This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

List of App-IDs that require decryption

Is there already a central location where all app-ids that require decryption to use/discover are listed? It's called out in the content release notes if an application requires decryption, but I haven't seen that noted anywhere else like Applipedia or in the PAN-OS configuration itself. Does this information exist anywhere? I'm trying to plan...

IPSEC_ESP port 50 Traffic even when IKE Phase-1 is not up

We are running into an issue, where we have 2 Palo Firewalls and we are trying toe establish S@S VPN between them. Both the tunnels are behind NAT devices and we do have NAT-T Enabled. We can see in IKE MGR.logs that the initiator is trying to reach out on 4500 after initial Port 500 traffic. The issue we see is that there is "IPSEC-ESP" port 50...

Firewall Rules

I was wondering if anyone had any interest or thoughts, but I am tired of always having to build rules for popular products that are not well-documented. I was thinking of starting a forum to share these common configurations so we all don't have to reinvent the wheel? Not exactly sure of the all the details, but I took this straight out of P...

Strata.png
bschaper by L2 Linker
  • 2183 Views
  • 5 replies
  • 1 Likes

What does FBO stand for

We are troubleshooting something with TAC wherein they asked us to set the FBO to "Software". What, exactly, is an FBO? I cannot find any references thereto in the docs besides the CLI reference, and that tells me nothing.

Syslog forwarding to Microsoft Sentinel

hello everyone. seems we got a weird one here. So we took the CEF format that the pdf guide says https://docs.paloaltonetworks.com/content/dam/techdocs/en_US/pdf/cef/pan-os-10-0-cef-configuration-guide.pdf heres the weird thing. we truncated it to be under 2048 and the push was completed across the fleet now the weird part the sentinnel coll...

miguelMA by L2 Linker
  • 1715 Views
  • 0 replies
  • 1 Likes

HA Passive interfaces not coming up.

Hi All, I have searched the community before posting however I cannot find a solution for the issue I am experiencing. We have a very straightforward physical topology. A cisco 9500 sw switch stack operating as a stackwise-virtual chassis. On Switch 1 we have a single layer 2 copper connection to Palo-1 for inside traffic (inside to outside), ...

fw1972 by L0 Member
  • 2311 Views
  • 3 replies
  • 0 Likes

Traffic Issues

Hi Friends, We are seeing this issue with one of our customer in recent few days where a particular destination traffic which should go via security rule are passing via PBF policies which is not expected. The Destination address which is not specified in the PBF policy is taking place and causing traffic related issues. Customer is running ...

Satyak by L3 Networker
  • 857 Views
  • 1 replies
  • 0 Likes

Resolved! secure-web-gateway -> enablement -> explicit-proxy is unexpected secure-web-gateway -> enablement is invalid

Hi team, I'm attempting to set up an explicit proxy on the PAN-OS 11.0 Firewall, but I'm encountering an error when I try to enable it. secure-web-gateway -> enablement -> explicit-proxy is unexpected secure-web-gateway -> enablement is invalid Your response is highly appreciated. regards, Akash Thangavel

AkashThangavel_0-1725643286558.png

OSPF Area Question

Can you have an area be normal on 1 interface and NSSA on another interface? Say you have area 1. Area 1 has neighbor on interface 1 with normal type. Can another Area 1 interface be brought online on different interface 2 with NSSA type?

alexpf by L1 Bithead
  • 1494 Views
  • 3 replies
  • 0 Likes

Resolved! wildfire is not reporting in the wildfire submission

Hello Friends, I have configured the paloalto wildfire feature: - kept the default file settings in Device --> wildfire --> General settings. checked Report Benign Files, and grayware files too. - created a wildfire profile that contains any apps, any file type, download direction, public cloud in the Objects --> wildf...

Resolved! Test IPSEC tunnel Throughput

Hi Team,I just started working on PaloAlto FW, I want to test ipsec tunnel throughput form my firewall to end Device. Can any tell the steps via GUI or cmd. and what is the correct way to trubleshoot if customer expericening the slowness to access infa network .

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks