This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

PA-820 random Decyption Error

Since a few month we got more and more random outbound decryption errors. When the user wait a moment the website will automatically open correct. The browser error messages are "err_connection_reset" or net:err_cert_authority_invalid". In the decryption error log i see errors like "certificate verifiy failed", "malloc failure", "General TLS pro...

Unexpected Classification of 443 Traffic as "naver-line" with Subcategory "voip-video

Hi everyone, 1) End user has confirmed that these users' computers do not have the LINE application installed. However, the 443 traffic is being identified as "naver-line," with a subcategory of "voip-video." Could you please help us understand the cause of this behavior? 2) And We noticed in the logs that certain activities are classified ...

Suhairul_Salleh_0-1725418752203.jpeg
Suhairul_Salleh_1-1725418788784.jpeg

palo alto 850 firmware upgradation

Hi All, Need to upgrade an palo alto 850 from 9.1.4 to 11.0. Basically i need a confirmation on below points. 1.Have only hardware support license, will it sufficient for firmware upgradation. PFA snapshot 2. As per below article i need to only download major release, while download and install the latest maintenance release of same version ...

Resolved! Max Connections per Second on PA3260

Hi, I'm trying to configure Flood Protection in the Zone Protection Profile of my PA3260 and wanted confirm what the Maximun connections per second is. The number I came across was 84,000. Is this correct? I should also add I'm using SYN cookies as the action. Thanks, John

Resolved! EDL for major Linux distros

Hi All, Do you have anu idea, if there is some external or unofficial EDL list with mirror servers for main Linux distros, so I can use it in the firewall rules? E.g. Fedora has this list of all mirror servers available online - Mirrors - MirrorManager (fedoraproject.org), but it changes dynamically during the time and it's unthinkable to upg...

IPsec Tunnel Down!

Hi Team, I'm a newbie at the Palo Alto firewall, and I've been checking the IPsec connection between PA850 at my sites. I'm encountering issues with the IPsec tunnel, which is not coming up. I tried establishing IPsec using the IP used for BGP peering, and it established without any problems. However, the problem arises when I us...

software update question

When updating Palo firewalls, why the need to update through each base version as well as a preferred maintenance version? e.g. if going from version 8.1.x, to 10.1.x, why 9.0 > 9.0.x > 9.1 > 9.1 > 10.0 etc. IF each baseline version release e.g. 9.0, 9.1, 10.0 is a full release of the software then what is to stop upgrading to 9....

Dustynet by L0 Member
  • 869 Views
  • 1 replies
  • 0 Likes

Decryption: Received fatal alert CertificateUnknown from client

Hi Folks, I'm seeing some instances of "Received fatal alert CertificateUnknown from client" errors in the decryption log when the root\issuer certs are clearly in the FW's cert store. Attached are screenshots of the error and the FW's cert store. Any ideas on what could be going wrong here? I'm seeing this on PAN OS 11.0.2-h3 & 10.2.7-h3...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks