This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4601 Views
  • 0 replies
  • 1 Likes

Unable to access Citrix Workspace Website using https.

Hi Friends, We have a customer who is using Citrix Workspace website for his internal organization. The issue here is the user is able to access the website with http://url. when the same user tried the same website using https://url it is not working. When we check the traffic logs we are getting application incomplete for 443. The policy is...

Satyak by L3 Networker
  • 1752 Views
  • 2 replies
  • 0 Likes

Aged-out traffic accessing a common web

Hi, recently I am facing an aged-out case for a typical web site, reachable without any issue from 4G for example. the traffic is not decrypted and after reading many articles I am running out of ideas. Checking the session info I saw a mismatch between the sport in the c2s flow and the dport in the s2c flows. Should not be the same port numb...

Unknown Source and Unknown Destination IP address showing in monitor logs

Hello Team, Good day to you !! ++We have one customer he facing issue with Unknown Source and Unknown Destination IP address showing in monitor logs. ++That Unknown Source IP address traffic is showing in monitor traffic logs with unknown destination IP address which does not belongs to your organization ++as we can see that there are multip...

How to Set Different Source IPs for Specific Syslog Servers

Hello, I am currently using PAN-OS on a PA-3420 device and looking for a way to configure it to send logs to specific Syslog servers using different source IP addresses. The standard Service Route configuration seems to use the same source IP for all Syslog servers, but I need to set different source IPs for different Syslog servers. Here is the...

Resolved! Is License effecting the IPSec and GP

We have PA3050 in HA cluster (Active/Passive) mode and we are upgrading the same into new PA1410 HA device The existing PA -3050 license will expire within 10 days and we are expecting the new device delivery may be after that date. What will be the impact of the following service once license expired in the existing devices Global Protect VP...

Farabi by L0 Member
  • 2791 Views
  • 1 replies
  • 0 Likes

Question above Forward Proxy Decryption implementation

Greeting all, I've tinkered with Forward Proxy Decryption a bit in the past and I want to revisit this for a limited rollout to our servers at least. My previous experimentation into the feature was for a Windows client so I understand the basics there in that you can add the certificate to the Windows cert store and most applications should ...

jsalmans by L4 Transporter
  • 1391 Views
  • 1 replies
  • 0 Likes

Palo Alto user account

Hi Our customer has a PA-440 firewall deployed with HA and we have a request about the creation of a user account that has a full access to the device over Web UI but it can't change delete or change password of admin account is it possible ? and how we can do that ?

Abdelhak by L1 Bithead
  • 3300 Views
  • 7 replies
  • 0 Likes

Firewall PA-460 Redundant Power Alarm

Hello, i have appliance Firewall PA-460. i do the testing power with this device. i had read the docs below. Interpret the LEDs on a PA-400 Series Firewall (paloaltonetworks.com) Replace a Power Adapter on a PA-400 Series Firewall (paloaltonetworks.com) I had several test below. 1. Place 2 adapter connect to firewall, its working normally. 2....

DennyChanditya_1-1664258001690.png
DennyChanditya_0-1664257834327.png

Resolved! Layer 2 Interfaces with No VLANs

Hi, I have created following topology in PA (10.1.0) virtual lab to test "Layer 2 Interfaces with No VLANs". Topology :- PC-1 --> L2 INT(None) - PA-VM - L2 INT(None) --> PC-2 I'm unable to establish connectivity between PC-1 and PC-2. Both Ingress/Egress interface configured under same zone. Also, while capturing the traffic I obs...

MageshKumarG_0-1714542313986.png

no_matches error

Hello, I am having a problem accessing the Palo Alto cli/web. I recently took the trial version of 30 days, but I always come across the following message when trying to log in. "cfg.general.need-acknowledgement-to-login' no_matches". I've left more than 30 minutes on and always the same message. I'm trying to log in with username and pas...

eax0x01_0-1689706447271.png
eax0x01 by L2 Linker
  • 15874 Views
  • 23 replies
  • 0 Likes

Device Telemetry is Showing Invalid Regions

Hi Friends, Recently one of our customer has faced some issue in their firewall internally due to which they had to perform a factory reset. After getting back the device up and fine we found a issue where commit is getting failed with Invalid Telemetry region. When we are trying to add the telemetry from the CLI of the firewall we are seein...

Satyak by L3 Networker
  • 8673 Views
  • 1 replies
  • 1 Likes

Palo Alto - previous software disappeared after uploading 11.1.0-h3 version

Hello, I wanted to update out Palo Alto 440 to a newer version and manually uploaded the 11.1.0-h3, however afterwards I can't see the previously uploaded softwares. When I checked in cli, they show up but with size 0 and I can't reupload any of them because it says they already exist. Now what can I do? If I reboot the device will it stop worki...

Should I override the intrazone-default to deny?

TL;DR: yes, almost always. We've had plenty of discussions on the behaviour of this default rule, and published Security Policy Rule Best Practices (paloaltonetworks.com) which provide guidance for logging. We've even discussed the results of these best practices, which often lead to the uninformed creating explicit policy to block what they n...

mb_equate by L3 Networker
  • 11647 Views
  • 10 replies
  • 0 Likes
  • 1587 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks