This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4599 Views
  • 0 replies
  • 1 Likes

IP blocked then allowed

Hi, I'm reviewing a logs regarding a low reputation IP which in the first log it's action is dropped, and 5 minutes later 3 logs with action allowed. Why does it dropped then allowed it?Logs category: spyware action: dropped Threat Name: CobaltStrike.Gen Command and Control TrafficThreat ID: 18005

PA-410 bug - disable-predefined-reports

PA-410 running PAN-OS 11.1.0. This firewall had been upgrade from 10.2.latest to 11.1.0. After making an unrelated change to mitigate CVE-2023-48795, validate fails with: Could not get schema node for xpath /config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/management/disable-predefined-reports Commits fail with: devicec...

jasonroy by L3 Networker
  • 3998 Views
  • 5 replies
  • 1 Likes

Strata Sales training guide

Hi team, I m new in the system as a sales solution specialist i see the Prisma SASE and Prisma cloud having the proper sales pre sales post sales guide to understand the in depth product where i came to strata there is no Sales guide i found can anyone help me to get how i can start the Strata training from sales than pre-sales after sometime ...

Cannot change action for special Threat ID

On our 5410 with PANOS 10.2.7-h3 installed I can see a lot of threats with ID 89953 (Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection), severity = high, default action = alert. I want to change the default action via Anti-Spyware-Profile > Inline Cloud Analysis, but it's not possible for this special threat. Any idea ho...

tugips by L0 Member
  • 2024 Views
  • 3 replies
  • 0 Likes

Resolved! URL Category and IP address blocks

Hi I have inherited a system with a Custom URL Category that includes URLs and IPs, this is attached to a URL filtering profile that is set to block within a Security Profile Group. Can IP addresses really be added to a Custom URL Category, or are they simply for URL inspection.? If so, does the firewall therefore only block the traffic if th...

NGJ1 by L1 Bithead
  • 6489 Views
  • 4 replies
  • 0 Likes

Sending traffic logs with Syslogs (UDP) from PA-440 -> Collector Server in Azure -> LimaCharlie organization not working

I am trying to send Syslog from my PA-440 to a LimaCharlie organization. This is the setup PA-400 --Syslog--> Virtual Machine in Azure running Ubuntu with LimaCharlie Adapter --HTTPS--> LimaCharlie.io This is what I have done in the PA-440 1. Objects -> Log Forwarding and Add a profile Name: vm-collectorserver-prod ...

Log fowarding.png
Log Fowarding profile.png
Security Policy Rule.png
Azure.png

PaloAlto Firewall Vsys

Dears i have an 2 no's of physical PAN in HA and in multiple vsys that are splited as an internet firewall and DC Firewall, can i know the disadvantages for the same. can i know the firewall resources are shared example CPU, RAM, if an CPU or RAM consumption based attack happens on the internet fw vsys it will not be having enough resources to...

adamgibs by L0 Member
  • 1644 Views
  • 2 replies
  • 0 Likes

How to create Custom Application Signature to identify WebRTC Application with Cisco Meeting Server

A Custom App-ID allows you to do two things: Create pattern-based signatures for traffic that doesn't match any of the pre-defined application signatures. Create a Custom Application for use in an Application Override Policy to override a pre-defined application signature. The Traffic Logs shown that a WebRTC connection using Cisco Meet...

rmeddane_0-1705919196406.png
rmeddane_1-1705919196415.jpeg
rmeddane_2-1705919196427.jpeg
rmeddane_3-1705919196434.jpeg
rmeddane by L2 Linker
  • 3546 Views
  • 0 replies
  • 1 Likes

PBF Rule Monitoring - Forced egress i/f?

I have a dual ISP configuration. ethernet1/1 is primary Internet. ethernet1/2 is backup wireless Internet (phone or dedicated hot spot as needed). ethernet1/2 is connected to an old Linksys router running DD-WRT and it automatically connects to my hotspot when I turn it on. Otherwise, there is no Internet access via ethernet1/2. I have a P...

Traffic Log - What's the difference between the "Type" field and the "action" field

While investigating and navigating in the Traffic Log, I noticed for some traffic the Type is Drop and the Action is Deny, While in some traffic, the Type is Deny and the Action is Reset Both. The Security Policy Rule is configured with the Deny Action without Security Profiles. How to explain this behavior in the Traffic Logs?

1.png
Traffic Log.png
2.png
rmeddane by L2 Linker
  • 8562 Views
  • 3 replies
  • 0 Likes

Internet is not reachable

Hi We have a pa-850 in our site and the issue is when i try to ping isp side ip , i am able to get ping response. But when i use command ping source <eth1/1 ip configured with isp range usable ip> host google.com i am not able to get any response. What could be the reason that pa-850 is able to get response from isp side interface...

How to Disable Auto Commit in Firewall

Is there any way to stop Auto-Commit? I am facing issues with one of my Palo Alto Firewall where Auto Commit keeps failing and starting again & again. Due to BUG, it's happening, and solution is to upgrade or downgrade to another release. Whenever I am trying to upgrade/downgrade it gives error that Auto-commit is in queue and cannot insta...

Resolved! Internet -> PA-440 -> ASUS RT-AX53U AX1800. Error = Router does not get Internet access

I have just purchased my first PaloAlto firewall. I am a sysadmin at a small office (about 20 people) and I am in the progress of setting up a new WiFi for my office. This is my equipment: Firewall: PA-440 Router: Asus RT-AX53U AX1800 This is my current setting: I have managed to connect to the PA-440 firewall by setting my network ca...

01 PA-440 Drawing.png
02 PA-440 Dashboard.png
03 PA-440 Interfaces.png
10 Asus Dashboard.png
  • 1587 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks