This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4517 Views
  • 0 replies
  • 1 Likes

ospf neighbour adjacency is flapping continuously

Hi Team, Reaching out for help to identify the main cause of this problem. I can see that the OSPF adjacency is flapping continuously and I have no clue how to move further and how to identify the cause. While collecting the routed.log, I can see below: **** AUDIT 0x0309 - 57 (0001) **** I:0087de60 F:00000002i3emuif2.c 484 :at 15:13:10, ...

Palo Alto and Microsoft NLB multicast

Hi I have an issue to contact the VIP of our Microsoft NLB. We have a cluster of 2 PA-1410 (active/passive). On this cluster, I configured interface aggregate with sub-interfaces with ID vlan (ex :vlan10, vlan 50, vlan193..). Each IP of the interface VLAN is the gateway configured on my servers. On the VLAN193, I have 2 Windows servers with ...

Resolved! Open-Source External Syslog Server

Hi all, So we just found out that PA-1410 only has a limited storage log capacity of 18GB. Thus, our traffic logs can only last a day, as the firewall already deletes the oldest logs due to limited log storage space. This poses a problem because we have to generate log reports on a monthly basis. We are trying to configure a Log Forwarding i...

zedexxx by L1 Bithead
  • 5599 Views
  • 2 replies
  • 0 Likes

Checkpoint Firewall migration to Palo Alto firewall using Expedition Tool

Hi Team, We want to migrate the Checkpoint firewall with Palo Alto NextGen Firewall using Expedition Tool. I've gone through couple of forums also few of them listed on this community as well but I don't get more appropriate way to do this migration. Can someone please provide a documentation or way to do this migration that works just perfect...

Global Counters if packet is dropped by QOS

Hi, Is there any global counter that might indicate if my session is beeing dropped by QOS? I have an issue where my BGP connection to prisma access drops but the tunnel to prisma access is always up. The issue is intermittent. If i would setup a global counter and filter on the bgp peer ip and keep the filter on. When i leave the ssh sessi...

zGomez by L3 Networker
  • 1007 Views
  • 1 replies
  • 0 Likes

PAN-OS 10.2.9-h9 release notes and CVE-2024-3400

The addresses issues listed in the release notes ( 1/8/24) for PAN-OS 10.2.9-h9 state: PAN-252214 A fix was made to address CVE-2024-3400. However this was previously stated as fixed in 10.2.9-h1. Is this 'duplicate reporting' or does this address a new exploit variant / scenario, not yet disclosed ? I note no change in preferred version page...

Does column "PA-7000-100G-NPC-A" mean that it also performs "DPC" firewalling tasks or does it only perform network tasks such as routing and...?

In the picture that I have put of the 7000 firewallDoes column "PA-7000-100G-NPC-A" mean that it also performs "DPC" firewalling tasks or does it only perform network tasks such as routing and...? -------------------------------------------------------------------------------------------------------------- PA-7000-100GNPC-A PA-7000- ...

benafra by L1 Bithead
  • 1364 Views
  • 1 replies
  • 0 Likes

Force URL-Filter if GlobalProtect is disconnected

Hi together! Is there a possibility to force a client to use a (local/cloud) URL-Filter if the Global Protect Client is NOT connected to the gateway? Enforce Global Protect connection / define 40 FQDN exceptions is not really a solution. Maybe there is a PA product / license which cover this topic? Best regards and thanks a lot in advance!

BGP Route Advertisement /Export Rule

Need some help with advertising specific routes over BGP and hoping someone can help. I have a site-to-site tunnel setup between AWS and my on-premise PA Firewall. I am receiving routes from AWS over BGP as expected. No issue there and I am able to create a redistribution profile & redist rule and advertise an existing static route listed ...

Cobraflo by L1 Bithead
  • 9562 Views
  • 5 replies
  • 0 Likes

QOS issue error

any idea on below error. Enviorment:-OS - 10 2 8 h2Model - 5220 2024-07-29 19:25:19.349 +0800 Error: gryphon_qos_perform_set(5200/gryphon_sysd.c:389): Set shaper on port 42 index 0 failed with ret -4

Load Balancing in NGFW

Hello All, I am writing to request if there is a way to perform load balancing in a firewall. Case in point an organization has two traffic links for internet lets call them link A and link B. So i need social media traffic to be rerouted to link A at the firewall and general traffic to be rerouted to link B and vice versa. The firewall in place...

spyware alerts for <something>.fmb.la

this just started popping up for DNS queries inside going outbound, my PA440 is dropping the packets as a spyware threat. This is quite a new development, probably last 24 hours. Example action below: name-of-threatid eq 'generic:com.fresh.fmb.la' anyone seen this before? I can't find anything on a Google nor a LiveCommunity search. -Jeff

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks