This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

Interface migration to fiber over SFP 10G

Hello team, I have a Palo Alto 3220 cluster that is connected to a CORE switch over ethernet and I need to migrate that connection to fiber over SFP 10G converter. I am trying to define a procedure to migrate with no downtime and I had thought to start with the standby node, suspending this node for HA, dehabilitating the link monitoring inter...

ALDIAZEG by L0 Member
  • 1484 Views
  • 1 replies
  • 0 Likes

Packets dropped: forwarded to different zone

We have a PaloAlto firewall that we have configured differrent zones, everything is working fine, except for a specific traffic between IP 10.40.129.49 and 172.26.2.58. The 10.40.129.49 is located on a subnet directly in a zone defined on the firewall, 172.26.2.58 is a remote host over a WAN link going via another zone on the firewall. Traffic...

vnkhwazi by L1 Bithead
  • 3657 Views
  • 5 replies
  • 0 Likes

Malicious IP address log sudden increasein traffic

Our Malicious IP Traffic Alert typically registers a few dozen hits a day. However over the last weekend this has suddenly increased to a couple of thousand a day. I cannot see anything different apart from the quantity. The IP addresses are the same or from the same subnet. Should I just leave it or what actions would you suggest.

peeryog by L1 Bithead
  • 3793 Views
  • 2 replies
  • 0 Likes

IP blocked then allowed

Hi, I'm reviewing a logs regarding a low reputation IP which in the first log it's action is dropped, and 5 minutes later 3 logs with action allowed. Why does it dropped then allowed it?Logs category: spyware action: dropped Threat Name: CobaltStrike.Gen Command and Control TrafficThreat ID: 18005

XFF

hi. It's not really a big deal, but when using URL-Filter Logging, would it be possible to log X-Forwarded-for X-Forwarded-for if the HTTP Request Method is CONNECT? Is there any documentation or support for this? Thank you. Please kindly reply;

Yunbin by L3 Networker
  • 702 Views
  • 0 replies
  • 0 Likes

PA-410 bug - disable-predefined-reports

PA-410 running PAN-OS 11.1.0. This firewall had been upgrade from 10.2.latest to 11.1.0. After making an unrelated change to mitigate CVE-2023-48795, validate fails with: Could not get schema node for xpath /config/devices/entry[@name='localhost.localdomain']/deviceconfig/setting/management/disable-predefined-reports Commits fail with: devicec...

jasonroy by L3 Networker
  • 3817 Views
  • 5 replies
  • 1 Likes

Strata Sales training guide

Hi team, I m new in the system as a sales solution specialist i see the Prisma SASE and Prisma cloud having the proper sales pre sales post sales guide to understand the in depth product where i came to strata there is no Sales guide i found can anyone help me to get how i can start the Strata training from sales than pre-sales after sometime ...

Cannot change action for special Threat ID

On our 5410 with PANOS 10.2.7-h3 installed I can see a lot of threats with ID 89953 (Inline Cloud Analyzed Unknown-TCP Command and Control Traffic Detection), severity = high, default action = alert. I want to change the default action via Anti-Spyware-Profile > Inline Cloud Analysis, but it's not possible for this special threat. Any idea ho...

tugips by L0 Member
  • 1856 Views
  • 3 replies
  • 0 Likes

Resolved! URL Category and IP address blocks

Hi I have inherited a system with a Custom URL Category that includes URLs and IPs, this is attached to a URL filtering profile that is set to block within a Security Profile Group. Can IP addresses really be added to a Custom URL Category, or are they simply for URL inspection.? If so, does the firewall therefore only block the traffic if th...

NGJ1 by L1 Bithead
  • 6182 Views
  • 4 replies
  • 0 Likes

Sending traffic logs with Syslogs (UDP) from PA-440 -> Collector Server in Azure -> LimaCharlie organization not working

I am trying to send Syslog from my PA-440 to a LimaCharlie organization. This is the setup PA-400 --Syslog--> Virtual Machine in Azure running Ubuntu with LimaCharlie Adapter --HTTPS--> LimaCharlie.io This is what I have done in the PA-440 1. Objects -> Log Forwarding and Add a profile Name: vm-collectorserver-prod ...

Log fowarding.png
Log Fowarding profile.png
Security Policy Rule.png
Azure.png

Intra Traffic between hosts of isloated vlan

Hello, We have two host part of same zone [vlan] but set up as isolated VLAN on switch. The uplink of switch is connected to FW Zone. And I am wondering whether a pre or post is necessary to allow intra traffic between these two hosts living in a isolated VLAN on switch. Please advise. Thanks.

Martin2K by L1 Bithead
  • 1206 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks