This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4558 Views
  • 0 replies
  • 1 Likes

Resolved! Auto Commit stuck at 11.0.2-h2 PA-410

We have new PA-410 Device which comes with pre-install PAN-11.0.2-h2. FW Auto commit keeps failing and starting again & again. Steps we tried: --- 1. Firewall reboot. 2. Factory reset done. 3. Tried to downgrade the PAN-OS to previous version but it failed with error " Auto-commit in queue and cannot process this task". Please suggest i...

Policy to allow specific Windows share

I'm trying to find out if it's possible with a Palo firewall to allow access from a DMZ machine to a windows share on an internal file server, however, I would like to allow access to a specific share. The file server on the internal network has several internal use shares. I need a place for a DMZ hosted app to dump files on an internal serve...

Facing an issue in a SD-WAN auto zone mapping to the Branch Firewall

Hi team, I require assistance with Pan-OS SD-WAN. Upon adding a device to the SD-WAN devices, I proceeded to create an auto BGP policy for a branch location. However, when checking the policy for the branch device group, I observed that it added 'zone-to-Branch' to both the source and destination zones. I was expecting it to be 'zone-to-hub.' ...

AkashThangavel_3-1709545775327.png
AkashThangavel_1-1709545730398.png
AkashThangavel_4-1709545791508.png

Resolved! Spyware threat alerts

I would like to validate if the below monitored traffic on our internal firewall is service-affecting. How can we address this dropped traffic? How can we cleanup these alerts? The same alert is shown on another FW 3430. Is it a normal behavior of firewall management IP to send DNS query?

Warnings in certificate.

Hello team:From your support; by browser I get the following warnings "NET::ERR_CERT_COMMON_NAME_INVALID" subsequently ERR_SSL_KEY_USAGE_INCOMPATIBLE, this validating in chrome and microsoft edge. Consequently I do not login to the portal, but it is working, GP agents connect without problem.The SSL/TLS profile, Min version "tlsv.1".o and max ve...

Resolved! How to check not detected open or allowed ports in service rule policy

NGFW Hi, Any idea if there is a tool to trace in PA5220 to check the un-detected open or allowed ports in rule policy. For example from a source IP 192.168.x.x.x. to a destination public IP (web server) . In the service I only specify port 443 but upon checking there are a lot of open ports that were allowed. This poses a security vulnerability...

giozapa by L0 Member
  • 3798 Views
  • 2 replies
  • 0 Likes

Resolved! Configuring DHCP Server for Hostname-Based IP Assignment with Three IP Range

My goal is to set up a DHCP server capable of allocating IP addresses according to the hostnames of client machines. Here are the specific requirements: We require the DHCP server to oversee three separate IP ranges. For hostname-based IP assignment: Client machines with hostnames starting with "win*" should be assigned IP addresses from Range ...

hamza_d by L1 Bithead
  • 5788 Views
  • 4 replies
  • 0 Likes

HA traffic failover not wotking.

This is my HA configuration, PC 1 is 10.0.0.10 and PC2 is 30.0.0.15, I have configured HA active-passive.HA is formed between Both Palo Alto but Failover is not working.When I do failover the Passive becomes active however it is not responding for the ping from PC1 or From Pc2, I am doing continous ping from Pc1 to pc2. What I noticed is Palo is...

ArunKumar7_0-1708965333841.png

Resolved! OpenSSH verification and upgrade

Aside from checking in the OSS listing, how can i verify the current OpenSSH version installed on the Palo Alto device. Also how can we upgrade it to a recommended version? Current firmware version: 10.2.6 Based on OSS listing, OpenSSH version is: 8.0p1

Resolved! URL filtering not working

My issue is that the url filtering isn't working. I for example, I can browse to urlfiltering.paloaltonetworks.com/test-adult and it isn't blocked. This is on a PA-220. It is currently running 10.1.3-h3. Earlier today, I noticed that the URL filtering license was expired, but I just did "retrieve license keys from license server" and now it sh...

nwnetadmin_0-1708648821131.png

Resolved! Bandwidth

Hello team, This is my first time here. I have two palo alto to replace and i need to find out the current bandwidth get used on the site, Is there a specific command on the cli or GUI i can find out what bandwidth get used on the site please?

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks