This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Study Guide PCNSE in contradiction with the Technical doc.

Hi !, Just want to be sure please, The study guide page 181 mention that to use data port for HA1 link and management port as HA1 backup but it's not what is written in the technical doc... HA1 on Mgt port for PA without dedicated port and a data port for HA1 backup. I guess the technical doc is correct. All the best Ramin

remy2vad by L1 Bithead
  • 2225 Views
  • 4 replies
  • 0 Likes

Resolved! Software upgrade

Hi all, Relatively new to palo and needing to do my first code upgrade. I need to upgrade from 9.1.5 to 10.1.6. This article has confused me a little: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-pan-os/determine-the-upgrade-path It says download 10.0.0 but doesn’t mention installing it lik...

jcrab64 by L0 Member
  • 3910 Views
  • 6 replies
  • 0 Likes

Dynamic User Group Auto Remediation configuration

Zero Trust architecture is the new trend of Security Philosophy based on the principe, never trust and continuously verify trust, which means even if the user is authenticated and permitted to access corporate resources with least privileges using RBAC, he is continuously tracked and monitored to detect any malicious activity, anomalous behavior...

rmeddane_0-1707731434750.png
rmeddane_1-1707731434762.png
rmeddane_2-1707731434765.jpeg
rmeddane_3-1707731434767.jpeg
rmeddane by L2 Linker
  • 1732 Views
  • 0 replies
  • 1 Likes

Agcinvokerutility.exe - Adobe Utility

Hi All, Recently our Palo Alto flagged Agcinvokerutility.exe (Virus/Win32.Wgeneric.Eedlvy(624280308)) as malicious. A quick search on the virus signature on Virus total confirmed it to be highly malicious. However, Agcinvokerutility.exe is also a known Adobe Utility which verifies if a valid version of adobe software is being used. Has any...

PA-410 GUI is very slow over IPsec vpn

We are deploying new PA-410,450,440 in remote location. From Head office firewall to Remote location there is an IPsec vpn. When users from HO try to access PA-410 firewall over GUI it took 10 - 15 minutes to load. During this GUI loading data plane interface latency increases for example if i try ping servers in HO location from LAN inside P...

Resolved! DNAT not working

This is my topology. From 30.0.0.10 i would like to access the server 192.168.0.2 with the help of PA wan interface IP(30.0.0.1)I have created DNAT and Security policy . Object Prenat IP is 30.0.0.1/8 and Webserver Ip is 192.168.0.2/24, when I try to open 30.0.0.1 from my web browser I am not able to see server's web page. I took a cap...

ArunKumar7_0-1707445707080.png
ArunKumar7_1-1707445706922.png
ArunKumar7_2-1707445707089.png

Device Certificate unable renew automatically

Hi All, Previously, the firewall PAN-PA-1420 had "Failed to renew device certificate. Invalid request. Authentication failed" until the device certificate status became Expired. This triggered an alert because the firewall couldn't establish a connection with the cloud service. However, the issue was resolved by manually renewing the device ...

XXF and building Security Policy

Hi all, I would like to know how I would go about creating security policies based of the XFF headers please, any help would be appreciated. I have read the documentation and I have to enable the XFF header Select ->Device ->Setup ->Content-ID and edit the X-Forwarded-For Headers settings. I need some help after that, so fr...

sxk654 by L0 Member
  • 3882 Views
  • 3 replies
  • 0 Likes

SSL and TLS vulnerabilities

Hi Team,We have to 2 Paloalto VM firewall running active-passive mode in AWS.As a part of internal Pentest we go the below findings for the Active and passive firewall nodes. The result refers to SSL and TLS vulnerabilities.Could you please suggest on how to mitigate this.

Senibo by L1 Bithead
  • 2380 Views
  • 3 replies
  • 0 Likes

Resolved! Custom URL category with directories

Hi guys, I am trying to create a custom url category to allow only these (s3.amazonaws.com/icount-pdfs😞 example: https://s3.amazonaws.com/icount-pdfs/57764_25566fbb6fd6bbab6b0f35eba91bb55e.pdf?17016197031 i have tried: s3.amazonaws.com/icount-pdfs/* s3.amazonaws.com/icount-pdfs s3.amazonaws.com/icount-pdfs/ None of these works. ideas?

chens by L3 Networker
  • 4156 Views
  • 3 replies
  • 0 Likes

PA-450 shutdown not working and device get rebooted after sometime .

Hello I have issued the "request shutdown system" to our PA-450, but we didn't unplug the power immediately. After 10 minutes, the system get rebooted. Base on the KB(How to Perform a Graceful Shutdown ), the system should be in halted state, in order to boot the system again, we must unplug the power and plug the power back. Is this a...

AndyLiao by L0 Member
  • 1713 Views
  • 1 replies
  • 0 Likes

Resolved! Including CVE in Threat Logs

For as long as the Palo Threat feature has been around, I can't believe this feature doesn't already exist. Would it be possible for Palo to include the associated CVE as a field next to the ThreatID? These mapps occur outside of the Firewall as part of the ThreatDB or Content Update emails, but not locally on the Firewall itself. It would ...

Azure SAML authentication: validate identity provider certificate. (best pratices)

Hi, We have configured SAML on our portal and gateway. By default Microsoft generates a self signed certificate that is valid for 3 years for every Enterprise application you create. Is this secure enough to use the default self signed one and not validate it on my gateway/portal leave the check unmarked. According to this article it should be ...

zGomez by L3 Networker
  • 6016 Views
  • 3 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks