Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

Resolved! not able to change default admin password on PA-1410

We are setting up new PA-1410 firewall and first login from SSH and GUI asking to change password which we did. But after changing new password still not able to login using new admin password from SSH and GUI, keep asking change password. Any suggestions ?

Resolved! Best practices for Palo Alto security policy when destination IP/FQDN is dynamic or unknown

Group Company A is implementing surveillance cameras and requires communication to send data from the cameras to an external cloud server. The cloud server (destination) cannot be restricted by IP address or FQDN (only ports can be restricted), so IP addresses and FQDNs must be opened with ANY. ※ Restricted ports are TCP 443 (HTTPS), UDP 123 (NT...

Question regarding source NAT in S2S VPN

Hi All, I need to create a S2S Tunnel to a customer. We need to reach 1 Server on their side (e.g. 192.168.100.1). The connection is needed from multiple Hosts from 2 different Subents on our Side (10.0.112.0/21 and 172.18.2.0/24). The customer does not want to allow both subnets instead they want to allow only 1 IP.Now my question is: Is it pos...

while do the factory reset of pa 5250 showing error: findfs: unable to resolve 'label=sysroot0

Hi , We have Palo alto 5250 we have forgotten the password so we are planning to do factor reset of the device but we have done factor reset to but while completing the percentage automatically it's reboot and went again maintenance mode when we click the factory reset again it's Looping again and again same maintenance mode if go disk image al...

NAT Policy Zone Selection for DNAT (and DNAT+SNAT) — Is My Understanding Correct?

[Question] NAT Policy Zone Selection for DNAT (and DNAT+SNAT) — Is My Understanding Correct? Topology Client (1.1.1.1) — Untrust Zone | NGFW |— DMZ Zone — 3.3.3.3/32 (Public IP) | Trust Zone | Server (2.2.2.2) Background I am configuring Destination NAT on a Palo Alto NGFW whe...

Unable to block download and upload for chatgpt and messengers

Hi Friends, Recently i am trying to acheive an requirement where i want to allow messenger and chatgpt in my network but files uploading and downloading should be blocked. I tried configuring decryption and flie blocking profiles along with two seperate policies blocking chatgpt-base and messenger-base applications. I am able to decrypt the...

Resolved! Backup Peer HA1 IP Address ?

Just completed the PALO BPA and we have a recommendation for "No backup to the HA1 peer IP address is configured" We've tested failover and it works perfectly but my understanding is that this is incase the primary HA connection went down. I read different opinions that using the management interface IP for this fine? Has anyone done that? And i...

Resolved! PAN-OS HA UGRADE PATH

Hi All, Please I'm upgrading a palo alto firewall in HA mode remotely, I'm having some issues with remote access and for me not to loose access and be able to finish my upgrade is it ok to upgrade the Passive first before failing over to the passive and then upgrade the Active ?

Resolved! About PAN-300837

Attention: Global TPM team, Hi, I have a question about PAN-300837.// PAN-OS 11.1.13-h1 Addressed Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-h1-addressed-issues Q1)How often does this issue occur? Best regards,MasaW

Resolved! About PAN-269535

Attention: Global TPM team, Hi, I have a question about PAN-269535.// PAN-OS 11.1.13-h1 Addressed Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-h1-addressed-issues Q1)How often does this issue occur? Best regards,MasaW

Resolved! About PAN-263691

Attention: Global TPM team, Hi, I have a question about PAN-263691.// PAN-OS 11.1.13-h1 Addressed Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-h1-addressed-issues Q1)How often does this issue occur? Best regards,MasaW

Resolved! About PAN-299622

Attention: Global TPM team, Hi, I have a question about PAN-299622.// PAN-OS 11.1.13-h1 Addressed Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-h1-addressed-issues Q1)How often does this issue occur? Best regards,MasaW

Resolved! About PAN-241694

Attention: Global TPM team, Hi, I have a question about PAN-241694.// PAN-OS 11.1.13-h1 Addressed Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-13-known-and-addressed-issues/pan-os-11-1-13-h1-addressed-issues Q1)How often does this issue occur? Best regards,MasaW

Resolved! About PAN-293673

Attention: Global TPM team, Hi, I have a question about PAN-293673.// PAN-OS 11.1.10 Known Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-known-issues Q1)How often does this issue occur? Best regards,MasaW

Resolved! About PAN-183404

Attention: Global TPM team, Hi, I have a question about PAN-183404.// PAN-OS 11.1.10 Known Issueshttps://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/pan-os-11-1-10-known-and-addressed-issues/pan-os-11-1-10-known-issues Q1)How often does this issue occur? Best regards,MasaW