This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4552 Views
  • 0 replies
  • 1 Likes

Forward Proxy & SSL Inbound Inspection Certificate Comparasion

Hello,1- The CA and Keys checkboxes in the Certificates section of Palo Alto Firewall should always be selected? respectively the certificates used for Forward Proxy and SSL Inbound Inspection should always have CA selected and Keys imported?2- We use just one self-signed certificate for Forward Trust and Untrust proxy. So we need to import this...

Software Version 11.1.5-h1

Hello, We are experiencing packet loss, and the IPsec tunnels are going down on the following version and model: Software Version: 11.1.5-h1 Model: PA-1420 After restarting the firewall, it resumes normal operation. I want to know, this version is stable, any advise.

Recent 0-Days (Watch Towr Labs findings)

We have been a client of Palo Alto's for years, but given this report and the recent 0 days are not as committed to staying with the company in the upcoming refresh. Has their been any guidance from Palo Alto on how they intend to address, what appears to be, poor software architecture in the underlying code of their firewalls?

dkaliel by L0 Member
  • 586 Views
  • 0 replies
  • 0 Likes

Resolved! Panos 11.1.4-h1

Hi All. I am a novice admin to PANOS so not too technical. Basically we did a firmware uplift from Panos 11.0 to 11.1, this worked fine. We then started uplift and upgrade Panos 11.1.4-h1 however the install seemed to error and close screen (se we could not see error message). Checking the device is still working passing traffic etc. but wh...

A.Reid by L0 Member
  • 1584 Views
  • 1 replies
  • 0 Likes

40G ports flap in PA 3430

Hi, We are facing uplink issues between PA 3430 40G to Cisco Cat 9407R VSS. Cisco side QSFP-40G-SR-BD, CISCO-AVAGO, Cisco part number - 10-2945-02 PA side - Vendor Name: AVAGO, Vendor Part Number: AFBR-79EBMZ Tried the below, Kept one single port in port channel and tried Tried with Active, passive, slow and fast from PA, same active and...

Citrix (Terminal services) UserID Deployment

Hello everyone,I would like to deploy UserID Terminalservices Agent in a Citrix environment.There are approx 30 servers deployed from the same Master Image.I have TA successfully running on dedicated (non-Citrix) Terminalservers with Certificates generated by a PKI-root within the firewalls. Each TS has its own cert signed by that Root with the ...

Prevent bypassing captive portal?

We are in an environment where we have captive portal (with MS SSO) but users are able to get around the authentication redirects via VPN. We'd like to ensure that the only traffic that is allowed by unauthenticated users on this network is traffic that is redirected to captive portal and cannot be bypassed. Would we just be looking at placi...

Palo Alto DHCP Relay Stops Working After Reboot

After rebooting the firewall due to a power activity, we noticed that the DHCP relay stopped working. We could see the DHCP Discover and Offer messages in Wireshark, but the firewall’s DHCP relay did not seem to function properly. The firewall was running PAN-OS version 11.0.4-h5, and we upgraded it to 11.0.4-h6 to see if the newer version would...

Jagdeep1 by L2 Linker
  • 1565 Views
  • 1 replies
  • 0 Likes

Monitoring Palo Alto VPN IPSEC tunnels on PRTG

Hi, Our company recently acquired new Palo Alto PA440 and have set up VPN IPSEC tunnels (both Ikev1 and ikev2). We currently need to montitor thise tunnels efficiently using PRTG to be alerted in case one of the tunnels go down. Can anyone who did this before guide me how it can be done or suggest any alternative using PRTG? Or if you could shar...

CNGFW Integration with Panorama, its Stability, & Performance

To integrate the Cloud NGFW service with Panorama virtual appliance, panorama running software version 10.2, 11.0, or 11.1 and not greater than 11.1 as per the below KB Article. Panorama Integration Prerequisites However, I recently deployed VM Series Panorama running on 11.2.4-h1, which being integrated with CNGFW (azure plugin version 5.2.1)...

set system setting target-vsys is not an option 10.2.10-h9

I am trying to test the authentication profile for ldap. However I am unable to successfully because it is checking vsys0 and the ldap is set for vsys1. but when using set system setting the target-vsys is not an option for the command. I just get invalid syntax. Did this change along the way because every page i find and read says to set s...

Change of the interface's name order in the commit

Hello, when I verify the configuration changes on the firewall before committing them I see a line that begins with "interface [" and lists all the interface and subinterfaces that exist, but in the running config they have an order and in the candidate configuration the names are the same but the order is different, so for example:"interface [...

Packet Capture Issue

Hi Team, I am seeing an active session for a specific traffic , but when I try to capture the packets there is no packets has been captured. Also "debug dataplane packet-diag show filter-marked-session" command also not showing any session details. I am pasting session details below, Session 2780057c2s flow:source: 10.30.9.145dst: 10.130.160.1...

Edsnow by L3 Networker
  • 1035 Views
  • 1 replies
  • 0 Likes
  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks