This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4591 Views
  • 0 replies
  • 1 Likes

Does the Post-NAT Zone for security policy is for Source zone and Destination Zone?

I read the following from the palo alto study guide: A Security policy rule requires a source IP, destination IP, source zone, and destination zone. If you use an IP address in a Security policy rule, you must add the IP address value that existed before NAT was implemented, which is called the pre-NAT IP. After the IP address is translated (p...

Post NAT Zone.png
rmeddane by L2 Linker
  • 9934 Views
  • 2 replies
  • 0 Likes

User ID - Igonere User list

Hi, I have added a few users to the "Ignore USer list" for user-id configuration. But when I checked the User-IP mappings I still see the user-id is mapping the username with IPs even though the usernames are in ignore list. Any suggestions on what to check here?

srikarpuligandla_0-1703226223762.png

Resolved! HA pair not synchronizing

Hi all, I have a PA-220 HA pair without licenses running on PANOS 9.1.13-h3. Recently I had an issue with a HA passive Firewall, so it had to be replaced. I extracted the active firewall's running-config and uploaded it into the new passive one. I was able to synchronize App&Threat version by re-installing the active's FW current version. ...

JuanFelipeAyala_1-1703613361357.png
JuanFelipeAyala_2-1703613751019.png
JuanFelipeAyala_4-1703613921986.png

IPSec VPN Tunnel Interface with IP Addresses

I read the following example of Site to Site VPN IPsec with static routing : https://docs.paloaltonetworks.com/network-security/ipsec-vpn/administration/site-to-site-vpn-quick-configs/site-to-site-vpn-with-static-routing In the figure the example shown that both Tunnel Interfaces on the peers VPN are 10.10.10.10 and 10.10.10.11 in the same s...

Topo VPN.png
Tunnel.png
rmeddane by L2 Linker
  • 4780 Views
  • 5 replies
  • 0 Likes

Incidents contain many alert types... but why?

Hello, everyone. Our product suite now includes receiving alerts from the NGFW, in addition to XDR. It seems, though, that a single incident may include several different alerts. This seems like a strange behavior, because the list of alerts come from many hosts, or threat type, or threat vector. If the Incidents are grouping unrelated alert...

SSH\SFTP Proxy

Hello, I'm currently managing an SFTP (SSH) server. I'm attempting to implement file blocking using the NGFW. I've configured a decryption profile that includes "SSH Proxy". According to the traffic logs, the "decrypt" option appears to be activated. However, I'm not observing any files in the data filtering logs, even though logs for other file...

chens by L3 Networker
  • 2526 Views
  • 1 replies
  • 0 Likes

get-ldap-data-failure - LDAP Failover doesn't work

-I had two LDAP servers configured with a firewall, the primary LDAP server had an issue with high CPU and memory due to which the firewall lost the group membership though the firewall has L3 reachability. During the log analysis found that get-ldap-data-failure from Primary LDAP. We manually failed over the LDAP to a secondary one and this r...

Resolved! PAN-OS Version Release History

Hello Community, How to get the release history (actual date) for the various versions on the PAN-OS? For e.g. I want to know the release date for PAN-OS 10.1.4-h4. Thank you, MKPlease note you are posting a public message where community members and experts can provide assistance. Sharing private information such as serial numbers or comp...

mkgsgi by L1 Bithead
  • 12543 Views
  • 6 replies
  • 0 Likes
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks