This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

Should we block HTTP range requests?

I have found a few short discussions about how to block range requests, and an article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClJsCAK. My question is whether we should be blocking them because they present a threat. My understanding is that an HTTP response is scanned in a single pass as it streams through...

PANOS 10.2.8 NOT recommended: S2S VPN IKEv1, IKEv2 Prefered does not work anymore

Hi Everybody, We updated from 10.2.7 to 10.2.8 and had a lot of troubles with our Site-2-Site IKEv1, IKEv2 Prefered gateway connections. I'm not sure if the IKE Version is the root problem, but that was the pattern that was visible in the short time for this change. Phase 1 came not up, initiated in both directions. There are the msg in the ...

Resolved! Failed to install licenses. Web proxy license is not supported for this platform.

Hi team, I acquired a Web Proxy license intending to test Explicit and Transparent proxies. However, upon attempting to retrieve the license, I encountered an error stating, "Failed to install licenses. Web proxy license is not supported for this platform." VM-Firewall is hosted in the vm-ware ESXi. Also, I have fulfilled the prerequisites sp...

AkashThangavel_0-1713855196104.png
AkashThangavel_1-1713855335908.png
AkashThangavel_2-1713855418400.png

why drop rst packet

The customer is capturing packets on the firewall. Check the files in the receive stage and find that the firewall has dropped the rst message sent by the client in the session. Please refer to the screenshot for the file reference. Can someone tell me why the pa-firewall dropped this rst packet

receive.jpg
drop.jpg
Felixcao by L3 Networker
  • 4127 Views
  • 7 replies
  • 0 Likes

IP sec tunnel

Hi Team, We have multiple IP-sec tunnels and want to clean up unused tunnels. Like we have the option of an unused rule for security policy, or we will know by its hit count, is there any similar way we can find out an unused tunnel so we can delete it?

TSF file upload

I am trying to open a case in the portal for one of our customers and the page is not working. I have a TSF to upload as I believe our customer has evidence of exploitation of CVE-2024-3400

Microsoft Defender Outbound traffic policy

Trying to slim down a rule for outbound traffic with clients using MS defender. I built a custom URL list of the defender urls provided by MS. Added it to the policy under service/url category. The apps used are ms-update, ssl, web-browser, windows-defender-atp. The issue is I see traffic hitting ssl in the logs with url category as "any" whic...

PBR using Route failover

Hi All, Our organisation purchased two Mpls link and wants to configure an PBR like such 1) All intranet traffic like dns, ntp shoud go via primary MPLS 2) All internet related traffic should go via Secondary MPLS 3) In case Primary MPLS goes down all traffic (intranet and internet) should go via Secondary MPLS and vice versa. Please let m...

Diabled Application in VSYS1

I have received an high risk alert on PA3250 IOS 9.1.16 "Disabled applications in vsys1: 104apci-unnumbered-startdt-act 104apci-unnumbered-startdt-con 104apci-unnumbered-stopdt-act 104apci-unnumbered-stopdt-con 104apci-unnumbered-test-act 104apci-unnumbered-test-con 104asdu-file-transfer-type120 104asdu-file-transfer-type121 104asdu-file-transf...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks