This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4507 Views
  • 0 replies
  • 1 Likes

Facing an issue in a SD-WAN auto zone mapping to the Branch Firewall

Hi team, I require assistance with Pan-OS SD-WAN. Upon adding a device to the SD-WAN devices, I proceeded to create an auto BGP policy for a branch location. However, when checking the policy for the branch device group, I observed that it added 'zone-to-Branch' to both the source and destination zones. I was expecting it to be 'zone-to-hub.' ...

AkashThangavel_3-1709545775327.png
AkashThangavel_1-1709545730398.png
AkashThangavel_4-1709545791508.png

Resolved! Spyware threat alerts

I would like to validate if the below monitored traffic on our internal firewall is service-affecting. How can we address this dropped traffic? How can we cleanup these alerts? The same alert is shown on another FW 3430. Is it a normal behavior of firewall management IP to send DNS query?

Possible leap year syslog bug

An initial ask to see if anyone else has seen the same - last night at 23:59:58.000 we received our last syslog message from a stack of PAN-OS firewalls under management, on versions 10.1 and 10.2. Doesn't seem to be an issue with our logging server as we are taking in logs fine from Windows systems. We mainly run syslog over TCP and can see the...

Warnings in certificate.

Hello team:From your support; by browser I get the following warnings "NET::ERR_CERT_COMMON_NAME_INVALID" subsequently ERR_SSL_KEY_USAGE_INCOMPATIBLE, this validating in chrome and microsoft edge. Consequently I do not login to the portal, but it is working, GP agents connect without problem.The SSL/TLS profile, Min version "tlsv.1".o and max ve...

Resolved! How to check not detected open or allowed ports in service rule policy

NGFW Hi, Any idea if there is a tool to trace in PA5220 to check the un-detected open or allowed ports in rule policy. For example from a source IP 192.168.x.x.x. to a destination public IP (web server) . In the service I only specify port 443 but upon checking there are a lot of open ports that were allowed. This poses a security vulnerability...

giozapa by L0 Member
  • 3729 Views
  • 2 replies
  • 0 Likes

Monitoring "Panorama Connected" over SNMP is always connected

Hi there We would like to monitor the status of "Panorama Connected" of a PA-440. I found the the correct SNMP Get OID for this case. But when we enter a wrong Panorama IP, the OID String is still "connected": 27.02.2024 10:32:36 (7 ms) : Device: fwp*.om*.local27.02.2024 10:32:36 (10 ms) : SNMP v327.02.2024 10:32:36 (12 ms) : Custom OID 1.3....

omisim by L0 Member
  • 926 Views
  • 0 replies
  • 0 Likes

Resolved! Configuring DHCP Server for Hostname-Based IP Assignment with Three IP Range

My goal is to set up a DHCP server capable of allocating IP addresses according to the hostnames of client machines. Here are the specific requirements: We require the DHCP server to oversee three separate IP ranges. For hostname-based IP assignment: Client machines with hostnames starting with "win*" should be assigned IP addresses from Range ...

hamza_d by L1 Bithead
  • 5579 Views
  • 4 replies
  • 0 Likes

HA traffic failover not wotking.

This is my HA configuration, PC 1 is 10.0.0.10 and PC2 is 30.0.0.15, I have configured HA active-passive.HA is formed between Both Palo Alto but Failover is not working.When I do failover the Passive becomes active however it is not responding for the ping from PC1 or From Pc2, I am doing continous ping from Pc1 to pc2. What I noticed is Palo is...

ArunKumar7_0-1708965333841.png

SSL & GTP inspection capability

Hi,I'm currently working with a Palo Alto 7080 firewall equipped with a 100G Network Processing Card (NPC), and I'm looking for some insights into its throughput capabilities, particularly when conducting SSL decryption and GTP inspection.Specifically, I'm interested in understanding:The maximum throughput the 100G NPC card can handle while perf...

ssovee by L2 Linker
  • 1077 Views
  • 0 replies
  • 0 Likes

Resolved! OpenSSH verification and upgrade

Aside from checking in the OSS listing, how can i verify the current OpenSSH version installed on the Palo Alto device. Also how can we upgrade it to a recommended version? Current firmware version: 10.2.6 Based on OSS listing, OpenSSH version is: 8.0p1

Resolved! URL filtering not working

My issue is that the url filtering isn't working. I for example, I can browse to urlfiltering.paloaltonetworks.com/test-adult and it isn't blocked. This is on a PA-220. It is currently running 10.1.3-h3. Earlier today, I noticed that the URL filtering license was expired, but I just did "retrieve license keys from license server" and now it sh...

nwnetadmin_0-1708648821131.png
  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks