Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Multiple ARP requests bringing network segment down

We have a guest network for which our PAN firewall is the default gateway. Periodically we have a wireless client begin ARP'ing for the gateway address over and over again. So much so that we can no longer ping the gateway address (PAN interface).

...

FW Outbound policy

Hi

What is the best practice policy outbound from the FW itself (i.e management )?

Allow any out? *.palotalto.com?

SSL Inspection

Hello

I configured my firewall with SSL decryption. Regarding the certificate, what is the best practice ? Is-it to generate the certificate used for Outbound traffic from our internal PKI (with the problem to deploy the certificate on Linux system

...

Error Encountered Bringing Up PaloAlto VM in ESXi (6.5)

I am facing in bringing up a PaloAlto VM in our ESXi environment (version 6.5). Unfortunately, I have seen the below error.

Version: (PA-VM-ESX-10.2.5.vm_eval)

Please guide me on how to resolve it.

Thanks,

Brahma.

(view in My Videos)

Resolved! L2 communication spanning two firewalls

Hello,

I have the architecture outlined below, and communication needs to be established between the machines on the network 10.1.2.0/24 via FW1 (Palo Alto) and FW2 (fortigate). Could you please offer a solution to accomplish this?

Thank you.

...

Resolved! Old Content Update Release Notes

Hi! Is there a way to see Release Notes from "old" (a year old) Content Updates (Apps & Threats)? I can't see them on the PANOS Dynamic Updates tab and I wanted to know if there is some database with all the content release notes. Thanks!
Panorama

Resolved! Request help with the exact meaning of these IPsec event alerts for Palo Alto.

Hello All,

I would like to know what is the meaning of the typical events we observe in the IPsec details in the monitor logs.

ikev2-nego-ike-succ

ikev2-nego-child-succ

ipsec-key-install

ikev2-nego-child-start

ikev2-nego-ike-dpd-dn

ipsec-key-delete

...

Resolved! Cannot ping inside interface from Windows PC with inside interface set as GW

I'm going a little bit crazy. I have a super simple setup, I have a Windows PC @ 10.0.0.10

My PA 440 has 10.0.0.11 as its MGT Interface and all communications between the Windows PC and the management interface work fine. I have an inside interface

...

What is the size of the panlog patition in the Paloalto PA-440 and PA-1410?

I am evaluating the purchase of PA-460 and PA-1410. I know that their hard drive capacities are 128G and 120G, but I want to know what their panlogs partition capacity is?

Firewall SSH, the login succeeds with TACACS Account, but there is an issue that closes the session immediately.

Hello, everyone.

Firewall has OS of 10.2.4-H2.

When TACACS account to connect to Firewall SSH, the login succeeds, but there is an issue that closes the session immediately.

In Firewall System-log, authentication and authorization were successf

...

Service/URL category

Microsoft Defender has a lot of endpoints it seems. I started a custom URL list with all the URLs needed for defender, created a policy in a global device template and said "Allow any source, any destination, using SSL, Web-Browsing, and windows defe

...

Resolved! Problem with URL Filtering

Hi,

I have an issue with PAN URL Filtering, where I still able to access website that has been blocked.

For example:

If I open http (http://nanime.live) the website is blocked

But if I open using https, website can be accessed

When I check on mon

...

No output is given. Is there an output file or something? How do I use the abov

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Multiple ARP requests bringing network segment down

FW Outbound policy

SSL Inspection

Error Encountered Bringing Up PaloAlto VM in ESXi (6.5)

Resolved! L2 communication spanning two firewalls

Resolved! Old Content Update Release Notes

Resolved! Request help with the exact meaning of these IPsec event alerts for Palo Alto.

Resolved! Cannot ping inside interface from Windows PC with inside interface set as GW

What is the size of the panlog patition in the Paloalto PA-440 and PA-1410?

Firewall SSH, the login succeeds with TACACS Account, but there is an issue that closes the session immediately.

Service/URL category

Resolved! Problem with URL Filtering

Agent-less ad user disconnecting

DDoS Profiles

CVE-2024-3400 PAN-OS CLI Check

Inquiry Regarding Publishing Custom Third-Party IOC Feed via EDL Hosting Service

PA-440 lab firewall - looking for PAN-OS 12.2 to test and expriment

How to create bandwidth capping of 20 mbps in vpn tunnel on Palo Alto Firewalls

User-ID & LDAPS service account AD permissions

New User-Account (__telemetryuser) with PanOS 11.2.10

Suggestion for a good model.

Re: Performance impact of using higher DH group for site-to-site VPNs

Re: How to migrate PA 3220 config on PA 1410

Rif.: Firewall EDL URL Access Error Cortex XDR

Re: Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Unlock your full community experience!

Rules and Best Practices

Resolved! L2 communication spanning two firewalls

Resolved! Old Content Update Release Notes

Resolved! Request help with the exact meaning of these IPsec event alerts for Palo Alto.

Resolved! Cannot ping inside interface from Windows PC with inside interface set as GW

Resolved! Problem with URL Filtering