This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4514 Views
  • 0 replies
  • 1 Likes

PANOS URL filtering 11.0.4

Hi folks, We have URL filtering profile enabled on our respective policies using URL categories for different services purposes( eg: wsus services we have url category with *.microsoft.com and other doamins allowed in it, similarly for redhat and other devops related having separate url category called into respective source server policies for ...

Can we use the same configuration backup

We are planning to upgrade our firewall from the VM300 model to the VM500. In this context, one of the key questions we need to address is: Can we use the same configuration backup from the VM300 firewall and upload it to the VM500 without any issues? What are the potential challenges or compatibility considerations we should be aware of during ...

Best approach on connecting two PaloAlto firewalls pairs with different networks

Hello, I am a newbie in networking, hopefully my explanation is clear, so I do have a pair of PA 3260 running in Active\Passive configuration, with multiple Layer 3 interfaces and sub interfaces connected, each one of those interfaces is a security zone, and routing is handled automatically between the interfaces. Now I want to connect the P...

maan2004 by L0 Member
  • 2215 Views
  • 2 replies
  • 0 Likes

Resolved! SSL Certificates expiration notification

Hi Team, I have received an alert "SSL Certificates-HTTPS HTTPS DaysRemaining" for Palo Alto. When I log in to the firewall in the browser, I can see browser shows as Not Secure and when I check the certificate, it shows it will expire in July 14. In the below screenshot, the part which I hide consist the serial number of the device. Can s...

MSharma415844_1-1718680977001.png

URL Filtering logs not appearing on firewall

Firewall is running on 10.2.8-h3, i observed URL filtering logs are not appearing on the firewall last log was one month ago but when i verified the URL filtering profile applied to the policies it has alert configured and i can see in traffic logs that url category is being applied too but its just the logs which is not displaying on firewall.T...

Problems with admin accounts in high availability (active - passive).

Hi:Problems with admin accounts in high availability (active - passive). I have problems with the firewall administration accounts when it is in High Availability. In this case, it only lets me log in to one of the firewalls, it can be in the active or passive one, but never in both. The only user that allows logging in to both firewalls is the ...

Resolved! EDL Capacity of NGFW Firewalls

I have a PA-220 that appears to have maxed out it's EDL capacity for URLs. In looking for a replacement as the PA-220 hits EOL, I need to be able to check the EDL capacity of each model, but the two EDL capacity articles I found don't reference the 1400 series firewalls. Does anyone know if the URL EDL capacity of a PA-1410 is larger than the ...

AntiVirus not showing up

I have brought up a new firewall. I have installed all the necessary licenses including Threat Protection. Under dynamic updates, Application and Threats is up to date...but clicking check now does not bring up AntiVirus section. I tried rebooting the firewall as well.

UmarKhan by L2 Linker
  • 2613 Views
  • 5 replies
  • 0 Likes

PAN v11 "service route configuration" change

I recently discovered there has been a change to the PAN-OS and no articles to show the change Recently there was a need to move out services route away from the mgmt port I follow the traditional steps: locating the services I needed to redirect and specified the port I needed them onAdded the SecPol rule and varified that the NAT was correct...

Problem with Security Zones.

Dear Members, I need some help regarding the Paloalto firewall. We are managing the firewalls using the Panorama. I am new in the environment. I have been told that the source subnet resides in the inside zone hence I added the source group in the inside zone configured it correctly. In the firewalls logs I can see that the traffic has starte...

omarali53_0-1726352843740.png
omarali53_1-1726353054367.png
omarali53_2-1726353282724.png
omarali53_3-1726353419343.png

Inbound and outbound security rules

Hi Experts, I have 2 rules which are for Inbound/Outbound traffic and both are using Geo locations. These 2 rules have the Negate feature checked. Inbound and outbound rules allow 20 countries, and the rest are denied (China is on the denied list). My question: There are three websites that are hosted by China's public IP addresses, and my...

tinhnho by L3 Networker
  • 1425 Views
  • 1 replies
  • 0 Likes

Dynamic IP Pool utilization - 10.2.9-h1

Hi Team We have an issue where we use Dynamic IP pool for outbound NAT but 'show running ippool' does not reflect the accurate NAT xlate pool usage. For example, we see 9k Available IPs but on checking the global counter we can see the NAT Utilization errors: show running nat-rule-ippool <rule> also shows the same number stating 9...

UtkarshKumar_1-1726519436193.png
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks