This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

Lacp Issues Peer Not Detected

Hello Dear Forum. we are running 2 pa-3320 in Ha Actiave/passive mode both of which have aggregated ports. recently we've moved our server room to a different room and have reconfigured some of out network components. after reconnecting everything in the correct order, the passive unit can't reach our DC Servers. the ae1 link seems to...

External Dynamic

Hello i uploaded certificate from EDl url (i tested it and its valid) and made certificate profile then made a EDL wrote source url certificate profile and password .But i see url access error.Im sure url and password is correct.Pls help how i can solve this

saml-message-parse-error

Hi, I saw this alert on our corporate firewall ; 'Failed to convert SAML message payload into xml tree', as a high level, Is there anyone to explain what this means and what this situation effects to our SAML vpn configurations? Please inform to me, Have a good day.

Decrypt log missing in list of logs

I spent several hours yesterday trying to get decryption working. Everything kept coming back to being able to view the decryption log under Monitor>Logs>Decryption. However, my Palos did not have a "Decryption" option under Logs, and I could not figure out why, and could not find any documentation to explain why I could not see that opt...

Error: update_rlog_mgmtsrvr_fwd_stats(panDeviceLogging_access.c:710): panDeviceLoggingMIB update_rlog_mgmtsrvr_fwd_stats(): No sysd node found

Hello community, I have encountered the SUBJECT error while t-shooting a SNMP connectivity issue on a PA-220. searching the internet I have not found a similar message anywhere therefor I thought I'd reach out to see if anyone can help with figuring out why this is showing only that line/error in a span of almost 3 months), Spoiler (Highl...

Kobiher by L2 Linker
  • 1291 Views
  • 0 replies
  • 0 Likes

Resolved! If a specific CPU core is processing 100%, are new sessions processed by other cores?

Hi Team, If there are 6 DP CPU cores, and 1 of the 6 is processing 100%, will the new session be transferred to another core for processing? Sessions are classified using 5-tuples, but the problem is that if the DP CPU core assigned to the session is 100%, is there an internal mechanism to send it to another core? Please let me know. Tha...

SSL No-Decrypt issues

Hello, I'm testing on two different versions of PAN-OS (11.0 and 11.1). There's a couple of issues I'm noticing with decryption/no-decryption. I have a profile setup for no-decrypt in which healthcare-and-medicine is a category that isn't supposed to be decrypted. What I've noticed is that when HTTP/2 decryption is enabled, sometimes the fire...

Incorrect Geolocation classification

We have a user trying to connect with Global Protect from South Africa on IP 102.22.126.232This IP belongs to an ISP in South Africa, and is matching correctly on https://ipinfo.io/102.22.126.232 to be in Cape Town However, when looking up the IP location on any of our Palo Alto Firewalls, all of them match this to MU (Mauritius )This is incorre...

Packet Capture is getting on automatically in Palo Alto firewall

Hi Friends, We have a customer who is facing issue with Packet Capture. Due to few MP Issues we have asked the customer to reboot the firewall. After reboot customer has observed that in Packet Capture the options Filtering and Pre-Parse Match is turning on automatically. I was wondering is it an expected behavior or where can we check why it ...

4.png
Satyak by L3 Networker
  • 1089 Views
  • 1 replies
  • 0 Likes

HIP Check on Patch Management

I want to check if we can block connections if a device is missing critical patch (released May 2024) or any other critical patches within the last n months (where n is a user-defined timeframe).Can this be achieved with HIP configuration?

Resolved! Integrating FortiAuthenticator with PA Firewall for Multi-Factor Authentication on GlobalProtect

Hello, I need to integrate my FortiAuthenticator, which is located at a remote site, with my PA firewall to add additional authentication factors for users connecting to GlobalProtect. I haven't been able to find the documentation and procedures to accomplish this. I would appreciate it if someone with experience in this could provide the nece...

hamza_d by L1 Bithead
  • 6620 Views
  • 5 replies
  • 0 Likes

VPN over Multiple ISP connections

Hi, I am new to the PA world and I have the following design been given to setup. I am trying to find the best way to do this. I have done in Fortinet by creating SDWAN interface and it worked but not sure if Palo has the same kind of setup. If someone help me that would be great. Site Firewall -- 1.100 and 1.200 ( sub interfaces ) -- ( T...

gondolf by L1 Bithead
  • 2334 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks