This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

SSL policy rule and needed match application values

Hello, I have a quick question in regards to SSL decryption and policy match values. If I have SSL decryption, and I want to allow 'facebook-chat' for example, I know a policy rule with the app facebook-chat and it's dependencies 'facebook-base,mqtt-base' is needed. I also understand that the implicit use applications will be allowed through t...

Punite by L1 Bithead
  • 726 Views
  • 0 replies
  • 1 Likes

Please check the Max Decrypt session value of PA-3410.

HelloI'm curious about the number of SSL Decrypt sessions for PA-3410.I could see this on the product comparison site before, but I can't see it now.A customer using Decrypt wants that information.It's not even in the spec sheet or data sheet, where can I check it?- Max concurrent decryption sessionsI'd appreciate it if you could tell me

Rule UUIDs Always Change

Greetings Community! Apologies if this has been answered in a previous thread- I couldn't find anything... When exporting configuration files from PA-3220 I have noticed that sometimes the rule UUIDs are different than the previous config dump and sometimes they are the same. Can someone please explain why this is? What causes the rule UU...

Global Protect Custom Setup

Hi Guys I have 5 separate GP Captive Portals and I want to make a custom setup for all of them separately. I will deploy them separately from the network. Can we change the global protect msi package? I heard it can be done from Expedition, is it true? So how do we add the relevant portal into the msi package?

Fly_Al by L0 Member
  • 643 Views
  • 0 replies
  • 0 Likes

Resolved! Not able to apply QoS profile to interface

I am preparing firewall for interface change, and moving 2 sub interfaces to a separate aggregate ethernet. Current AE1.10, .20, .30, .40 Upcoming AE1.10, .20 AE10.30, .40 I have already created aggregate and its subinterfaces and are disabled, added fake IP/s routes and created NAT rules using new interfaces, to make it easier on the chan...

raji_toor by L4 Transporter
  • 7133 Views
  • 12 replies
  • 0 Likes

Flood protection (SYN) blocking/failing file downloads

Hopefully someone can make some sense as I can't find it. Still a little new to PA, though, but this is something I really don't get it.If I enable Zone Protection - Flood Protection (SYN) and choose "Syn Cookies" or "Random Early Drop" on internal and/or external zone, files from the internet cannot be downloaded anymore.And these are downloads...

HA pair not syncing after SSL cert change

Hi there folks, I'm trying to troubleshoot an issue with 2 firewalls where we uploaded the same SSL cert in both FWs and now they are not syncing. Our troubleshooting efforts have come to the following:- Reboot management server on both firewalls. - Config didn't change, this was working before the cert change. - removing and readding the ce...

Screenshot 2024-10-11 124237.jpg

Alert for appid queue overflows

We've been facing an issue with discards due to the app-id queue overflowing - counter "appid_exceed_pkt_limit_post". I've been trying to either have the firewall send an SNMP trap when the counter increments OR have the alert "bubble-up" to the system log and then have the Palo send a message via email. I thought I found a method to have co...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks