This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

Running 11.1.2 in production

Hi everyone I read that 11.1.2 is now the preferred release for 34xx, and desiring to upgrade due to some of the new features, I find myself concerned about this known issue: PAN-224763 - A TDB engine version mismatch issue affecting all firewalls, which in turn produces heartbeat failures, can cause the firewall to crash when installing conte...

SomeSuch by L1 Bithead
  • 2448 Views
  • 2 replies
  • 0 Likes

Firewalls communicating to public IPs on Management Interface

We are currently seeing the Management Plane of our Palo Alto Firewalls communicating to the following IP-Addresses: 34.96.84.34 107.178.249.217 35.238.108.32 This communication occurs on different Platforms. We see more activity since PAN-OS 10, currently on PAN-OS 10.2.3 Disabled all telemetry on the firewall Disabled PAN-OS Edge Service N...

mattlede by L1 Bithead
  • 7197 Views
  • 4 replies
  • 1 Likes

AWS-Palo VPN Phase-2 Rekeying

HI Team We have an issue with AWS Site to Site VPN, where we can see continuous rekeying of Phase-2 tunnels. It's a PA-3220 HA pair. It started happening recently as we can see previously the rekey did happen only after the Lifetime expired (Phase-2 Lifetime set to 3600 sec on both Palo and AWS). This VPN has been in place for over a year with...

Resolved! Security settings on NGFW to block dangerous user agent

Hi All, Good morning! I would like to get guidance from you regarding how to block user agents on Paloalto NGFW. I mean, when I am managing Web Application Firewalls (WAF) from other provider. I am able to configure a section within the security section in the WAF, where I can block bad bots, and any other bad user agent (e.g. python, Go lan...

Palo Alto PA 5220 running on 10.1.10 H2 is not mounting /dev/sd9 partition

When we booted up the firewall we're getting an error that AutoCommit failed to complete. This was seen while mounting the raid partitions, specifically /dev/sd9. After referring the documentation existing on Palo Alto community, in the link https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkxPCAQ&lang=en_US%E2%80%A9...

anfasks by L0 Member
  • 1351 Views
  • 0 replies
  • 1 Likes

Resolved! How check NGFW valid for April 2024 Cert Advisory

Regarding the Certificate advisory for April 2024 and November 2024, if doing option 1, have content update and doing a reboot. This being good enough for the April 2024 deadline. How can you verify on the Panorama or NGFW that you are valid? The commands in the advisory FAQ 9, only work if you do Option 2 and upgrade to the recommended hotfix....

IPsec tunnel PA-Forcepoint Up but no traffic passing through

Hi , I'm configuring an ipsec tunnel between PA-5410 (route based )and Forcepoint Firewall (policy based), and showing up but when i try to ping from LAN-to-LAN i could not recieve any trafic or logs . from system log, ""PSec key deleted. Deleted SA: 172........[500]-.............peer[500] SPI:0xA83E98C1/0x3D6DB38C.'"" and ( eventid eq 'ips...

SIP TRunk over PA6-440 not working

Hi we have just migrated from Cisco ASA to palo alto 440 firewall we have a SIP trunk between IP telephony server CUCM installed on our site and another installed on remote site the communication is done over a tunnel ipsec VPN from our site we can ping from CUCM locally to the remote the communication is full allowed between servers (i can see ...

Abdelhak by L1 Bithead
  • 1681 Views
  • 1 replies
  • 0 Likes

Resolved! Need Assistance for recover Customer Support portal account

Hi team, I hope all are doing great. I am facing a problem that is, We have PaloAlto firewalls and these firewall are licensed. But now we are unable to remember which email account was used for customer support portal account. Now we need to know which account was use for and also need to reset password of that account. This solution is ver...

Al-Amin by L2 Linker
  • 2232 Views
  • 2 replies
  • 0 Likes

Custom URL to match allow policy matches halfway through URL

Custom URL category containing one line similar to this: abc.com/string1-string2/string3-string4/string5 After the domain name are a series of strings with some dashes and forward slashes. String5 is meant to be a filename in the string3-string4 directory. The URL category matches in an allow rule for web-browsing port 80 traffic. No decryption ...

Resolved! 3260 Upgrade to 11.1.0

Hey Community, My environment recently went through some changes requiring it to be shutdown for a few months and be moved to a new location. It is now settled in and back up, however we still do not have internet yet and I want to start patching the many fixes we missed and to fix the ongoing certificate expiration issue. I have managed to down...

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks