Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

OSPF Area Question

Can you have an area be normal on 1 interface and NSSA on another interface?

Say you have area 1.

Area 1 has neighbor on interface 1 with normal type.

Can another Area 1 interface be brought online on different interface 2 with NSSA type?

Resolved! wildfire is not reporting in the wildfire submission

Hello Friends,

I have configured the paloalto wildfire feature:

- kept the default file settings in Device --> wildfire --> General settings.

checked Report Benign Files, and grayware files too.

- created a wildfire profile that con

...

Untrust interface is not coming up after firmware upgrade

Untrust interface is not coming up after firmware upgrade in PA-220

Resolved! Test IPSEC tunnel Throughput

Hi Team,

I just started working on PaloAlto FW, I want to test ipsec tunnel throughput form my firewall to end Device. Can any tell the steps via GUI or cmd. and what is the correct way to trubleshoot if customer expericening the slowness to access i

...

PA-820 random Decyption Error

Since a few month we got more and more random outbound decryption errors. When the user wait a moment the website will automatically open correct. The browser error messages are "err_connection_reset" or net:err_cert_authority_invalid". In the decryp

...

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

Hi everyone,

1) End user has confirmed that these users' computers do not have the LINE application installed. However, the 443 traffic is being identified as "naver-line," with a subcategory of "voip-video." Could you please help us understand the

...

palo alto 850 firmware upgradation

Hi All,

Need to upgrade an palo alto 850 from 9.1.4 to 11.0. Basically i need a confirmation on below points.

1.Have only hardware support license, will it sufficient for firmware upgradation. PFA snapshot

2. As per below article i need to only d

...

Resolved! PA-820 management network don't have internet how do I get the device certificate working

My Palo don't have internet on the management network but I will need devices certificate on the devices to do the AIOPs logs but can't seems to get it work not sure which service on the service reroute to send it to the WAN interface.

Resolved! Max Connections per Second on PA3260

Hi,

I'm trying to configure Flood Protection in the Zone Protection Profile of my PA3260 and wanted confirm what the Maximun connections per second is. The number I came across was 84,000. Is this correct? I should also add I'm using SYN cookies as

...

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Hi Experts,

I'm going to upgrade from PANOS PANOS 10.2.8-h3 to 11.1.2-h3. Could you please advise me the download and install path. Additionally, Tell me how many reboots. It would require reaching out to 11.1.2-h3.

Thanks in advance

Resolved! EDL for major Linux distros

Hi All,

Do you have anu idea, if there is some external or unofficial EDL list with mirror servers for main Linux distros, so I can use it in the firewall rules?

E.g. Fedora has this list of all mirror servers available online - Mirrors - MirrorMa

...

Multiple Virtual Routers on SD-WAN Hub NGFW models supported

Hello!

Is the feature "Multiple Virtual Routers on SD-WAN Hub" supported for virtual software NGFW and PA-1410, 1420 hardware NGFW?

There are supported models started from PA-3400 only.

https://docs.paloaltonetworks.com/sd-wan/3-2/sd-wan-admin/confi

...

IPsec Tunnel Down!

Hi Team,

I'm a newbie at the Palo Alto firewall, and I've been checking the IPsec connection between PA850 at my sites. I'm encountering issues with the IPsec tunnel, which is not coming up. I tried establishing IPsec using the IP use

...

CPU on 3250 series is between 50% and 60%

Hello,

We have a problem , where the DP CPU is between 50% and 60% .

We want to know the root cause . we investigated the resources consumption and everything is normal.

How can we investigate the if the problem is related to a specific traffic

...

Firewall Backup Script using powershell

Hi Team,

Does anyone having a working powershell script for to export the running config from firewall using API.

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

OSPF Area Question

Resolved! wildfire is not reporting in the wildfire submission

Untrust interface is not coming up after firmware upgrade

Resolved! Test IPSEC tunnel Throughput

PA-820 random Decyption Error

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

palo alto 850 firmware upgradation

Resolved! PA-820 management network don't have internet how do I get the device certificate working

Resolved! Max Connections per Second on PA3260

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Resolved! EDL for major Linux distros

Multiple Virtual Routers on SD-WAN Hub NGFW models supported

IPsec Tunnel Down!

CPU on 3250 series is between 50% and 60%

Firewall Backup Script using powershell

High availability system alarms

diable cortex xdr agent

DNS-Sinkhole Injection

Move license between active NGFW

Newbie Initial Setup Question

Link and traffic priority on palo alto

Re: DNS-Sinkhole Injection

Re: Reason: Authentication profile not found for the user

Re: High availability system alarms

HA Configurations in Strata Cloud Manager (SCM) with NGFW.

Unlock your full community experience!

Rules and Best Practices

Resolved! wildfire is not reporting in the wildfire submission

Resolved! Test IPSEC tunnel Throughput

Resolved! PA-820 management network don't have internet how do I get the device certificate working

Resolved! Max Connections per Second on PA3260

Resolved! Upgrade path from PANOS 10.2.8-h3 to 11.1.2-h3

Resolved! EDL for major Linux distros