Next-Generation Firewall Discussions

TCP-RST-from-CLIENT

Hi Friends,

We have a requirement we have cloud server Oracle cloud

When ever user from LAN tries to access the resources over the cloud user is able to login but unable to access any resources.

While checking in logs it is showing tcp-rst-from-cli

HSCI port - 5410

Hello All, 

I'm trying to spec the SFP's for PA-5410's & per the below documentation.

https://docs.paloaltonetworks.com/hardware/pa-5400-hardware-reference/pa-5400-series-firewall-overvi...

The HSCI port is a 40G port & Palo Alto Networks recom

snmp configuration question

as we all know , snmp can be configure at Setup -> Operiations ->SNMP Setup

the snmp community string default is "public" 

I would like to ask

1. this is the read-only string or the read-write string ?

2. do we set the read-only string for the device

Multiple vsys share one pair of WAN circuits?

I have 4 vsys that are currently using individual ports to connect to the WAN circuits. I need to free up ports for additional vsys, and would like a shared circuit port for the multiple vsys to use. I've tried a layer 3 interface with sub interfaces

IPSec VPN Negotiation Issues

Dear Members,

Greeting to All!

Curranty, I'm using site to site multiple VPN configuration with Palo alto Firewall to different vendor site. All of the tunnel is working fine VPN ok.

My main problem is inside of my firewall public internet down the

Url access error

Hello Team, I am getting this error in the EDL, also confirm URL and certificate are correct.
Gone thorough this kb : https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-release-information/known-issues/known-issues-related-t

Query: SAML Integration Failed

Is there have a way or integration to use a thrid party MFA solution to login to the palo alto firewall as administrator?

Do SAML profile can be added to authentication sequence?

Furthermore, if the saml profile cannot be added to the authenticat

Troubleshooting traffic being blocked based on IP - FQDN rules

Trying to find which FQDN object in my FQDN cache resolves to an IP.

show dns-proxy fqdn all | match <ip> shows me that it's in my cache, but doesn't show FQDN object name, so it doesn't really help.

I'm not sure if there's a way to dump this to a

Check whether PA-220 has already been registered

Hello All,

Is there a simple way to check whether a PAN device has been registered before?

I bought a supposedly unregistered PA-220, however I would like to know if the device has really not been registered before. Unfortunately there doesn't seem t

SAML Integration with Local Authentication

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/authentication/configure-saml-authentication

If the option 5 in step 3 on above KB is mandatory?

Therefore, must the firewall use its own certificate to sign messages where is the public cer