This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4598 Views
  • 0 replies
  • 1 Likes

Client Server SSL Decryption

Hi Folks ; I have a distributed software on my internal network and everyone is using it. It's like endpoint and it has a server .this server sometimes sends something to the server in the direction of the internet. I want to look into the data that it sends. I don't know if it is leaking critical information or what. I opened SSL Decypt and got...

susipicious.JPG
Fly_Al by L0 Member
  • 1440 Views
  • 1 replies
  • 0 Likes

Firewall creates seperate sessions for C2S and S2C

Hi folks, I was troubleshooting SSH connection and want to know if I missed something. The topology is following: Client ---> PFSENSE <====ipsec tunnel ====> PA VM ==== ipsec tunnel ==== AZURE ---> Server Client tries to establish SSH session with linux server. After some timeout the connection fails and we see app incomplet...

SSHconnect.png

SDWAN BGP over pre-existing BGP internet.

Hi Guys. We're deploying SDWAN in a customer who already has two ISPs connected in his hub, and talking BGP ECMP with them, using his public ASN and his own prefixes. According to documentation, the SDWAN plugin requires the same BGP Router ID and ASN when declaring the hub in devices, but it won't allow to use the public ASN here. So, my qu...

Debug process LDAP User-ID

Hi all, I am learning about Paloalto, however there are some parts I still wonder about, the process of checking accounts and mapping accounts with palo's ip. Is there any way for me to debug and see this process clearly? Currently, I can debug the LDAP part as attached file. TCPDUMP: LDAP Debug User-ID authentication: cảm ơn trước

ChungNX3_0-1727948529599.png
ChungNX3_1-1727948572904.png
ChungNX3 by L0 Member
  • 1686 Views
  • 0 replies
  • 0 Likes

Sd wan for dual Isp

Hi can anybody suggest me the step for configuration of dual ISP in palo alto. If primary goes down secondary will automatically has been up. My primary link is lease line with static ip and secondary link is brodband on DHCP. So kindly tell me how I configured it.

How to solve the Administrator Certificate-Based Authentication with issue of Redirection to prompt the username and password

The Certificate-Based Authentication for administrators to access the firewall through the web interface transparently authenticates the admin with a client certificate instead of prompting and entering manually the username and password. The Client Certificate must be generated and signed either by the built-in CA of the Firewall or an Enterp...

6.png
3.png
1.png
2.png
rmeddane by L2 Linker
  • 2164 Views
  • 1 replies
  • 0 Likes

postfix server nat rule on panos -9.-0.4

Hello , I cant update panos , i want simple bi-direction nat configuration i have rocky9 as a web,mail,dns server on kvm what is best nat rule sequence to work mail server correctly (after change nat rule sequence i am getting varity of erros 🙂 ) i am newly configeing nat and postfix that make me more diffecult to understand where is problem (p...

shrikant by L2 Linker
  • 1089 Views
  • 2 replies
  • 0 Likes

pan-pa-80

I would like to know if we buy pan-pa-80 firewall, what license are need to be purchased in order to have a web filtering, malware attack, And what is the purpose of GlobalProtect subscription year support. What support services it carries

umaani by L0 Member
  • 1043 Views
  • 2 replies
  • 0 Likes

User-ID validation after upgrade

Hi All, We are in the process of upgrading our User-ID agent to a new version. Currently, all User-ID agents are connected to their respective servers and are actively providing user mapping information to the firewalls. Since the upgrade requires a reboot of the agent, I plan to perform the upgrade on a site-by-site basis...

Commit error<mlav-engine-urlbased-enabled unexpected here> after upgrade version to 10.2.10

we upgrade pa-5220 version to 10.2.10 ,and then meet a commit failed as below,anybody have same question and anybody could give me some suggestion? Validation Error: profiles -&gt; url-filtering -&gt; STD_UF -&gt; mlav-engine-urlbased-enabled unexpected here profiles -&gt; url-filtering is invalid Commit failed

Unable to Apply Group based Security Policy

Hello Team, We have successfully integrated LDAP with the Palo Alto firewall, and user-ID mapping via the user-ID agent is functioning as expected. We are able to use LDAP users in the security policy without any issues. However, when attempting to apply LDAP groups to the policy, the policy does not seem to work as intended. We have configu...

Wrong categorization of traffic to icmp,tracert and communication break for web traffic

Hi team, We facing issue with PA firewall that, traffic from browser or application categorized to ICMP related and match to ping enabled rule in mass.Due to this, return traffic of the TCP session drops and application communication interrupts intermittently. Based on our findings, the rule "Rule ID 26" which applications are set with "i...

Suhairul_Salleh_0-1727407293953.png

Resolved! migrating from 5220 to 3440 - 40 G interface question

Ports 21 and 22 on the 5520 device, which are 40G interfaces, are currently in use. We need to migrate this device to the 3440 model. However, on the 3440, I don't see a specific 40G interface listed. Instead, the documentation suggests using ports 35 and 36 for 40G connectivity, utilizing a breakout cable. This information is somewhat confusing...

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks