This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

Resolved! ingress/egress interfaces part of firewall session?

Hello, I'd like to configure a NGFW with dual routed interfaces on some zone, call it "outside." If some host on the inside zone initiates traffic to the outside zone, traffic will egress through one or the other outside interfaces, if the return traffic ingresses via the other interface, will the FW drop that traffic? In other words, are the ...

Using 2 Primary Palo410's and 1 Backup 410

Morning All, I have a total of 3 PA410's (each with their own license) that I am using remotely to build a VPN tunnel back to our PA3260 located on our campus. 2 of the 410's are being used in a primary role, each with configs that vary a bit. I'd like to use the 3rd 410 as a backup for each Primary firewall and be able to push a config from o...

Logs size

Hi We have recently moved fro, PA850 to PA1410. In the 850, we had approx 0 days of traffic retention. For some reason, in the 1410 (and also in 450), i have only 3 days of retention. It seems like they reduce the partition of logs. Does anyone know why?

chens by L3 Networker
  • 2554 Views
  • 4 replies
  • 1 Likes

CVE-2023-48795 isn't fixed in the 11.1.3-h2 as is claimed in the advisory

CVE-2023-48795 isn't fixed in the 11.1.3 as is claimed in the advisory: https://security.paloaltonetworks.com/CVE-2023-48795 our Cyber Team ran a scan and still our firewalls are showing the weak cypher , even if this is disable in the configurations profiles. Somebody knows if there is something else to get this fixed? cordially, Jose Espinoza

Resolved! Active/passive failover validation was performed using Azure HA configuration getting failed due to Azure token failed with exception <urlopen

I have a palo alto VM- 300 firewall(active/passive) with version 10.1.11-h4.which is hosted in France central azure region 2 availability zone and the azure environment. While doing Azure HA failover validation on active/passive firewalls and validation passed. When we upgrade the panos version 10.2.8 for both active passive firewalls. But hear ...

PANOS-10.1.11-h4.png
PANOS-10.2.8.png

PANOS URL filtering 11.0.4

Hi folks, We have URL filtering profile enabled on our respective policies using URL categories for different services purposes( eg: wsus services we have url category with *.microsoft.com and other doamins allowed in it, similarly for redhat and other devops related having separate url category called into respective source server policies for ...

Can we use the same configuration backup

We are planning to upgrade our firewall from the VM300 model to the VM500. In this context, one of the key questions we need to address is: Can we use the same configuration backup from the VM300 firewall and upload it to the VM500 without any issues? What are the potential challenges or compatibility considerations we should be aware of during ...

Best approach on connecting two PaloAlto firewalls pairs with different networks

Hello, I am a newbie in networking, hopefully my explanation is clear, so I do have a pair of PA 3260 running in Active\Passive configuration, with multiple Layer 3 interfaces and sub interfaces connected, each one of those interfaces is a security zone, and routing is handled automatically between the interfaces. Now I want to connect the P...

maan2004 by L0 Member
  • 2311 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Certificates expiration notification

Hi Team, I have received an alert "SSL Certificates-HTTPS HTTPS DaysRemaining" for Palo Alto. When I log in to the firewall in the browser, I can see browser shows as Not Secure and when I check the certificate, it shows it will expire in July 14. In the below screenshot, the part which I hide consist the serial number of the device. Can s...

MSharma415844_1-1718680977001.png

URL Filtering logs not appearing on firewall

Firewall is running on 10.2.8-h3, i observed URL filtering logs are not appearing on the firewall last log was one month ago but when i verified the URL filtering profile applied to the policies it has alert configured and i can see in traffic logs that url category is being applied too but its just the logs which is not displaying on firewall.T...

Problems with admin accounts in high availability (active - passive).

Hi:Problems with admin accounts in high availability (active - passive). I have problems with the firewall administration accounts when it is in High Availability. In this case, it only lets me log in to one of the firewalls, it can be in the active or passive one, but never in both. The only user that allows logging in to both firewalls is the ...

Resolved! EDL Capacity of NGFW Firewalls

I have a PA-220 that appears to have maxed out it's EDL capacity for URLs. In looking for a replacement as the PA-220 hits EOL, I need to be able to check the EDL capacity of each model, but the two EDL capacity articles I found don't reference the 1400 series firewalls. Does anyone know if the URL EDL capacity of a PA-1410 is larger than the ...

AntiVirus not showing up

I have brought up a new firewall. I have installed all the necessary licenses including Threat Protection. Under dynamic updates, Application and Threats is up to date...but clicking check now does not bring up AntiVirus section. I tried rebooting the firewall as well.

UmarKhan by L2 Linker
  • 2747 Views
  • 5 replies
  • 0 Likes
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks