This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4563 Views
  • 0 replies
  • 1 Likes

SSL Inspection

Hello I configured my firewall with SSL decryption. Regarding the certificate, what is the best practice ? Is-it to generate the certificate used for Outbound traffic from our internal PKI (with the problem to deploy the certificate on Linux system or application who not use Windows store) or to generate certificate from our public authority ?...

Resolved! Old Content Update Release Notes

Hi! Is there a way to see Release Notes from "old" (a year old) Content Updates (Apps & Threats)? I can't see them on the PANOS Dynamic Updates tab and I wanted to know if there is some database with all the content release notes. Thanks!Panorama

mR00t_s5 by L2 Linker
  • 2545 Views
  • 2 replies
  • 0 Likes

Resolved! Request help with the exact meaning of these IPsec event alerts for Palo Alto.

Hello All, I would like to know what is the meaning of the typical events we observe in the IPsec details in the monitor logs. ikev2-nego-ike-succ ikev2-nego-child-succ ipsec-key-install ikev2-nego-child-start ikev2-nego-ike-dpd-dn ipsec-key-delete ikev2-nego-stale-p2 ikev2-nego-ike-succ ipsec-key-expire

Kandarp_Desai_0-1678092309340.png

Resolved! Cannot ping inside interface from Windows PC with inside interface set as GW

I'm going a little bit crazy. I have a super simple setup, I have a Windows PC @ 10.0.0.10 My PA 440 has 10.0.0.11 as its MGT Interface and all communications between the Windows PC and the management interface work fine. I have an inside interface set as eth 1/8 Layer 3 with an IP of 10.0.0.1 and its assigned to the inside zone. Eth 1/8 is al...

Service/URL category

Microsoft Defender has a lot of endpoints it seems. I started a custom URL list with all the URLs needed for defender, created a policy in a global device template and said "Allow any source, any destination, using SSL, Web-Browsing, and windows defender atp app, using application default. I put the URL list I created in URL category area and di...

DDoS Profiles

How does one go about getting the realistic values for your environment to plug into the DDoS profile or even the zone protection profile? How do you see how many SYNs you are getting per second/min etc?

CVE-2024-3400 PAN-OS CLI Check

Runing the following check on device for exploit activity, but it does not give any results. I run --> grep pattern "failed to unmarshal session(.\+.\/" mp-log gpsvc.log* No output is given. Is there an output file or something? How do I use the above command to check?

ATP recommend\dis

Hello, We're currently using Threat Prevention (TP), which is performing well. We've caught dozens of threats and are satisfied with its effectiveness. I'm now exploring Advanced Threat Protection (ATP) and, to be honest, I'm struggling to make a clear decision about purchasing it. They mention it incorporates inline cloud analysis, which sounds...

chens by L3 Networker
  • 2366 Views
  • 2 replies
  • 0 Likes

Resolved! DNS Security - More Details When Domain is "Phishing"

Hi! I dare say this message probably won't go anywhere, but over the last week a developer at UoP was trying to use factorial-biomechanics.firebaseapp.com which was blocked by "DNS Security" as a phishing site. It has since been re-classified as benign. Presuming it was briefly a phishing site (and if we don't trust Palo Alto's categorisation,...

Issues with Captive Portal / Continue URL Filtering Response page on 10.1.12

Upgraded 30 days ago to 10.1.12. ~14 days ago started getting complains from users that sites are broken - getting "site cannot be reached". Sites that cannot be reached are site we specifically have "continue" action in our URL Filtering profile for Changing "continue" to either "alert" or "allow" fixes the issue Tested verting our "continue" R...

Rule UUID mismatch in Policies and Traffic Logs/Discrepancy in Rule UUIDs within Traffic Logs and Policy

Dear Team, We have 2 * PA-5250 Firewall Appliances configured in Active-Passive and managed by Panorama. PANOS version on both the firewalls and Panorama is PANOS: 10.1.12. Issue: I've noticed an inconsistency where the Rule UUID displayed in the Traffic Logs differs from the one shown in the actual Policy. Additionally, the Traffic Logs are...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks