This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4552 Views
  • 0 replies
  • 1 Likes

Resolved! PA-220 Unable to install Panos from 10.0.0 to later version

I was trying to upgrade a PA220 from 9.1.X to 10.1.12. The Plan is to upgrade to 10.0.0(Install &Reboot) --->10.1.0 -->10.1.12(Install & Reboot) After upgrading to 10.0.0, auto-commit completed and system is up and running without any issue. However, when I try to install 10.1.0 or 10.1.12. getting the below error. Failed to ...

Puvi12 by L2 Linker
  • 4754 Views
  • 3 replies
  • 0 Likes

Path monitoring vs BGP

Hey community, We have a dual ISP environment, when one is used as a backup if the primary line stops working. I'm wondering what would be the best approach to configure HA in this situation (on the VR). I did it with path monitoring as it seems much simpler and straight forward. But can't decide if BGP is the better option for this scenario. ...

Stuck in - Server rebooting - please wait while the server reboots

I have a PA440 running PanOS 10.1.3, it seems to be processing traffic normally, but I cannot reach the GUI, it seems stuck at this loading page. The external interface is pinging just fine. I have CLI access, what command lines can I run to troubleshoot, diagnose, and resolve this issue? I'd like to not reboot this device, but if I must then I ...

pa440_serverrebooting.png

Security Rule hitcount not incrementing, but traffic monitor shows rule being used on PA-850

Hi Community! Recently I stumbled upon this weird behavior where a security rule shows 0 hit-count, but when looked under the traffic monitor lots of traffic is being allowed by that rule. This is the rule in question (0 hit count marker): This is the traffic monitor logs, where we can see the rule being used: Does someone know why the hit c...

Juan_Alvarez_0-1666649841977.png
Juan_Alvarez_1-1666649982899.png

Nmap open port

I find myself confused regarding the following case: when running a scan with nmap on an IP address that was previously on my access list, nmap indicates that the ports are still open.C:\Program Files (x86)\Nmap>.\nmap.exe xxx.xxx.xxx.xx -p 22,3389,5900,1433,3306,21,110,143,23,6667,1025,548,143,23,667,1025,548,445,139,135,1026Starting Nmap 7....

Captura de pantalla 2024-03-19 090038.png
dc93ra by L0 Member
  • 3062 Views
  • 1 replies
  • 0 Likes

Resolved! Slow Internet upload behind PA-850

Hi, Background : We have a pair of a HA PA-850 attached to a 200/200 Mbps Internet line When we do the speedtest direct attach to the service provider's CPE, we can get 179/190 Then we gone through another test behind the HA pair , the speed drops to 177/47 (there is no other equipment connected for the time being) We have cross-check:1...

JT_TBIT by L0 Member
  • 2769 Views
  • 3 replies
  • 0 Likes

Nat 64 feature PA 460

Hello everyone, one of my customer have a PA 460 and he ask me If he can use NAT64 on it. In Palo Alto docs it seems that it depend on the panorama OS version and not on the compliance. But on the hardware documentation, it doesn't mention NAT64. I only have read access on his firewall for the moment so i cant check it by myself.

brtkcns by L0 Member
  • 1442 Views
  • 3 replies
  • 0 Likes

HA path group

I am trying to setup HA path group but as seen below between FW and ISP we have L2 switches. what is the optimum solution for path monitoring since L2 switch hardly goes down ? By the way Panorama manages the FW

EOdeh_1-1710534820057.png

Palo session application is undefined, traffic is dropped

HI All, We have PA5220, we have Pulse VPN in DMZ area, and when i try to connect vpn, i can see the sessions showing in PA, but application shows undefine, then i can not login the vpn after timeout. I also can not ping to VPN address(DNAT address). Would you please help check? Thank. I have attached the session picture int the attachment ...

abai by L1 Bithead
  • 1972 Views
  • 3 replies
  • 0 Likes

Resolved! Add Cold DR to a existing environment

Hello, I have a Panorama that manages several clusters with a dedicated device-group and template For one of them my customer bought a single firewall as a Cold DR to put in a different DC. Considering the following scenario:- Cluster-Intranet (active/standby) with member (Intranet01 and Intranet02) - new DR name will be IntranetDR Before the a...

  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks