Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! UserID domain name wrong

Hey everyone!

So, we've recently made the switch from Checkpoint firewalls to Palo Alto ones, and we're still ironing out some kinks in the setup. Right now, we're focusing on setting up app control rules and such.

But here's the thing: we've hit a

...

Resolved! Upgrading PAN-OS

Hi all,

I will upgrade the PA-3200 from pan OS 10.1.9 to 10.2.7-h3, do I need a base image of 10.2.0 for the upgrade process?

because i don't see documentation for the upgrading to 10.2.0

Thanks

Custom EDL List not getting Populated

Hi Community,

Have configured EDL IP & Domain's list. Test source URL is accessible but its not showing any entries in the list.
In IP list it showing only 0.0.0.0/32 but actual list is not showing.

Please advise.

Pan OS version: 10.2.7

Resolved! Should I upgrade PanOS to 11.1

Forgive my lack of knowledge but we have a PA-5410 running 10.2.4-h4. I was curious with 11.1 being out know if I should upgrade or stay on 10.2?

Study Guide PCNSE in contradiction with the Technical doc.

Hi !,

Just want to be sure please, The study guide page 181 mention that to use data port for HA1 link and management port as HA1 backup but it's not what is written in the technical doc... HA1 on Mgt port for PA without dedicated port and a data por

...

Certificate to secure 100 plus SD WAN PANFW management interface for webui

All

I plan to secure web interface for management of PANFW. we use data plane IP to manage all FWs. Is there way to deploy certs to each PAN via Panorama or it has to be done one by one. If any one did this before Please help and share

Thank you

...

Resolved! Software upgrade

Hi all,

Relatively new to palo and needing to do my first code upgrade. I need to upgrade from 9.1.5 to 10.1.6. This article has confused me a little: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-

...

Dynamic User Group Auto Remediation configuration

Zero Trust architecture is the new trend of Security Philosophy based on the principe, never trust and continuously verify trust, which means even if the user is authenticated and permitted to access corporate resources with least privileges usi

...

Agcinvokerutility.exe - Adobe Utility

Hi All,

Recently our Palo Alto flagged Agcinvokerutility.exe (Virus/Win32.Wgeneric.Eedlvy(624280308)) as malicious. A quick search on the virus signature on Virus total confirmed it to be highly malicious.

However, Agcinvokerutility.exe is also a

...

PA-410 GUI is very slow over IPsec vpn

We are deploying new PA-410,450,440 in remote location. From Head office firewall to Remote location there is an IPsec vpn.

When users from HO try to access PA-410 firewall over GUI it took 10 - 15 minutes to load. During this GUI loading data plan

...

Resolved! Palo alto contact for refund

Is there anyone that knows who to contact for purchased done on AWS.

-Palo Alto NGFW purchased on the aws market place

If you you know how to go about the refund let us know.

Thanks,

Resolved! DNAT not working

This is my topology. From 30.0.0.10 i would like to access the server 192.168.0.2 with the help of PA wan interface IP(30.0.0.1)
I have created DNAT and Security policy .

Object Prenat IP is 30.0.0.1/8 and Webserver Ip is 192.168.0.2/24,

...

Device Certificate unable renew automatically

Hi All,

Previously, the firewall PAN-PA-1420 had "Failed to renew device certificate. Invalid request. Authentication failed" until the device certificate status became Expired. This triggered an alert because the firewall couldn't establish a conn

...

XXF and building Security Policy

Hi all,

I would like to know how I would go about creating security policies based of the XFF headers please, any help would be appreciated.

I have read the documentation and I have to enable the XFF header

Select ->Device ->Setup ->Conten

...

SSL and TLS vulnerabilities

Hi Team,

We have to 2 Paloalto VM firewall running active-passive mode in AWS.

As a part of internal Pentest we go the below findings for the Active and passive firewall nodes. The result refers to SSL and TLS vulnerabilities.

Could you please suggest o

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! UserID domain name wrong

Resolved! Upgrading PAN-OS

Custom EDL List not getting Populated

Resolved! Should I upgrade PanOS to 11.1

Study Guide PCNSE in contradiction with the Technical doc.

Certificate to secure 100 plus SD WAN PANFW management interface for webui

Resolved! Software upgrade

Dynamic User Group Auto Remediation configuration

Agcinvokerutility.exe - Adobe Utility

PA-410 GUI is very slow over IPsec vpn

Resolved! Palo alto contact for refund

Resolved! DNAT not working

Device Certificate unable renew automatically

XXF and building Security Policy

SSL and TLS vulnerabilities

How to configure LACP at PA-440 firewall

Name: Virus/Win32.WGeneric.esxxcl Unique Threat ID: 752597582

Palo Alto does not support global certificates. Is there a solution?

Palo Alto Networks PA- 450 Next‑Generation Firewall to maintain uninterrupted BSNL SIP trunk services in the event of a primary internet link failure.

Request for VPN Capability Enhancement on Palo Alto Networks Firewalls

Re: Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Re: Tunnel Monitoring

Re: How to configure LACP at PA-440 firewall

Re: How to create a support case without a TCF file

Re: Activate ECMP without trafic disruption

Unlock your full community experience!

Rules and Best Practices

Resolved! UserID domain name wrong

Resolved! Upgrading PAN-OS

Resolved! Should I upgrade PanOS to 11.1

Resolved! Software upgrade

Resolved! Palo alto contact for refund

Resolved! DNAT not working