This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4598 Views
  • 0 replies
  • 1 Likes

Flood protection (SYN) blocking/failing file downloads

Hopefully someone can make some sense as I can't find it. Still a little new to PA, though, but this is something I really don't get it.If I enable Zone Protection - Flood Protection (SYN) and choose "Syn Cookies" or "Random Early Drop" on internal and/or external zone, files from the internet cannot be downloaded anymore.And these are downloads...

HA pair not syncing after SSL cert change

Hi there folks, I'm trying to troubleshoot an issue with 2 firewalls where we uploaded the same SSL cert in both FWs and now they are not syncing. Our troubleshooting efforts have come to the following:- Reboot management server on both firewalls. - Config didn't change, this was working before the cert change. - removing and readding the ce...

Screenshot 2024-10-11 124237.jpg

Alert for appid queue overflows

We've been facing an issue with discards due to the app-id queue overflowing - counter "appid_exceed_pkt_limit_post". I've been trying to either have the firewall send an SNMP trap when the counter increments OR have the alert "bubble-up" to the system log and then have the Palo send a message via email. I thought I found a method to have co...

Resolved! Capwap Active Sessions in 2 ISP topology

Kind regards Team We currently have a topology in which the remote site has 2 VPNS configured (each VPN established by a different channel). The VPNs are configured against our Perimeter FW and the switching between them is done with Path Monitoring. The remote site has some Access Points that established a session (Capwap) against a controller ...

aalfaro by L2 Linker
  • 4249 Views
  • 5 replies
  • 0 Likes

Preferred version for update

Hi, Just looking for advise on suggested upgrade versions I have two VM-100s running 10.2.8-h3 and a PA-820 running 10.2.8. I need to upgrade them all in response to the CVE below. I'm a bit confused as both the Palo Alto preferred versions 10.2.9-h1 and 11.1.4-h1 listed here Support PAN-OS Software Release Guidance | Palo Alto Networks ...

Autocommit loop error and interfaces 'connected but down' after upgrade from 11.0.4-h2 to 11.1.4-h1

After upgrading my PA-VM VM-100 appliance from from 11.0.4-h2 to 11.1.4-h1 i was met with the following errors: - Constant failed 'autocommit' jobs spawning, similar to https://live.paloaltonetworks.com/t5/next-generation-firewall/auto-commit-stuck-at-11-0-2-h2-pa-410/td-p/563107. This prevents any admin action from the Web UI, - All interface...

OKelly by L1 Bithead
  • 1157 Views
  • 0 replies
  • 0 Likes

NAT Config

Hi Team, In Checkp[oint we have an option to configure the dummy IPs in the NAT and use Proxy Arp to get it working. For example. Source: 10.10.10.1 Destination: 10.100.100.1(Dummy IP) Translation: Source: 172.16.10.1(Dummy IP) Destination: 172.17.25.1 And then configure the Proxy Arp and get this NAT working. This kind of NAT are used only t...

Device telemetry error "Failed to send: file" caused by "certificate doesnt exist.

Hello TEam, I am getting critical logs :- Failed to send: file \'PA_x.x.x.x.x.x_dt_10.2.3-h9_xxxxxx_1230_1-hr-interval_HOUR.tgz once i checked i found below articles. Device telemetry error "Failed to send: file" caused by "Client Certificate issue" (paloaltonetworks.com) i gone through the command details and found exact issue :- i wou...

jhussain1_0-1728325621127.png
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks