This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Resolved! Assistance Required for Firewall HA Peer Upgrade

Hi Team, We are planning to upgrade our firewall HA peer to the preferred release. Currently, the firewalls are running the following versions: 10.1.14-h6 11.0.6-h1 I need assistance with the following points: <1> Can you confirm the latest preferred release for our firewall? I came across an article indicating 11.1.4-h7 as the preferred v...

M.Manwal by L0 Member
  • 1355 Views
  • 1 replies
  • 0 Likes

Upgrade path 10.2.9-h1 to 1.1.4-h7

Hello Palo experts, I am planning to upgrade the existing PAN 5220 HA firewall with a Panorama virtual appliance. The current PAN-OS version is 10.2.9-h1. Could you assist with the correct and valid upgrade path from PAN-OS 10.2.9-h1 to 11.1.4-h7? Can we do the below? 1. download 11.1.0 ( not install) 2. download 11.1.4-h7 and install on Palo PA...

yeruel by L1 Bithead
  • 1881 Views
  • 1 replies
  • 0 Likes

Resolved! Downgrade of Active - Passive PA-220 HA Pair

We have a pair of PA -220 (Active - Passive) Currently on 10.2.11 The customer want to downgrade these back to the 10.1 Feature Release. They were on 10.1.13 earlier in the year, before we upgraded them to 10.2.9-h1 and then again to 10.2.11 to try and fix an issue with disk space etc. I just want to double check the downgrade instructio...

G.Blake by L0 Member
  • 1242 Views
  • 1 replies
  • 0 Likes

Zone protection profile

Hi All, I'm planning to implement Zone protection on outside interfaces using Strict IP Address Check" or only "Spoofed IP address" in the packet based attack protection of the zone protection profile. Does it drop legitimate traffic as per below points 1) Configure static one to one Snat and vice versa for reverse natting2) Does it impact if a...

How to actually get support?

Purchased a pair of PA-1410's last month. Within 3 days one of the power supplies was dead. Account rep said submit a tac case, but the device isn't showing up in the portal so i'm blocked there. Tried calling the support number which sent me here then hung up. Any thoughts? Wonding if one of my fortigate power supplies that have run for 7 ...

S.Mack by L0 Member
  • 1069 Views
  • 2 replies
  • 0 Likes

upgrade path

Greetings, I am currently running 10.2.10-h3 and looking to go to 11.1.4-h7.I understand I need to pre-load but not install 11.1.0 - correct? I am also running sd_wan 3.0.3 and am contemplating going to 3.3.2.My understanding is the upgrade path is 3.05, then 3.3.0, then 3.3.2.Q: Do I need to install (fully) and deploy each version, or is j...

Forward Proxy & SSL Inbound Inspection Certificate Comparasion

Hello,1- The CA and Keys checkboxes in the Certificates section of Palo Alto Firewall should always be selected? respectively the certificates used for Forward Proxy and SSL Inbound Inspection should always have CA selected and Keys imported?2- We use just one self-signed certificate for Forward Trust and Untrust proxy. So we need to import this...

Software Version 11.1.5-h1

Hello, We are experiencing packet loss, and the IPsec tunnels are going down on the following version and model: Software Version: 11.1.5-h1 Model: PA-1420 After restarting the firewall, it resumes normal operation. I want to know, this version is stable, any advise.

Recent 0-Days (Watch Towr Labs findings)

We have been a client of Palo Alto's for years, but given this report and the recent 0 days are not as committed to staying with the company in the upcoming refresh. Has their been any guidance from Palo Alto on how they intend to address, what appears to be, poor software architecture in the underlying code of their firewalls?

dkaliel by L0 Member
  • 564 Views
  • 0 replies
  • 0 Likes

Resolved! Panos 11.1.4-h1

Hi All. I am a novice admin to PANOS so not too technical. Basically we did a firmware uplift from Panos 11.0 to 11.1, this worked fine. We then started uplift and upgrade Panos 11.1.4-h1 however the install seemed to error and close screen (se we could not see error message). Checking the device is still working passing traffic etc. but wh...

A.Reid by L0 Member
  • 1521 Views
  • 1 replies
  • 0 Likes

40G ports flap in PA 3430

Hi, We are facing uplink issues between PA 3430 40G to Cisco Cat 9407R VSS. Cisco side QSFP-40G-SR-BD, CISCO-AVAGO, Cisco part number - 10-2945-02 PA side - Vendor Name: AVAGO, Vendor Part Number: AFBR-79EBMZ Tried the below, Kept one single port in port channel and tried Tried with Active, passive, slow and fast from PA, same active and...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks