This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

DLP on PAN-OS Firewalls

Question about the DLP on the NGFW's. I have a customer that's interested in enabling the feature but it looks like this is a cloud based DLP (reports back to Palo Alto's cloud and you manage the DLP features from the cloud), is that correct? Locally there's some Data Filtering options that can be used but the DLP option is the Enterprise Data L...

Team call issue after Failover

We have a dual ISP setup. Both ISP's terminate on single firewall. We are doing ebgp with both ISP's and having default route accepted from both. We advertise our public IP to both Peers and use 1 ip from that subnet as egress IP for all internet traffic. ECMP enabled and method IP modulo. When there is a failover we dont see any traffic drop to...

Nischal by L2 Linker
  • 1441 Views
  • 1 replies
  • 0 Likes

MS-Update identified as a threat, there are no corresponding entries in the threat logs, URL filtering log or data filtering logs

Hi team, Although MS-Update was flagged as a threat, there are no corresponding entries in the threat logs, URL filtering logs, or data filtering logs explaining the basis for its classification as a threat The first three logs indicate that the traffic is passing without the security profiles Why MS-update is identified as a threat?? with...

AkashThangavel_0-1701248564919.png
AkashThangavel_0-1701250741984.png

Resolved! Configuring GlobalProtect and DMZ Web Server

Hello, Thank you for entering this post, the reason for it is that I am trying to configure the GlobalProtect VPN and a web server in a completely separate Zone. The programmer will have access to the server through this VPN and we will subsequently expose it to port 443 of my public IP. But I have the problem that GlobalProtect uses port 443. ...

ccortijo by L2 Linker
  • 28493 Views
  • 8 replies
  • 0 Likes

Resolved! The block page for custom URL Filtering categories is not displaying, whereas it is visible for predefined categories.

Hi team, The block page for custom URL Filtering categories is not displaying, whereas it is visible for predefined categories. Predefined category : Custom category: Logs: Blocking is effective, but the block page appears exclusively for predefined categories. Are there specific settings that need to be enabled for custom categories to displ...

AkashThangavel_0-1700893655278.png
AkashThangavel_1-1700893691604.png
AkashThangavel_2-1700893735438.png

Auto Commit Failed and Gray Interfaces after upgrade to 11.0.2-h2

Upgraded to 11.0.2-h2 on my 410 last night and the interfaces were all showing gray after reboot. Auto commit was failing with the following error and just kept trying and trying. client device phase 1 failureManagement server failed to send phase 1 to client logrcvrCommit failedFailed to commit policy to device Tech support said there's an ...

rhnac by L1 Bithead
  • 3281 Views
  • 2 replies
  • 2 Likes

Resolved! EDL - unable to get local issuer certificate

Hi, Having issues with EDL and certificates. Followed the best practices, and believe everything is set properly. running pa-8xx clusters running 10.1.9h3, all have the same issue opendbl.net cert chain is imported and set both root and intermediate in the cert profile. opendbl EDL created, cert profile attached and outbound policy applied....

orbcomm by L2 Linker
  • 11678 Views
  • 9 replies
  • 0 Likes

Resolved! SSL Forward Proxy Not Working

Hello all, another problem on my road to learning! I have created a self-signed CA Cert on my Palo Alto firewall. Exported to my Windows 10 box, imported into root CA store etc. I have set the cert as a Forward Trust Certificate, created a decryption policy and even added a custom SSL-Decrypt profile/policy. The action is decrypt. I can browse f...

GWynn by L3 Networker
  • 4847 Views
  • 7 replies
  • 0 Likes

URL Lookup Returns IP Address

We use a URL filtering profile to limit outbound traffic. Occasionally known good traffic will fail because an IP address, instead of the FQDN of the URL, is presented. The traffic is blocked because the URL (IP address) is in the "Unknown" URL category. What could be the cause of this random failure?

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Dear All, referred below link for Secure Web-GUI access, successfully done with my primary firewall, how can i achieve this when i have firewall in HA? How To use Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks I will be using a self-signed certificate. and will distribute and install that certificate to necessary...

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks