This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4600 Views
  • 0 replies
  • 1 Likes

Resolved! Slow Internet upload behind PA-850

Hi, Background : We have a pair of a HA PA-850 attached to a 200/200 Mbps Internet line When we do the speedtest direct attach to the service provider's CPE, we can get 179/190 Then we gone through another test behind the HA pair , the speed drops to 177/47 (there is no other equipment connected for the time being) We have cross-check:1...

JT_TBIT by L0 Member
  • 2818 Views
  • 3 replies
  • 0 Likes

Nat 64 feature PA 460

Hello everyone, one of my customer have a PA 460 and he ask me If he can use NAT64 on it. In Palo Alto docs it seems that it depend on the panorama OS version and not on the compliance. But on the hardware documentation, it doesn't mention NAT64. I only have read access on his firewall for the moment so i cant check it by myself.

brtkcns by L0 Member
  • 1474 Views
  • 3 replies
  • 0 Likes

HA path group

I am trying to setup HA path group but as seen below between FW and ISP we have L2 switches. what is the optimum solution for path monitoring since L2 switch hardly goes down ? By the way Panorama manages the FW

EOdeh_1-1710534820057.png

Palo session application is undefined, traffic is dropped

HI All, We have PA5220, we have Pulse VPN in DMZ area, and when i try to connect vpn, i can see the sessions showing in PA, but application shows undefine, then i can not login the vpn after timeout. I also can not ping to VPN address(DNAT address). Would you please help check? Thank. I have attached the session picture int the attachment ...

abai by L1 Bithead
  • 2040 Views
  • 3 replies
  • 0 Likes

Resolved! Add Cold DR to a existing environment

Hello, I have a Panorama that manages several clusters with a dedicated device-group and template For one of them my customer bought a single firewall as a Cold DR to put in a different DC. Considering the following scenario:- Cluster-Intranet (active/standby) with member (Intranet01 and Intranet02) - new DR name will be IntranetDR Before the a...

Resolved! PAN-PA-445

Hello all, Could you please give me correct ECCN for firewall PA-445 or some look up tool list with all products where could I find ECCN? Thank you. Best regards,

smacura by L1 Bithead
  • 2309 Views
  • 3 replies
  • 0 Likes

Resolved! Multi Virtual System Capability option is missing

Hey community, I'm setting up a new PA-450 FW, which we will use in the future with Multi Virtual Systems Capability. So I wanted to enable it ahead to eliminate problems in the future, but it seems like I'm missing the option to enable it ( Device> Setup> management> edit General Settings). I attached a screenshot for reference. In t...

EDL and FQDN ID Tools

Community, I wanted to provide an announcement of a couple of open source tools that I have written and published for External Dynamic Lists (EDL) manager as well as a method for identifying domains in use for SaaS applications that can be used independently or in conjunction with each other. The primary project name for the EDL manager is K...

HA1 Interfaces PA-1410 + interfaces dell

Hi PA-1410 comes with it's own rj45 ports for HA1-A and HA1-B. For HA2 it has a dedicated port that needs a SFP. My question is the following: Can we add 1 Gbps SFP fiber modules to the firewall and configure them as HA1/HA2 or is it mandatory to use the dedicated one's with rj45? Besides this I wanted to check with you if Dell Twinax 10 Gbps ca...

Threat detections of "Canonical ksmbd-tools ksmbd.mountd ndrwritebytes Heap Buffer Overflow Vulnerability(94951)" in Windows server traffic

Anyone else seeing the following alerts:tcp,alert,"gpt.ini",Canonical ksmbd-tools ksmbd.mountd ndrwritebytes Heap Buffer Overflow Vulnerability(94951) But this is being detected in traffic between 2 Windows server, so it doesn't make sense. Seems to be a false positive.

Megawatt by L1 Bithead
  • 4797 Views
  • 5 replies
  • 0 Likes

Resolved! Connection to Panorama for new deployment failing

Hi, I have the following issue I am running panorama 10.2.7h3 my new device P440 is also running 10.2.7h3. When I want to onboard the device into panorama it is not working. I am onboarding the device with Authenticatio keys. Following the below procedure. Add a Firewall as a Managed Device (paloaltonetworks.com) I have also reset the secure c...

zGomez_0-1707923254038.png
zGomez by L3 Networker
  • 7911 Views
  • 4 replies
  • 0 Likes

PA-850 Static NAT between 2 Switches

Hello all. Looking for help here. I am trying to create a static NAT between two switches using a vwire, but it doesn't seem to be working. Can someone please provide steps on how to make this happen? I do not wish to insert routers between the switches, and wasn't sure if this was possible. I'm new to networking and firewalls, and have bee...

zbSA24 by L1 Bithead
  • 2940 Views
  • 7 replies
  • 0 Likes

SMB share - Right clicking shared folder and selecting folder properties

Hi all, We have observed an issue with an SMB share which traverses our PA FW. The initial rule was setup simply such that the client was allowed to access the remote SMB share in the firewall rule base by use of the inbuilt ms-ds-smb application container. Client was able to browse to the folder fine and upload/download files fine with no...

dmellors by L0 Member
  • 3719 Views
  • 2 replies
  • 0 Likes
  • 1587 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks