Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4631 Views
  • 0 replies
  • 1 Likes

Firewallcrash because of Application cloud Engine (ACE)

Hi community Since about 2 weeks a vm firewall started getting problems with random crashes. Our setup is a firewallcluster but so far the active firewall crashes almost completely silent. At least the firewall does not initiate a failover to the passive node. So far we had about 4 crashes at random times and in one case the firewall crashed "...

Remo by L7 Applicator
  • 1048 Views
  • 0 replies
  • 1 Likes

Resolved! Not able to ping ISP B interface -10.2.9-h1

Hi team, We are facing an issue where we are not able to ping the secondary ISP's external interface when the default route is set for the primary ISP to take preference.We have two ISPs: ISP A and ISP B. The metric is set to prefer the ISP A route. When we try and ping the external interface of ISP B, we can see a weird behavior where when tr...

Migrating configuration from the firewall running PAN-OS 9.1 to new firewall running PAN-OS 11.1 directly

Hi LIVEcommunity I plan to migrate the configuration from a PA-3020 firewall currently running PAN-OS 9.1 to a new PA-1410 firewall running PAN-OS 11.1. I'd like to know if it's possible to directly import the configuration from the older firewall to the newer one, despite the difference in PAN-OS versions. If direct import isn't recommend...

Zscaler Traffic Pattern

My company users are using ZCC on their laptops. Recently, there has been an issue where Zscaler traffic is being denied by the Palo Alto Firewall.Upon checking the logs, it appears that the ZCC traffic pattern changed into web browsing and HTTP Proxy, which is being denied by the firewall. We have configured the firewall to allow Zscaler Privat...

madu2609 by L0 Member
  • 3757 Views
  • 1 replies
  • 0 Likes

Unable to Block Personal Gmail on Ubuntu Machines.

Hi Friends, We have a customer who is facing issues in blocking Personal Gmail on Ubuntu Machines. I have followed the below mentioned discussion and created the URL filtering and Policies. https://live.paloaltonetworks.com/t5/general-topics/block-access-to-private-gmail-but-allow-corporate/td-p/195686 Personal Gmail is blocking as expected ...

Satyak by L3 Networker
  • 1016 Views
  • 1 replies
  • 0 Likes

FW Policy Skipped When Either App-Based only or SMTP-BASE app and 587 Port is Defined

Firewall is skipping policy when the traffic has smtp-base port 587 on it. I created a firewall policy application based with smtp-base as application but it skips the policy goes to the implicit interzone deny policy. So I created it with by just port based, 587, it sill skips the policy and goes to interzone default deny. So I explicitly defin...

Resolved! Alert ID 95501 Microsoft Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Hello, After installing the last content update (https://proditpdownloads.paloaltonetworks.com/content/content-8880-8907.html?__token__=exp=1724141521~acl=/content/content-8880-8907.html*~hmac=1db8a0453380feaed30e6acb96df65d1a9c07f4e7ebe53abb34ad3cffda87f9d) I have a lot of traffic blocked from my servers to the licence microsoft server. But the...

Resolved! Suspect false positive matching for threat ID 95501 (Remote Desktop Licensing RCE)

Hello! Not yet sure if this is a false positive or not, but since latest content update one of our customers is having issue with the new signature 95501 related to CVE-2024-38077. It looks like it's blocking legitimate traffic between RDS server and licensing server. Wonder if anybody is having the same issue. Thanks!

emyl_79 by L2 Linker
  • 2180 Views
  • 2 replies
  • 0 Likes

Migrate OpenBDS firewall to Palo Alto

What would be the best approach for migrating the OpenBDS firewall? In a scenario where there are 4 units of OpenBDS and consolidating into 2 units of Palo Alto. Would the Expedition tool able to merge the policies? Any other things to note for the migration? Please advise.

Packet51 by L0 Member
  • 1018 Views
  • 1 replies
  • 0 Likes

Looking for someone familiar with Palo Alto Firewalls

Hello all, I'm with a company that has just been offered a project to review a certain university's firewalls but we can't take it on as none of us are familiar with Palo Alto systems. However it would be nice to be able to take on projects like this to expand our scope of services. I thought I would come on the community site in hopes of luck...

Global Protect Integration with Azure SAML w/ Multiple Gateways

I'm trying to setup an integration with 2 firewalls at different locations. The portal and 1 gateway reside on 1 of the firewalls, and i've used this: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE to get that going successfully. The 2nd firewall, which has a certificate w/ a different FQDN, doesn't allow...

DJ_1924 by L2 Linker
  • 4285 Views
  • 3 replies
  • 0 Likes

ospf neighbour adjacency is flapping continuously

Hi Team, Reaching out for help to identify the main cause of this problem. I can see that the OSPF adjacency is flapping continuously and I have no clue how to move further and how to identify the cause. While collecting the routed.log, I can see below: **** AUDIT 0x0309 - 57 (0001) **** I:0087de60 F:00000002i3emuif2.c 484 :at 15:13:10, ...

Palo Alto and Microsoft NLB multicast

Hi I have an issue to contact the VIP of our Microsoft NLB. We have a cluster of 2 PA-1410 (active/passive). On this cluster, I configured interface aggregate with sub-interfaces with ID vlan (ex :vlan10, vlan 50, vlan193..). Each IP of the interface VLAN is the gateway configured on my servers. On the VLAN193, I have 2 Windows servers with ...

Resolved! Open-Source External Syslog Server

Hi all, So we just found out that PA-1410 only has a limited storage log capacity of 18GB. Thus, our traffic logs can only last a day, as the firewall already deletes the oldest logs due to limited log storage space. This poses a problem because we have to generate log reports on a monthly basis. We are trying to configure a Log Forwarding i...

zedexxx by L1 Bithead
  • 5982 Views
  • 2 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors