This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Paloalto FW HA(Active/Passive) OS Upgrade Procedure 10.1.X -> 11.1.X

HelloI have a question about upgrading the Palo Alto Fire Wall OS.From the 11.1.X version, we've seen that you can upgrade right away without a 10.2.X or 11.0.X install. ex) OS Upgrade(10.1.13-h1 -> 11.1.5)I ran the test on my Standalone firewall (10.1.13-h1) and verified that the upgrade was successful through 11.1.5 install after 11.1.0, 1...

sky95hhhh_0-1730177508043.png

PaloAlto Firewall and Cisco Expressway integration with NAT Reflection

In Cisco Expressway Series with Single NIC Deployment, the Cisco Expressway Core must be configured to point to the Fully Qualified Domain Name (FQDN) of the Cisco Expressway Edge, this FQDN must be resolved to the Public IP of Cisco Expressway Edge, instead of its private IP, this is one of the challenge in this type of deployment, because with...

rmeddane_0-1729974486754.png
rmeddane_1-1729974486755.png
rmeddane_2-1729974486757.png
rmeddane_3-1729974486758.png
rmeddane by L2 Linker
  • 2613 Views
  • 0 replies
  • 0 Likes

I need to upload response page

I am currently in the process of planning to upload a custom webpage to my Palo Alto device. However, I would like to automate this process through an API call. I have the HTML content for the webpage stored in a variable and I would like to upload it to the following path. Any references or suggestions in this regard would be greatly appreciate...

Can I use a certificate from another device in my decryption policy?

Hi I plan to apply Vunerable Protection to the customer's firewall and at the same time decrypt outbound traffic. However, the customer's network environment already includes encryption and decryption equipment. And the customer wants to apply the certificate used in the existing device when applying the Decryption Policy in Palo Alto. I thi...

Block Surfshark VPN

Hi All, We have a block for Proxy Avoidance and Anonymizers on our DMZs. But we are able to see that the users can access Surfshark VPN on our SDWAN. Also, I am unable to see any logs on the firewall. Could anyone please help me on how we can block the Surfshark VPN traffic? Thanks in advance.

YeshasNB by L0 Member
  • 3874 Views
  • 3 replies
  • 2 Likes

Resolved! Outbound blocking of incomplete applications

I have security rules in place to block applications such as 'msrpc-base' and 'ms-rdp' from exiting the network. However, I still see logs showing traffic egressing to ports 135 and 3389 with the application being listed as 'incomplete' and session end reason as 'aged-out'. Is this a concern? Should I be creating rules to block the protocol/p...

Resolved! SD-WAN BGP Configuration via Panorama Plugin specific prefix

Hi guys,we have one core Palo Alto firewall and round about 50 Palo Alto firewalls at customer side.All firewalls are managed by one Panorama and on all devices are running PanOS 11.1-4x. The sd-wan license is activated and the sd-wan plugin version is 3.2.1.We like to connect the customer sides via sd-wan to our core firewall but we do not like...

D.Henze by L1 Bithead
  • 1794 Views
  • 2 replies
  • 0 Likes

PAN-OS-11.1.2-h3 - No incomming traffic after upgrade

Hi, We recently upgraded our Palo Alto 1410 Firewall to PAN-OS-11.1.2-h3 from PAN-OS-11.0.4-h1. After Upgrade there was no incoming traffic from external networks. There were no hits or logs showing incoming traffic. Internet Outbound traffic was going through normally. IPSEC VPN tunnels were working normally. Support team checked and wanted u...

I am curious about the processing method in terms of hardware architecture.

Hi I recently compared the H/W architecture of the PA-3200 series and the PA-3400 series and had a question. Looking at the architecture below, it appears that N/W and Security Processing, which were previously separate, have been merged into one starting with the 3400 Series. Does this mean parallel processing in DP? Otherwise, is it just...

YChoi597679_0-1729644217845.png
YChoi597679_1-1729644272945.png

error in placement of IPS diagram

this picture shows the IPS before the firewall : https://www.paloaltonetworks.com/cyberpedia/firewall-vs-ids-vs-ips#ips BUT in the matrix belowyou state that an IPS is: Positioned right after the firewall, before the internal network.Thanks for the whole page, very educational, but that one discrepancy is killing me, it makes me wonder if I am...

edwardpw by L0 Member
  • 626 Views
  • 0 replies
  • 0 Likes

CPU issues on PA-3410

Hi Team, Need some help with respect to below query: Issue - We are using PA-3410 in our environment. We are monitoring this device using Logic Monitor tool. Our monitoring team states that they monitors CPU and memory utilization for Palo Alto devices using the “show system resources” command using API key instead of using SNMP OID. Our mon...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks