Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

spyware alerts for <something>.fmb.la

this just started popping up for DNS queries inside going outbound, my PA440 is dropping the packets as a spyware threat. This is quite a new development, probably last 24 hours.

Example action below:

name-of-threatid eq 'generic:com.fresh.fmb.la

...

Resolved! List of network asddress translations

How do I get a detailed list of all NAT/PATs in the firewall. From what I can find nothing shows all the translatoins. I need to see an internal private IP translated to an external public IP, one for one.

Device Certificate Issues.

Hi Friends,

One of our customer is facing issues in fetching the device certificate on a PA-410 device running on PAN OS 11.0.4-h2.

We are logging into the CLI of the firewall with Super User credentials and try to fetch the certificate with the

...

Resolved! PA-440 dns-security

Greetings,

I really want to configure the following field on the PA-440 correctly.

Do you think it is correct?

Resolved! Block access to countries outside the GlobalProtect VPN

Good morning, reviewing the GlobalProtect logs I see brute force attacks from outside my country Spain. I have tried to create security policies that prevent these attempts but none have matched. In the portal configuration (external) I have tried ...

PA-450 is not booting

Hi everyone,

We are currently configuring a new Palo Alto PA-450 and the device is no longer accessible by web management and over console.

At the first power on booting has been done normally and all led was blinking fine. We started access the We

...

Validation Error for High availability

The error message when commiting is:

Validation Error:
deviceconfig -> high-availability -> group -> state-synchronization unexpected here
deviceconfig -> high-availability -> group -> state-synchronization is invalid

I configured high availability usi

...

synchronize google organizational units to PAN

hello team:
Is there a way to sync organizational units from google to Palo alto?
or from Device > Authentication profile > advanced > allow list > all
Greetings.

#paloalto

Advertised static route on BGP over IPSEC.

Hi all,

I have established BGP peer.

I've created redistribution profile with interface that i want to advertised to BGP

The subnet directly connected to interface could be reached/ appear in local RIB

My next objectives :

I have point-to-point f

...

Firewall CLI showing call history

Hi,

We running command show user mapping on our firewall PA5410 with PANOS 10.2.9-h1.

Have anyone see this error? it always show when we running show ip user mapping all / with filter

tried other command like show system info and show system disk-spa

...

Resolved! Alternative Way for IPsec Tunnel in Palo Alto 850

Hello Team,

As I am studying Palo Alto and am a newbie, I have created a lab setup where I use BGP peering between a PA 850 and ISPs. The PA's IP, used for BGP peering, is also used for the IPsec tunnel. I discovered a vulnerability where an ISP ou

...

Resolved! upgrade FW (PA-3420)

Hello dear team,

I would like to upgrade my firewall to a stable version. Currently, my version is (11.0.4-h1). Can you please advise on the best and most stable version to upgrade to, based on your experience?

Thank you.

Block Facebook app except Messenger or facebook chat on Mobile

When Pushing SDWAN config to fw got this error: pan_routed_cfg_altcfg_add_if(tunnel.902) failed

I am trying to do a SDWAN push for a newly imported fw. The interfaces is not existing on fw.
It comes from another PN also configured with SDWAN, moved to new one and all except SDWAN config copied and working. Then added fw into SDWAN device and exi

...

Upgrade path from PANOS 9.0.17-h5 to 10.1.13-h1

Hi Experts,

I'm going to upgrade from PANOS 9.0.17-h5 to 10.1.13-h1. Could you please advise me the download and install path. Additionally, Tell me how many reboots. It would require reaching out to 10.1.13-h1.

Moreover, can you please help

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

spyware alerts for <something>.fmb.la

Resolved! List of network asddress translations

Device Certificate Issues.

Resolved! PA-440 dns-security

Resolved! Block access to countries outside the GlobalProtect VPN

PA-450 is not booting

Validation Error for High availability

synchronize google organizational units to PAN

Advertised static route on BGP over IPSEC.

Firewall CLI showing call history

Resolved! Alternative Way for IPsec Tunnel in Palo Alto 850

Resolved! upgrade FW (PA-3420)

Block Facebook app except Messenger or facebook chat on Mobile

When Pushing SDWAN config to fw got this error: pan_routed_cfg_altcfg_add_if(tunnel.902) failed

Upgrade path from PANOS 9.0.17-h5 to 10.1.13-h1

How to configure LACP at PA-440 firewall

Name: Virus/Win32.WGeneric.esxxcl Unique Threat ID: 752597582

Palo Alto does not support global certificates. Is there a solution?

Palo Alto Networks PA- 450 Next‑Generation Firewall to maintain uninterrupted BSNL SIP trunk services in the event of a primary internet link failure.

Request for VPN Capability Enhancement on Palo Alto Networks Firewalls

Re: Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Re: Tunnel Monitoring

Re: How to configure LACP at PA-440 firewall

Re: How to create a support case without a TCF file

Re: Activate ECMP without trafic disruption

Unlock your full community experience!

Rules and Best Practices

Resolved! List of network asddress translations

Resolved! PA-440 dns-security

Resolved! Block access to countries outside the GlobalProtect VPN

Resolved! Alternative Way for IPsec Tunnel in Palo Alto 850

Resolved! upgrade FW (PA-3420)