This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4552 Views
  • 0 replies
  • 1 Likes

Packet Capture Issue

Hi Team, I am seeing an active session for a specific traffic , but when I try to capture the packets there is no packets has been captured. Also "debug dataplane packet-diag show filter-marked-session" command also not showing any session details. I am pasting session details below, Session 2780057c2s flow:source: 10.30.9.145dst: 10.130.160.1...

Edsnow by L3 Networker
  • 1035 Views
  • 1 replies
  • 0 Likes

Resolved! Has anyone configured and tested the new functionality within Pan OS 11.0 Web Proxy in Transparent mode?

Hi team, I've set up the Web proxy in transparent mode, but I'm unsure of its functioning. Our Palo Alto device doesn't support WCCP and only allows Inline mode deployment. With only the admin guide available for reference and study, I may be the sole individual who has done this. Particularly, I'm uncertain about the D-NAT aspect of transparent...

AkashThangavel_0-1715591008571.png
AkashThangavel_1-1715591098465.png

Resolved! Red/Green "LED"s in GUI are useless to screen reader software. Please Add ALT TEXT!!!

So, Panorama and NGFW both use Red and Green status "lights" to denote interface, IKE, and IPSec status. Typical coding, but for someone who sees Red and Green differently (Technically in 1970s speak "Minor Red/Green Color Deficient", a.k.a. "ColorBlind") the GUI colors are useless. They didn't even use a light enough green like a lot of other...

Testing interfaces on Passive Node

Dear Community, I have a strange problem related to my PAN1410. My FW are build to HA Active-Passive. Everythink works until failover occcure.. after that I lost connections to GlobalProtect. It seems that I have problem with WAN interface, because when I return to Primary node, connectivity goes back. So if I have connectivity, how can I chceck...

Rule Order Best Practice

We recently migrated to the Palo Alto Firewalls. I am looking for best practice/recommendations on how to properly order firewall rules. We have all our block rules first (geoblocking, malicious sites, specific apps, etc) up top. But what about the rest? Is it supposed to be more defined rules (specific ip to ip) up top? Do general application...

SIP/RTP Traffic Issues in Palo Alto Active-Active vWire Setup Causing MAC Flapping In L3 devices

In a Palo Alto Active-Active vWire setup, traffic entering a port on Device A is not supposed to egress from any port on Device B. The HA3 link is typically used to forward packets from the active-secondary device to the active-primary device for processing and evaluation against security policies. However, in your setup, you are observing that ...

Resolved! HA-Pair losing management capability after upgrading to 11.1.5.

For whatever reason, every time we attempt to upgrade to 11.1.5 to one of our HA-pairs, we are unable to putty in, ping, or anything. BUT upgrading a single firewall has no issues when upgrading. After downgrading back to 11.1.4, we are not having this issue anymore. We attempted to upgrade to 11.1.5-h1, but are still having this issue. Is anyon...

PAN OS 8.1.25-h3 for PA-850

Hello Everyone, In one of the branch, we are having PA-850 firewall with firmware 8.1.13 version running on it. Because of the organization limitation, there is no internet on the firewall so we couldn't actively upgarde the firmware version. Now we are planned to upgrade the firmware version to 8.1.25-h3 by downloading it from support portal...

PA-820 after factory reset | by default User/Pass not working....

PA-820 experiencing an issue by default User/Pass not working (admin/admin) here is the logs listed below Welcome to the PanOS Bootloader. U-Boot 8.1.1.0-31 (Build time: Apr 23 2018 - 15:16:48) Octeon unique ID: 03c00051821df31e00c6N0.LMC0 Configuration Completed: 16384 MBQLM 2: SGMIIQLM 3: SGMIIQLM 4: SATADLM 5: SGMIISATA0: availableSATA1...

m_sufian by L1 Bithead
  • 5824 Views
  • 3 replies
  • 0 Likes

Monitoring SD-WAN Tunnel-IF via ping

Hi Guys, We're looking to connect multiple Palo Alto devices to our core Palo Alto via SD-WAN. In some cases, we have three internet connections at the customer site, each connected through a different ISP. Our goal is to monitor each tunnel by pinging the destination tunnel interface IP address from our Monitoring Tool throught our Core Palo Al...

DHenze_0-1731336658860.png
D.Henze by L1 Bithead
  • 2284 Views
  • 4 replies
  • 1 Likes

Clientless VPN - Application is not accessible

Hello All, This is my topology I have configured Clientless VPN hosting two application as, paloaltonetworks.com (external-application) and amazon.forest.in (internal hosted application). But i am unable to access the application that hosted inside. In this question have attached my configuration also. other than that there is no sent byte f...

qst.jpg
q1.jpg
q2.jpg
Q3.jpg

10.2.10-h9 Log Display Bug?

In the release announcements at Support PAN-OS Software Release Guidance it says that 10.2.10-h9 is the preferred release but on this page it also says that displaying filtered logs doesn't work properly and points you to a fix in 11.1.5 However this problem with log display is not listed in the known issues for 10.2.10 and I can't find a desc...

djr by L4 Transporter
  • 1482 Views
  • 2 replies
  • 0 Likes
  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks