This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4560 Views
  • 0 replies
  • 1 Likes

Migration to PAN from Cisco

Hello everyone,I am newbie to PAN Firewall. Sorry that I haven't got much experience on Firewalls.Currently we are in the middle of the migration as from the Cisco ASA with Firepower into PAN 1400 series. Have done some NATs and Security Policies migrations.The existing Cisco environment is with two Contexts and some experts assisted us to creat...

The difference between the values ​​shown in ACC and Live Session is too large.

Hi I recently discovered something strange while checking a customer's firewall. The customer firewall's session count typically has a count around 1.5 million. But the firewall ACC shows a figure of 4 million I know that ACC is not a real live count and therefore does not completely match the value shown in the CLI or Dashboard. But this ha...

Where to add Proxy ID with multiple tunnels?

Hey all, We have 3 firewalls: C1 = Cisco FW - Policy based S2S VPN -- subnet behind it 10.1.0.0/24 P2 = Palo FW - Route based S2S VPN -- subnet behind it 172.16.50.0/24 C3 = Cisco FW - Policy based S2S VPN -- subnet behind it 192.168.20.0/24 We have S2S tunnels as: C1 <---- tunnel.1---> P2 <-----tunnel.2-----> C3 Proxy ID on P2 are...

Resolved! Threat Prevention License for PAN OS upgrade

We have a PA-220 firewall and we are updrading the PAN OS from version 10.1.13 to version 10.2.0. When we try to update the following error appears: "Upgrading from 10.1.13 to 10.2.0 requires a content version of 8529 or greater and found 8408-6715". To solve this issue, we tried to install a more recent Applications and Threats content version....

PA-400 Check software not working

Hi, I have a standalone PA-440 device which I tried to check for upgrades to update its PANOS from 11.0.x releases to 11.1, but the check for updates never pulled any new updates from Palo Alto repositories, and all I am getting is an empty list. What I tried so far: I verified the connectivity to the Palo updates websites ( DNS and service ...

Resolved! [China] Can't get device certificate on PA440

Hi everyone, We are based in Shanghai and we encounter an issue to generate a device certificate. On the web interface, we don't have the "Get certificat" option And when i try to request via CLI, nothing happen with the cmd "request certificate fetch" and i have a invalid syntax with "request certificate fetch opt 'opt number'" Thank in a...

Sauneuf_0-1730856124382.png
Sauneuf_1-1730856248383.png
Sauneuf_2-1730856479672.png
Sauneuf by L0 Member
  • 1417 Views
  • 1 replies
  • 0 Likes

Palo Alto-certified SFP check

Hello,Normally we use the following commands to check an SFP by Palo Alto Certified or not. how system state filter sys.s1.p19.physys.s1.p19.phy: { 'link-partner': { }, 'media': SFP-Plus-Fiber, 'sfp': { 'connector': LC, 'encoding': Reserved, 'identifier': SFP, 'transceiver': 10000B-SR, 'vendor-name': OEM , 'vendor-part-number': PAN-SFP-PLUS-SR ...

PAN OS Issues with MPLS Link

We noticed that the customer’s environment had an upgrade of the PA-440 to PAN-OS 11.1.4-h1, but they experienced an MPLS link-down issue. The same issue was observed on the remaining four firewalls. After downgrading to PAN-OS 10.2.10, the MPLS link was working fine. Could you please confirm if this is a known bug?

problem in integration with clearpass XML API

while trying to integrate Aruba ClearPass with PA to send login info and user role to PA from ClearPass using XML API the following errors appears in ClearPass side, and no error appear from PA side unable to post request to PAN (IP address), error: (httpsession): unable to execute POST request url:xxxxxxxcontext deadline exceeded (Client Timeo...

Enhancing OT Network Security with a 2.5 DMZ:

In our OT network, we're considering adding a Level 2.5 DMZ to bolster security. This would serve as an additional layer of protection between the control systems (Level 2) and the enterprise network (Level 4).Specific Design:Level 2.5 DMZ: Host third-party servers and Engineering Workstations (EWS).Level 3.5 DMZ: Maintain existing role as a DMZ...

Norkk87 by L0 Member
  • 1298 Views
  • 0 replies
  • 0 Likes
  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks