Next-Generation Firewall Discussions

Palo Alto PA-3400 Series degraded specs vs 3200 Seires

Dear Palo Alto Community

Is it just me, or did Palo Alto drop the ball on the new PA-3400 Series, while almost all specs gained an improvement over the old 3200 series. There is the value of Security-Zones that has me deeply confused/puzzled.

For the

...

Downgared or migration PA7000 series to PA5000 Series

Hi everyone, is there any document or guide for migrating from PA7080 to PA5000 series ? is there a downgrade/migration too?

Resolved! Suspicious Code in GIF File Detection - Logic of Detection

Good Day Team!

I hope You are all doing well!

We have a detection re: a remote ip attempting to connect to a certain server which hit the rule Suspicious Code in GIF File Detection.

We have blocked the ip, however, the detection has:

Threat Category:

...

Resolved! Hex value for a pre-shared IKE key?

Hi,

Is it possible to set a IKEv2 pre-shared key to a hex value in a PAN-OS 9.1 or later NG firewall? Don't see an option with the GUI or CLI.

thanks,

Brian

PAN-143485

It says that it was fixed in the 10.0. version, but 10.0. What version did it solve?

I searched the realease note but couldn't find it.

refer https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm68CAC

PAN-1434858.1.0-8.1.18...

Windows User-ID Agent Disconnect After Failover

Hi All,

I have a customer who had an issue with the WMI using agentless User-ID due to Microsoft security update.

We decided to move to Windows User-ID Agent installed on a domain member Windows Server 2016.

PAN OS 10.2.2 and installed agent version

...

Palo Alto and Forescout

Hi,

I have both Paloalto firewall and Forescout in our organization. This is my current setup.

1.) Forescout handling the grouping for our wireless devices (BYOD).

2.) Paloalto policy is incorporated through user mapping (Active Directory)

4.) I al

...

Resolved! what is the Latest app and threat version after 8671-7826?

I would like to know what is the latest app and threat version after 8671-7826.

When I do dynamic updates , It doesn't show any new version after 8671-7826.

It seems Palo alto didn't release any new version last week.

Could you help me make s

...

Resolved! URL Filtering Error

Hi All,

We are getting an error as "Hmmm... can't reach this page" site's server ip could not found.

And other page is also getting the same error.

Is this a known error? I can see the logs with the IP resolved so i dont think this should be DNS issu

...

bundle gre tunnels and distribute internet traffic across them

Has anyone had a location with more than 1Gbps internet link and also have Zscaler? The limitation to Zscaler is 1Gbps gre tunnel. We have a 10Gbps link and this doesn't work. We have to create 5 nats across 2 routers behind a firewall to build 10 GR

...

Integration of Palo Alto Firewall with Cortex XDR

Hello All,

I need to integrate Palo Alto Firewall with Cortex XDR to get better insights of threats on Cortex console. Please help me with the documentation and what are the license requirement.

Cortex XDR

Thank you.

Regards,

Ninad Ghadigaokar

Resolved! Palo Alto in Virtual wire vs TAP mode.

Hello,
Just wanted to confirm my understanding on the different modes of deployment in PA.
Virtual Wire is an INLINE mode ( similar like IPS) and TAP mode is a passive monitoring mode.
So does that mean if I find an unlocked rack somewhere and I were

...