This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4595 Views
  • 0 replies
  • 1 Likes

ATP recommend\dis

Hello, We're currently using Threat Prevention (TP), which is performing well. We've caught dozens of threats and are satisfied with its effectiveness. I'm now exploring Advanced Threat Protection (ATP) and, to be honest, I'm struggling to make a clear decision about purchasing it. They mention it incorporates inline cloud analysis, which sounds...

chens by L3 Networker
  • 2405 Views
  • 2 replies
  • 0 Likes

Resolved! DNS Security - More Details When Domain is "Phishing"

Hi! I dare say this message probably won't go anywhere, but over the last week a developer at UoP was trying to use factorial-biomechanics.firebaseapp.com which was blocked by "DNS Security" as a phishing site. It has since been re-classified as benign. Presuming it was briefly a phishing site (and if we don't trust Palo Alto's categorisation,...

Issues with Captive Portal / Continue URL Filtering Response page on 10.1.12

Upgraded 30 days ago to 10.1.12. ~14 days ago started getting complains from users that sites are broken - getting "site cannot be reached". Sites that cannot be reached are site we specifically have "continue" action in our URL Filtering profile for Changing "continue" to either "alert" or "allow" fixes the issue Tested verting our "continue" R...

Rule UUID mismatch in Policies and Traffic Logs/Discrepancy in Rule UUIDs within Traffic Logs and Policy

Dear Team, We have 2 * PA-5250 Firewall Appliances configured in Active-Passive and managed by Panorama. PANOS version on both the firewalls and Panorama is PANOS: 10.1.12. Issue: I've noticed an inconsistency where the Rule UUID displayed in the Traffic Logs differs from the one shown in the actual Policy. Additionally, the Traffic Logs are...

NAT configuration

Hello I would like to have your support to help me for NAT configuration for both scenario Scenario1 Our customer request to create an IPsec tunnel between us (mycompany) and Customer. Our users need to reach Web server hosted on Customer site via the VPN IPsec. I want to hide our real IP of user with a dedicated NAT IP or NAT address and I ...

Failed to handle CONFIG_UPDATE_START

Hi All, I am getting this error while committing (Failed to handle Config_update_start) I have also gone through kb's articles where i found this is due to high dataplane utilisation. this error occurs due to High dataplane which increases from EDL's, address object etc But if i want to reduce address object or want delete my customised EDL...

Resolved! Insufficient data but still allowed the returning traffic to pass

Hi , We have a policy that has specific APPs and Service is any and I know that is permissive rule because it will match a lot of traffic until FW identify the APP . But , a user is testing through linux to see if the firewall is opened , test it with telnet for example and is responding that the port is open and is matching the security po...

Gfakis by L0 Member
  • 5996 Views
  • 4 replies
  • 0 Likes

Help me to fix this issues /possible solution

I am going to configure Palo alto 5250 firewall to branch Huawei router The device is not physically connected , i try to do static route from Palo alto to Huawei router router but the network is not reachable. kindly support me how to fix type of issues , Help me also kindly suggest me new solution for this type of network scen...

Zola12_0-1713777708464.png
Zola12 by L1 Bithead
  • 2567 Views
  • 5 replies
  • 0 Likes

Should we block HTTP range requests?

I have found a few short discussions about how to block range requests, and an article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJsCAK. My question is whether we should be blocking them because they present a threat. My understanding is that an HTTP response is scanned in a single pass as it streams through...

PANOS 10.2.8 NOT recommended: S2S VPN IKEv1, IKEv2 Prefered does not work anymore

Hi Everybody, We updated from 10.2.7 to 10.2.8 and had a lot of troubles with our Site-2-Site IKEv1, IKEv2 Prefered gateway connections. I'm not sure if the IKE Version is the root problem, but that was the pattern that was visible in the short time for this change. Phase 1 came not up, initiated in both directions. There are the msg in the ...

Resolved! Failed to install licenses. Web proxy license is not supported for this platform.

Hi team, I acquired a Web Proxy license intending to test Explicit and Transparent proxies. However, upon attempting to retrieve the license, I encountered an error stating, "Failed to install licenses. Web proxy license is not supported for this platform." VM-Firewall is hosted in the vm-ware ESXi. Also, I have fulfilled the prerequisites sp...

AkashThangavel_0-1713855196104.png
AkashThangavel_1-1713855335908.png
AkashThangavel_2-1713855418400.png

why drop rst packet

The customer is capturing packets on the firewall. Check the files in the receive stage and find that the firewall has dropped the rst message sent by the client in the session. Please refer to the screenshot for the file reference. Can someone tell me why the pa-firewall dropped this rst packet

receive.jpg
drop.jpg
Felixcao by L3 Networker
  • 4304 Views
  • 7 replies
  • 0 Likes
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks