This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4590 Views
  • 0 replies
  • 1 Likes

Stealth Rule Question

Hi everyone,Could someone please explain the correct way to create a Stealth rule in Palo Alto? My understanding is that it involves creating a rule that denies all traffic destined for the firewall’s public IP addresses.I’m also unsure whether this will impact IPsec tunnels or GlobalProtect connections that terminate on those same IPs. Addition...

ititsw by L0 Member
  • 1029 Views
  • 4 replies
  • 0 Likes

Resolved! Internal IP's hitting sinkhole policy

Hello all, We have a sinkhole configured on our PA440, and we're seeing some IP's hitting it and getting sinkholed, there's 1 endpoint that's an old NT4 legacy machine that runs on our production environment. And other ones that are windows and probably wifi endpoints like phones. I have no way of scanning the old NT4 box, and that only ran our ...

cdcirexx by L3 Networker
  • 4530 Views
  • 8 replies
  • 0 Likes

Resolved! Intergrations of External Dynamic Lists (EDL) with External Systems

Hi! I’m looking for guidance on whether entries from External Dynamic Lists (EDL) in Palo Alto Networks can be programmatically accessed or integrated with external systems for broader threat intelligence use. Specifically, I would like to understand: Whether EDL contents (IP, domain, URL indicators) can be retrieved via API or another support...

Request for Assistance: PA-850 Recovery Boot and Support Account Registration

I am writing to request urgent assistance with a Palo Alto PA-850 device in our possession. The device details are as follows:Model: PA-850Serial: ******P/N: ***Issue summary:The device’s SSD has failed and I have replaced it with a new blank 240GB SSD.I am unable to boot into maintenance mode and cannot proceed with recovery.When attempting to ...

admin by L0 Member
  • 903 Views
  • 2 replies
  • 0 Likes

site to site VPN between Palo Alto Firewall and Cisco ASA Power fire firewall communication issue

I have configured a site-to-site VPN between my Cisco ASA Firepower 2140 firewall and a partner using a Palo Alto firewall. The VPN tunnel is up, and the partner’s server defined in Phase 2 is able to reach my server successfully.However, my server is unable to reach the partner’s server.Could you please assist in identifying the issue and provi...

How to Patch Vulnerability - Plugin 43160 (CGI Generic SQL Injection) on GlobalProtect

Body: We have detected a blind SQL injection vulnerability (Plugin ID: 43160) on GlobalProtect login CGI (/global-protect/login.esp) using Nessus. Details: - CVSS Score: 7.5 (High) - Affected Parameter: 'action' - Example: /global-protect/login.esp?action=';WAITFOR DELAY '00:00:3';-- Environment: PAN-OS version: [Your Version] GlobalProtect ...

Resolved! Inquiry Regarding CEF Configuration Guide and Custom Log Format Variables for PAN‑OS 11

Attention: Global TPM team Question ①: Regarding the CEF Formatting Guide for PAN-OS 11The following link contains CEF formatting guides for various versions of PAN-OS, but I cannot find a guide for PAN-OS 11. https://docs.paloaltonetworks.com/resources/cef Is it correct to understand that the CEF configuration guide for PAN-OS 11 is not current...

Issues with credit card processing terminals

We have about 560ish credit card terminals from Bank of America, the hardware is from PAX. We are constantly getting reports of transactions failing due to “communication” issues with BoA. It’s not just one terminal and it’s not every single transaction. It’s random terminals and it’s random transactions. BoA is telling us that the transactions ...

andber by L0 Member
  • 977 Views
  • 2 replies
  • 0 Likes

port issue / nmapping

Hi everyone, I’m facing a strange issue and would appreciate your input. We created a security policy to block certain ports. When we check the traffic logs and packet captures, they clearly show that the traffic is being dropped. However, when we run an Nmap scan, it still reports the ports as open, even though they should be closed. I also che...

wally4 by L2 Linker
  • 2579 Views
  • 11 replies
  • 0 Likes

About UIA SSL connection

Hello Team, I'm currently dealing with an issue where UIA is unable to validate certification. The certificate does not have a SAN setting. I plan to change the certificate to one that has both CN and SAN set, but have not been able to do so yet. The certificate validation has occurred since applying an OS patch, so I have asked the OS ven...

Upgrading Active/Passive pair, pause in between upgrades?

When upgrading PAN-OS on an Active/Passive pair, does any pause for 1 or more days after upgrading the first firewall (and before upgrading the second firewall)? The idea here is we will have a bit more time to test for issues. If there is a failure post upgrade, we will have the option to suspend the upgraded firewall and make the firewall th...

jambulo by L4 Transporter
  • 1751 Views
  • 4 replies
  • 0 Likes
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks