This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4563 Views
  • 0 replies
  • 1 Likes

Resolved! Security Policy

Hello, I have created a security policy with the below details. I am the hitting following URL https://10.x.x.x:15671 and I see the 'connection is reset' in the browser. I see traffic is hitting the policy (Hit count) but it's not logging. When I set the action to Deny/Drop/reset-client\reset-server the traffic is logging when hits the rule. W...

srikarpuligandla_0-1701627610318.png
srikarpuligandla_1-1701627668060.png

URL Filtering to block Facebook

Hi all, I been testing to do URL filtering with whitelist approach (allow some URL and block everything) and also create SSL decrypt policy. As I was checking, it seems like not working to block facebook. I check in the test a site, Facebook fall under social-networking. When I check the log, there is no log under URL filtering that is hittin...

Momoj by L2 Linker
  • 10023 Views
  • 3 replies
  • 0 Likes

Urgent action required: PAN-OS certificate expiration advisory

I recommend reviewing the customer advisory linked above in detail in order to understand the next steps and applicability. Essentially, the root and default certificate on PAN-OS will expire on December 31, 2023 - if not renewed before that date, this will result in firewalls and/or Panorama losing connectivity to our cloud services as well as ...

HA Implementation using existing device with autofocus license

Scenario:Client wants to implement HA setup. Currently have 1 exisiting device. Problem:Autofocus license is still active in the exisitng device. No more sku for autofocus license as it is already eos since September 2022. Question:Will the HA work if the existing device have the autofocus license and the new ha pair device have the aiops li...

Arjohn by L0 Member
  • 1553 Views
  • 1 replies
  • 0 Likes

DLP on PAN-OS Firewalls

Question about the DLP on the NGFW's. I have a customer that's interested in enabling the feature but it looks like this is a cloud based DLP (reports back to Palo Alto's cloud and you manage the DLP features from the cloud), is that correct? Locally there's some Data Filtering options that can be used but the DLP option is the Enterprise Data L...

Team call issue after Failover

We have a dual ISP setup. Both ISP's terminate on single firewall. We are doing ebgp with both ISP's and having default route accepted from both. We advertise our public IP to both Peers and use 1 ip from that subnet as egress IP for all internet traffic. ECMP enabled and method IP modulo. When there is a failover we dont see any traffic drop to...

Nischal by L2 Linker
  • 1417 Views
  • 1 replies
  • 0 Likes

MS-Update identified as a threat, there are no corresponding entries in the threat logs, URL filtering log or data filtering logs

Hi team, Although MS-Update was flagged as a threat, there are no corresponding entries in the threat logs, URL filtering logs, or data filtering logs explaining the basis for its classification as a threat The first three logs indicate that the traffic is passing without the security profiles Why MS-update is identified as a threat?? with...

AkashThangavel_0-1701248564919.png
AkashThangavel_0-1701250741984.png

Resolved! Configuring GlobalProtect and DMZ Web Server

Hello, Thank you for entering this post, the reason for it is that I am trying to configure the GlobalProtect VPN and a web server in a completely separate Zone. The programmer will have access to the server through this VPN and we will subsequently expose it to port 443 of my public IP. But I have the problem that GlobalProtect uses port 443. ...

ccortijo by L2 Linker
  • 27708 Views
  • 8 replies
  • 0 Likes
  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks