This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4604 Views
  • 0 replies
  • 1 Likes

PA-850 Static NAT between 2 Switches

Hello all. Looking for help here. I am trying to create a static NAT between two switches using a vwire, but it doesn't seem to be working. Can someone please provide steps on how to make this happen? I do not wish to insert routers between the switches, and wasn't sure if this was possible. I'm new to networking and firewalls, and have bee...

zbSA24 by L1 Bithead
  • 2947 Views
  • 7 replies
  • 0 Likes

SMB share - Right clicking shared folder and selecting folder properties

Hi all, We have observed an issue with an SMB share which traverses our PA FW. The initial rule was setup simply such that the client was allowed to access the remote SMB share in the firewall rule base by use of the inbuilt ms-ds-smb application container. Client was able to browse to the folder fine and upload/download files fine with no...

dmellors by L0 Member
  • 3731 Views
  • 2 replies
  • 0 Likes

Monitoring Subinterfaces with zabbix

I would like to ask if you have experience with integrating Zabbix and Palo Alto FW. I have an issue with graphs traffic on subinterfaces as it is not accurate compared to the port connected on the other end. For example, on the switch port, I see 20Mbps traffic in, but on the Palo Alto interface connected to that same switch, I see 1.2Mbps traf...

inglpa by L0 Member
  • 1642 Views
  • 0 replies
  • 0 Likes

USER_ID mapping constantly changing with Zscaler App

Hi Team, We are facing an issue where PA user authenticated access from ZScaler app connect servers is failing intermittently. Access through PA FW to a server network using user authentication is failing intermittently when connections are made from a pair of ZScaler app connector servers. CLI command "show user ip-user-mapping ip-address-o...

PaloAlto to Watchguard Site to Site connects but passes no traffic to parts of the Watchguard site.

Looking to see if anyone has come across this issue. We have setup a site-to-site tunnel to another location. We have a PA460 running 10.7.h3 and the other location uses a watchguard firewall with NetMotion for their Vpn clients. When we connected, the clients running NetMotion can't reach applications or the local network can't, this depends on...

how to monitor encryption domains in VPN Palo Alto

Best regard Equipment We are currently experiencing an issue with one of our VPNS that we have configured against Azure on a 5200 series FW The problem that arises is that of 10 configured domains, 5 are going down for no reason, since the traffic to these encryption domains is constant and this has generated different types of incidents. Do you...

aalfaro by L2 Linker
  • 2470 Views
  • 1 replies
  • 0 Likes

Resolved! Auto Commit stuck at 11.0.2-h2 PA-410

We have new PA-410 Device which comes with pre-install PAN-11.0.2-h2. FW Auto commit keeps failing and starting again & again. Steps we tried: --- 1. Firewall reboot. 2. Factory reset done. 3. Tried to downgrade the PAN-OS to previous version but it failed with error " Auto-commit in queue and cannot process this task". Please suggest i...

Policy to allow specific Windows share

I'm trying to find out if it's possible with a Palo firewall to allow access from a DMZ machine to a windows share on an internal file server, however, I would like to allow access to a specific share. The file server on the internal network has several internal use shares. I need a place for a DMZ hosted app to dump files on an internal serve...

Facing an issue in a SD-WAN auto zone mapping to the Branch Firewall

Hi team, I require assistance with Pan-OS SD-WAN. Upon adding a device to the SD-WAN devices, I proceeded to create an auto BGP policy for a branch location. However, when checking the policy for the branch device group, I observed that it added 'zone-to-Branch' to both the source and destination zones. I was expecting it to be 'zone-to-hub.' ...

AkashThangavel_3-1709545775327.png
AkashThangavel_1-1709545730398.png
AkashThangavel_4-1709545791508.png

Resolved! Spyware threat alerts

I would like to validate if the below monitored traffic on our internal firewall is service-affecting. How can we address this dropped traffic? How can we cleanup these alerts? The same alert is shown on another FW 3430. Is it a normal behavior of firewall management IP to send DNS query?

Warnings in certificate.

Hello team:From your support; by browser I get the following warnings "NET::ERR_CERT_COMMON_NAME_INVALID" subsequently ERR_SSL_KEY_USAGE_INCOMPATIBLE, this validating in chrome and microsoft edge. Consequently I do not login to the portal, but it is working, GP agents connect without problem.The SSL/TLS profile, Min version "tlsv.1".o and max ve...

Resolved! How to check not detected open or allowed ports in service rule policy

NGFW Hi, Any idea if there is a tool to trace in PA5220 to check the un-detected open or allowed ports in rule policy. For example from a source IP 192.168.x.x.x. to a destination public IP (web server) . In the service I only specify port 443 but upon checking there are a lot of open ports that were allowed. This poses a security vulnerability...

giozapa by L0 Member
  • 3883 Views
  • 2 replies
  • 0 Likes
  • 1589 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks