3430 40G to Cisco Cat 9407R VSS. Cisco side QSFP-40G-SR-BD, CISCO-AVAGO, Cisco part number - 10-2945-02 PA side - Vendor Name: AVAGO, Vendor Part Number: AFBR-79EBMZ Tried the below, Kept one single port in port channel and tried Tried with Active, passive, slow and fast from PA, same active and...

Citrix (Terminal services) UserID Deployment

Hello everyone,I would like to deploy UserID Terminalservices Agent in a Citrix environment.There are approx 30 servers deployed from the same Master Image.I have TA successfully running on dedicated (non-Citrix) Terminalservers with Certificates generated by a PKI-root within the firewalls. Each TS has its own cert signed by that Root with the ...

Prevent bypassing captive portal?

We are in an environment where we have captive portal (with MS SSO) but users are able to get around the authentication redirects via VPN. We'd like to ensure that the only traffic that is allowed by unauthenticated users on this network is traffic that is redirected to captive portal and cannot be bypassed. Would we just be looking at placi...

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks