This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4552 Views
  • 0 replies
  • 1 Likes

Firewall already registered and upgrade path

Hello we have got a customer and they have purchased 5 X PA1400 series Customer has CSP account and he registered one PA and it went well but when he tried to register 2nd PA , it shows This serial number is already registered . How is this possible ? Is this related to any Auth code or something ? Secondly , customer has PA 3200 series...

How could i drop"unknown RADIUS authentication protocol"?

Hi! Recently we were receiving in our environment alerts of failed authentications from different random IP's and random usernames, i was able to reduce them following the next article: Detecting Brute Force Attack on GlobalProtect Portal Page - Knowledge Base - Palo Alto Networks, and creating a dynamic list, adding tags with forward logs, drop...

RTudon_0-1717006652029.png
R.Tudon by L1 Bithead
  • 1219 Views
  • 0 replies
  • 0 Likes

Radius Authentication Profile

hello I am configuring a GP gateway for Radius Authentication I am using the CLI test authentication command to test I can ping the Radius host and confirmed Secret my troubleshooting shows packets allowed by the Security policy I cannot see any packets to the Radius host in the packet captures in any of the stages what do you think my n...

S.Byrne by L3 Networker
  • 3337 Views
  • 4 replies
  • 0 Likes

PA-3260 HA firewalls flapping - Dataplane restarts, PanOS-10.2.5

Hello Experts We have a pair of HA PA-3260 firewalls and we are running into issues of multiple random dataplane restarts causing HA failover. We were initially on 10.2.4-h2 and after facing the issue with random restarts decided to upgrade to the 10.2.5 release. From the below article, this should have been resolved in 10.2.5. Still, we are...

Resolved! Has there been any recent change from Palo side in regards to blocking traffic to AWS Services such as Sagemaker and Bedrock?

My customers has observed that all of a sudden they were unable to access AWS Sagemaker service from their AWS console. Observed that that firewall was blocking this traffic and customer has to add application "amazon-sagemaker" explicitly in their configuration for it to work. There was no change from their end. Has there any changes from Palo ...

Intermittent inet connectivity after updating to 10.2.8-h3

We're currently running on 10.2.3-h9 (PA-440's in HA pair Active/Passive) with remediation steps put in place for CVE-2024-3400 and Telemetry disabled. We attempted to migrate to 10.2.8-h3 as it is listed as a preferred release and fix for the CVE as listed by PA. The update process went as expected and everything appeared to be completely func...

Network Cutoff when pushing a Configuration Change to Logical Router

Hi Team, We have faced a network Outage when pushing any Logical Router related configuration from Panorama to our managed firewalls. For example when associating new configured sub-interface to a logical-router and push the configuration to firewalls, there is a network outages for all existing production VLANs. For example, When adding a...

Unable to access Citrix Workspace Website using https.

Hi Friends, We have a customer who is using Citrix Workspace website for his internal organization. The issue here is the user is able to access the website with http://url. when the same user tried the same website using https://url it is not working. When we check the traffic logs we are getting application incomplete for 443. The policy is...

Satyak by L3 Networker
  • 1704 Views
  • 2 replies
  • 0 Likes

Aged-out traffic accessing a common web

Hi, recently I am facing an aged-out case for a typical web site, reachable without any issue from 4G for example. the traffic is not decrypted and after reading many articles I am running out of ideas. Checking the session info I saw a mismatch between the sport in the c2s flow and the dport in the s2c flows. Should not be the same port numb...

Unknown Source and Unknown Destination IP address showing in monitor logs

Hello Team, Good day to you !! ++We have one customer he facing issue with Unknown Source and Unknown Destination IP address showing in monitor logs. ++That Unknown Source IP address traffic is showing in monitor traffic logs with unknown destination IP address which does not belongs to your organization ++as we can see that there are multip...

How to Set Different Source IPs for Specific Syslog Servers

Hello, I am currently using PAN-OS on a PA-3420 device and looking for a way to configure it to send logs to specific Syslog servers using different source IP addresses. The standard Service Route configuration seems to use the same source IP for all Syslog servers, but I need to set different source IPs for different Syslog servers. Here is the...

Resolved! Is License effecting the IPSec and GP

We have PA3050 in HA cluster (Active/Passive) mode and we are upgrading the same into new PA1410 HA device The existing PA -3050 license will expire within 10 days and we are expecting the new device delivery may be after that date. What will be the impact of the following service once license expired in the existing devices Global Protect VP...

Farabi by L0 Member
  • 2728 Views
  • 1 replies
  • 0 Likes

Question above Forward Proxy Decryption implementation

Greeting all, I've tinkered with Forward Proxy Decryption a bit in the past and I want to revisit this for a limited rollout to our servers at least. My previous experimentation into the feature was for a Windows client so I understand the basics there in that you can add the certificate to the Windows cert store and most applications should ...

jsalmans by L4 Transporter
  • 1363 Views
  • 1 replies
  • 0 Likes
  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks