Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

IPSec Tunnel goes Down After Few Minutes

hi All,

I am facing a strange issue with IPSec tunnels built on Palo Alto firewalls.

Scenario:

1. On both ends we have Palo Alto firewalls(various models PA-220, PA440, PA-3220, PA-VM(AWS))

2. Public IP addresses of both ends are always reachable

...

PAN-OS 11.0.1 Review Polices Link

Hi All

We are running pan-os 11 as a POC and have noticed that the "Review Policies" Link in applications and threats section does not appear to work, the review apps does and all new apps are correctly displayed but the Review Policies link from h

...

Resolved! Selecting Appropriate Security Profile

I am planning to make a group profile of security profiles which include, Vulnerability protection , antivirus , anti spyware and wildfire analysis profile. I am planning to provide same group for every policy in firewall. I have few questions on thi

...

Multiple CDL instances in the same region

Hi Guys,

Can one CSP account have multiple CDL instances in the same region for Firewall Log Service. Use case is the user want to separate logs of different firewalls to different CDL instances. And eventually, also to have multiple AIOPS instance

...

PAN-OS HA Clustering and Integrated management and logging

Hi, I have questions about PAN-OS HA clustering and management

First, I read the document "HA Clustering Overview - PAN OS Admin Guide". and I was able to confirm about HA Clustering.

However, there is a part in the HA Clustering part of the PAN

...

Resolved! commit failed custom url category exceed shared capacity

Hi, I have an issue about commit failed

When upgrading the OS from 9.1.12 to 10.0.0, auto commit is not possible due to the following error.

: error:Number of custom-url-category/external-url-list(51) exceeds shared capacity(50)

: After restoring t

...

Where to download update for PA-2050 for learning purposes.

this is EOL, so they don't show the images any more. You can't download it via the website Where do I go find the latest supported image for PA-2050.

Resolved! Client ikemgr phase 1 failure

Dear All,

Below is summary of issue and resolution.

1. We added a new firewall to HA set-up.

2. HA was established properly.

3. While doing config sync from active to passive it was falling with error Client ikemgr phase 1 failure

Resolution:

U

...

Any upcoming PCNSE Exam Vouchers?

Hello Palo Alto Community!

I hope this post finds you all in good health and high spirits. I'm reaching out to inquire about the availability of any upcoming PCNSE (Palo Alto Networks Certified Network Security Engineer) exam vouchers. I'm

...

SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY)

Hi

In a recent few days we are seeing the below mentioned email alert coming to the customer mail box every day

SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY)

I am attaching the screenshot for reference.

Regards,

Satya Kalyan

content updates for paloalto from my internal server

Hello Team,

How to get content updates to my paloalto firewall instead of using updates.paloaltonetworks.com , I want to setup my private server and download the all content updates in to server and i want to updates from private server to firewall,

...

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Hello Team,

i want to understand How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing
i know its going take application information from SNI through TLS (this is for websites -having SSL) but i want to understan

...

Palo alto redundancy

Other that putting a palo alto in an HA pair are there any other ways to add redundancy?

FW Recommendation version

Kindly note that we found the below vulnerabilities in our boxes .

Model PA-5020

Software Version 8.1.20

what is the recommended version and upgrade path .

EOL/Obsolete Operating System: Palo Alto Netw

...

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Hi All,

I have security profiles on my main egress firewall rules, and the URL filtering is blocking anything malware, high-risk etc. I have some custom reports setup that report on any blocks that take place as a result of this profile.

I am readi

...

Next-Generation Firewall Discussions

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

IPSec Tunnel goes Down After Few Minutes

PAN-OS 11.0.1 Review Polices Link

Resolved! Selecting Appropriate Security Profile

Multiple CDL instances in the same region

PAN-OS HA Clustering and Integrated management and logging

Resolved! commit failed custom url category exceed shared capacity

Where to download update for PA-2050 for learning purposes.

Resolved! Client ikemgr phase 1 failure

Any upcoming PCNSE Exam Vouchers?

SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY)

content updates for paloalto from my internal server

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Palo alto redundancy

FW Recommendation version

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Normal mode failure. Software-integrity self-tests failed - files changed

Package manager upgrade failures to certain sites

openSSH version 9.8 or later in PAN-OS

Panos 11.1.4-h1

Data Filtering with Google Drive

Re: openSSH version 9.8 or later in PAN-OS

Re: openSSH version 9.8 or later in PAN-OS

Re: Queries on Packet Captures.

Re: Interface Errors after upgrade - VM Series

Re: Restart button is grayed out under both IKE Info and Tunnel Info on IPSec tunnels

Unlock your full community experience!

Next-Generation Firewall Discussions

Rules and Best Practices

Resolved! Selecting Appropriate Security Profile

Resolved! commit failed custom url category exceed shared capacity

Resolved! Client ikemgr phase 1 failure

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile