This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

Cisco ASA to Palo Alto migration issue

Hi i'm working on a new projet where will change the current Cisco ASA firewall by an Palo alto network 440 so we are using Expeditio tool to move the configuration on the existing configuration, our customer use policy based routing to route trafic over both connexion (VPN & Internet) this parameter will be present on palo alto after...

Abdelhak by L1 Bithead
  • 2270 Views
  • 4 replies
  • 0 Likes

Resolved! QoS configuration based on destination (sub)interface on 3400 series

I am migrating a configuration from PA-3200 series device on PAN-OS 10.1 to PA-3410 where minimum version is 10.2. On migration I noticed error messages about destination interface in QoS configuration: network -> qos -> interface -> ae3 -> regular-traffic -> groups -> regular-traffic-group -> members -> aaaa -> matc...

santonic by L6 Presenter
  • 2540 Views
  • 2 replies
  • 0 Likes

firewall capture feature packet size Exceed interface default mtu

Customer firewall 3220, version: 10.2.4 Firewall interface mut defaults to :1500. Jumpo function not enabled。 Question 1: When a firewall receives a TCP packet with a load of 1800 bytes (the df bit of the packet is not set), I understand that the firewall will fragment the packet into 1500+300 and then forward it. At the same time, when capturin...

Felixcao by L3 Networker
  • 1061 Views
  • 0 replies
  • 0 Likes

How Palo Alto NGFW Prevent Unknow CVEs?

Dear Team, I hope all of you are doing well. I have one question. How can PA prevent an unknown CVE on NGFW? Why I brought up this question is because I saw that from one vendor to another, they have different CVE numbers and IDs. I was wondering if you could advise me. Thanks!

Advanced Wildfire Allowing High Severity Verdicts but blocking Informational

Hi I have Advanced Wildfire in our Lab env and have noticed something very odd, when the firewall is submitting any files to Wildfire if they are returning "informational" they are blocked, if they are returning Malicious and "High" the action is allow, this has also been confirmed by the fact that the samples of Malware are being blocked by t...

i can‘t commit after upgrading to 11.0.2 version

hi, i can't commit after upgrading 11.0.2 version from 10.2.X, For testing purposes, I changed any of the small options and did not make any other changes, but I cannot commit them。 tip: Details Partial changes to commit: changes to configuration by administrators: admin Changes to policy and objocts confguration DHcP Client Interface has no...

david.ge by L1 Bithead
  • 1823 Views
  • 1 replies
  • 0 Likes

Can Palo notice and react to a flapping Internet link?

Hi All, We have simple setup, when firewall is connected over physical interface to a L2 switch, while L2 switch is connected to 2 CPEs of different ISPs. Obviously, next hop for our firewall going out is an interface of the CPE. We are tracking default routes for both ISP using route monitoring feature. Unfortunately, that does not seem to...

File Blocking block/continue issue

Hi everyone, I'm trying to setup fileblocking on PanOS 11.0.2-h1 and I'm facing strange behaviors. With some sites I get block or continue page, and DataFiltering logs. With others, I get an empty file download for both continue or block actions and a traffic log with threat as end of session reason : I prefer to get a block or continue page ...

masdidier_0-1706806542509.png

Policy commit failures due to profiles exceeding platform capacity using version 10.1.8-h2

We have not updated the number of profiles and have been successfully committing policy for probably a year with this same number of policies, but all of a sudden we are not able to commit policy pushes either from gui or cli. We have gone through and deleted alot of shared profiles and are still getting the following error: Error: Total num...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks