This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4600 Views
  • 0 replies
  • 1 Likes

Windows-Update configuration PA-1410

Hello, I have a Microsoft Configuration Manager Current Branch 2403.It uses WSUS to get updates catalogs and download them. The server itself has its own way to retrive updates, it does not go via WSUS. Does anyone know how to configure this? I've used this website to configure a url category "windows update": https://learn.microsoft.com/fr-fr/...

Security Policy for SSL & Web-Browsing only

Hi, I was wondering, is it bad practice to create a security policy with only the applications SSL & Web-Browsing in it? Ensuring best practice security profiles are on the policy as well. I've tried searching the web for suggestions and might be missing it. If someone can point me in the right direction?

ArthurAT by L1 Bithead
  • 1218 Views
  • 2 replies
  • 0 Likes

Resolved! BGP on 3220 series

hello all I am working on a BGP configuration on a HA 3220 series install the BGP status is staying at connect not establish I enabled BGP on the IP addresses inbound /outbound -- no hits on the policy Q are there show commands or debugs that can help me determine what the issue is ? many thanks

S.Byrne by L3 Networker
  • 1661 Views
  • 2 replies
  • 0 Likes

About Correlation Object Detection

Attention: JAPAC TPM team I would like to know the following about Correlation Object (Beacon Detection) event generation.We recognize that Beacon Detection defines how many times a malicious activity (e.g. access to threat URL) in a given period of time from the following descriptions.[Correlation Object]https://docs.paloaltonetworks.com/pan-...

Ikev2 site to site vpn between pa and cisco asa

temporary security measures for all users.msdphiMessagesNotifications(English) USAGet StartedDiscussionsBlogsArticlesProductsToolsEducation ServicesMember RecognitionPodcastsCustomerPartnerEmployeeikev2 site to site VPN between PA and ASASearch this contentPanorama Dikev2 site to site VPN between PAHi All, I have a site to site VPN configured to...

msdphi by L2 Linker
  • 838 Views
  • 0 replies
  • 0 Likes

Agentless User-ID issue problem - AD Local Security Policy incompatibility

Hi, I was trying to set up an agentless User-ID configuration when I ran into this issue: my AD Local Security Policy has deny log on locally for Event Log Readers and Distributed COM users set up. For company security reasons, I cannot change this policy. What I want to know is if there's any other way I can set User-ID synchronization to avoid...

mR00t_s5 by L2 Linker
  • 1260 Views
  • 2 replies
  • 0 Likes

Migration to PAN from Cisco

Hello everyone,I am newbie to PAN Firewall. Sorry that I haven't got much experience on Firewalls.Currently we are in the middle of the migration as from the Cisco ASA with Firepower into PAN 1400 series. Have done some NATs and Security Policies migrations.The existing Cisco environment is with two Contexts and some experts assisted us to creat...

The difference between the values ​​shown in ACC and Live Session is too large.

Hi I recently discovered something strange while checking a customer's firewall. The customer firewall's session count typically has a count around 1.5 million. But the firewall ACC shows a figure of 4 million I know that ACC is not a real live count and therefore does not completely match the value shown in the CLI or Dashboard. But this ha...

Where to add Proxy ID with multiple tunnels?

Hey all, We have 3 firewalls: C1 = Cisco FW - Policy based S2S VPN -- subnet behind it 10.1.0.0/24 P2 = Palo FW - Route based S2S VPN -- subnet behind it 172.16.50.0/24 C3 = Cisco FW - Policy based S2S VPN -- subnet behind it 192.168.20.0/24 We have S2S tunnels as: C1 <---- tunnel.1---> P2 <-----tunnel.2-----> C3 Proxy ID on P2 are...

Resolved! Threat Prevention License for PAN OS upgrade

We have a PA-220 firewall and we are updrading the PAN OS from version 10.1.13 to version 10.2.0. When we try to update the following error appears: "Upgrading from 10.1.13 to 10.2.0 requires a content version of 8529 or greater and found 8408-6715". To solve this issue, we tried to install a more recent Applications and Threats content version....

PA-400 Check software not working

Hi, I have a standalone PA-440 device which I tried to check for upgrades to update its PANOS from 11.0.x releases to 11.1, but the check for updates never pulled any new updates from Palo Alto repositories, and all I am getting is an empty list. What I tried so far: I verified the connectivity to the Palo updates websites ( DNS and service ...

Resolved! [China] Can't get device certificate on PA440

Hi everyone, We are based in Shanghai and we encounter an issue to generate a device certificate. On the web interface, we don't have the "Get certificat" option And when i try to request via CLI, nothing happen with the cmd "request certificate fetch" and i have a invalid syntax with "request certificate fetch opt 'opt number'" Thank in a...

Sauneuf_0-1730856124382.png
Sauneuf_1-1730856248383.png
Sauneuf_2-1730856479672.png
Sauneuf by L0 Member
  • 1455 Views
  • 1 replies
  • 0 Likes
  • 1587 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks