This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

pan-pa-80

I would like to know if we buy pan-pa-80 firewall, what license are need to be purchased in order to have a web filtering, malware attack, And what is the purpose of GlobalProtect subscription year support. What support services it carries

umaani by L0 Member
  • 982 Views
  • 2 replies
  • 0 Likes

User-ID validation after upgrade

Hi All, We are in the process of upgrading our User-ID agent to a new version. Currently, all User-ID agents are connected to their respective servers and are actively providing user mapping information to the firewalls. Since the upgrade requires a reboot of the agent, I plan to perform the upgrade on a site-by-site basis...

Commit error<mlav-engine-urlbased-enabled unexpected here> after upgrade version to 10.2.10

we upgrade pa-5220 version to 10.2.10 ,and then meet a commit failed as below,anybody have same question and anybody could give me some suggestion? Validation Error: profiles -&gt; url-filtering -&gt; STD_UF -&gt; mlav-engine-urlbased-enabled unexpected here profiles -&gt; url-filtering is invalid Commit failed

Unable to Apply Group based Security Policy

Hello Team, We have successfully integrated LDAP with the Palo Alto firewall, and user-ID mapping via the user-ID agent is functioning as expected. We are able to use LDAP users in the security policy without any issues. However, when attempting to apply LDAP groups to the policy, the policy does not seem to work as intended. We have configu...

Wrong categorization of traffic to icmp,tracert and communication break for web traffic

Hi team, We facing issue with PA firewall that, traffic from browser or application categorized to ICMP related and match to ping enabled rule in mass.Due to this, return traffic of the TCP session drops and application communication interrupts intermittently. Based on our findings, the rule "Rule ID 26" which applications are set with "i...

Suhairul_Salleh_0-1727407293953.png

Resolved! migrating from 5220 to 3440 - 40 G interface question

Ports 21 and 22 on the 5520 device, which are 40G interfaces, are currently in use. We need to migrate this device to the 3440 model. However, on the 3440, I don't see a specific 40G interface listed. Instead, the documentation suggests using ports 35 and 36 for 40G connectivity, utilizing a breakout cable. This information is somewhat confusing...

Resolved! ingress/egress interfaces part of firewall session?

Hello, I'd like to configure a NGFW with dual routed interfaces on some zone, call it "outside." If some host on the inside zone initiates traffic to the outside zone, traffic will egress through one or the other outside interfaces, if the return traffic ingresses via the other interface, will the FW drop that traffic? In other words, are the ...

Using 2 Primary Palo410's and 1 Backup 410

Morning All, I have a total of 3 PA410's (each with their own license) that I am using remotely to build a VPN tunnel back to our PA3260 located on our campus. 2 of the 410's are being used in a primary role, each with configs that vary a bit. I'd like to use the 3rd 410 as a backup for each Primary firewall and be able to push a config from o...

Logs size

Hi We have recently moved fro, PA850 to PA1410. In the 850, we had approx 0 days of traffic retention. For some reason, in the 1410 (and also in 450), i have only 3 days of retention. It seems like they reduce the partition of logs. Does anyone know why?

chens by L3 Networker
  • 2434 Views
  • 4 replies
  • 1 Likes

CVE-2023-48795 isn't fixed in the 11.1.3-h2 as is claimed in the advisory

CVE-2023-48795 isn't fixed in the 11.1.3 as is claimed in the advisory: https://security.paloaltonetworks.com/CVE-2023-48795 our Cyber Team ran a scan and still our firewalls are showing the weak cypher , even if this is disable in the configurations profiles. Somebody knows if there is something else to get this fixed? cordially, Jose Espinoza

Resolved! Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen

I have a palo alto VM- 300 firewall(active/passive) with version 10.1.11-h4.which is hosted in France central azure region 2 availability zone and the azure environment. While doing Azure HA failover validation on active/passive firewalls and validation passed. When we upgrade the panos version 10.2.8 for both active passive firewalls. But hear ...

PANOS-10.1.11-h4.png
PANOS-10.2.8.png

Resolved! Palo Alto and Docker configuration

Hello Team, I am a new in PA firewall. In my home lab I have old PA220 and Ubuntu host on which I have installed docker and few apps in cointainers. I have port forwarding rule which translate my local resources to my public IP address and ports- this work fine. But when app in cointainer wants to access from inside Ubuntu host to external IP ...

URL Filtering is not working properly

Hello Team, Good day to you!! We have a customer who is facing an issue with the URL filtering profile. The customer has blocked a specific URL using a custom URL category and filtering profiles. However, they are still able to access the website's homepage. The URL filtering setup appears to be configured correctly, and the traffic is hitting t...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks