This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4517 Views
  • 0 replies
  • 1 Likes

30 day trial license activation

Hello, i started my trial license yesterday and wondering if i can register it? When i go under software update, it says "The device is not found or not registered, please try after some time". When i try to create a support account it wants from me a serial number. I insert the number from dashboard and error appear "Invalid Azure Serial Num...

ivans89 by L0 Member
  • 1242 Views
  • 1 replies
  • 0 Likes

Resolved! DNS not resolving for a website

Hi All, I have been experiencing DNS resolution issue for one particular website on all the systems under our Palo Alto firewall network. However, it is working well on the systems under our Sophos network. At first, I checked the website category and found it falls under malware and gave an exception to it to be accessed on our network in th...

Jerome.j by L1 Bithead
  • 18377 Views
  • 9 replies
  • 0 Likes

URL filtering database updates problem

I have a feeling that the URL filtering database updating doesn't work correctly. After a reboot of the firewall it update a few days and then stops. In the URL filtering logs I also see a lot of "not-resolved" even for url's like play.google.com. I've had this with at least PAN-OS 10.2.4-h2 and now also with 11.0.2-h2. When I run the command "s...

adminglu by L1 Bithead
  • 8154 Views
  • 4 replies
  • 0 Likes

Wildcard certificate-GPVPN certificates

Just imported new wildcard cert for firewall management GUI as the existing one is expiring soon. Certificate first imported to Panorama then pushed to Primary & Secondary firewalls (Active-Standby). Certificate is showing valid for Panorama but not for primary and secondary firewalls. Do we need to restart any services for the new certifica...

High Disk Space Usage on /opt/pancfg partition

Hi Mates, I am getting alerts on /opt/pancfg utilizing 90%. How ever I deleted the old, downloaded software and dynamic updates (around 1.5Gb file) but still space utilization is same as 90% using below KB. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PLSJCA4 Filesystem Size Used Avail Use% Mounted on/dev/md2 3.8G...

GP-Agent, Allow with Ticket to disconnect the GP-Agent

Hi everyone, I have a use case to disconnect the GP agent through the ticket. By following up on the admin guide I configured it. But it's not working. I have attached screenshots of the error message. Configuration part: In Portal, Agent >App settings >allow users to disconnect GlobalProtect App(Always-on-mode)----Allow with Ticket. Th...

AkashThangavel_0-1676191600728.png
error3.png
error2.png
error1.png

Palo Alto - Security rules best practice for web filtering delegation

Hi, We deploy multiple PA-220 and configure them through a unified Panorama. The need is to provide local administrators with the ability to manage a part of the web filtering to do things like add/remove a website from the allow/blocklist URL category that has been defined locally. The biggest challenge to us, is in the way Palo Alto han...

What is the Certificate Chain of Trust?

The Chain of Trust refers to your SSL certificate and how it is linked back to a trusted Certificate Authority. In order for an SSL certificate to be trusted it has to be traceable back to the trust root it was signed off of, meaning all certificates in the chain – server, intermediate, and root, need to be properly trusted. There are 3 parts ...

ca-1.png
rmeddane by L2 Linker
  • 2948 Views
  • 0 replies
  • 0 Likes

Aggregate interace behaviour

Hi All, Facing an issue where doing an failover with aggregate interface not working. Example if I unshut any one link from aggregation link of passive firewall and shut both interfaces of aggregation link of primary firewall, still firewall don't switch it state from passive to active or vice versa. Is it firewall consider aggregate inter...

Migration from PA-3060 to PA-3260

I'm seeking advice regarding a migration from a PA-3060 HA pair with PAN-OS v9.1.X to PA-3260 HA pair v10.2.X. I understand that to have minimal issues for the migration, it is recommended to have the same OS version. From the Compatibility Matrix shown here, I can see that I am able to downgrade PA-3260 to version 9.1.X for the migration. ht...

Packets retransmission captured in packet capture on firewall but still seems dropping

Recently trying to debug a possible packet dropping issue at firewall (screenshot attached for reference). The issue is appearing when I try to make request to my server from my iOS device, some API calls works Ok but often few of those fails with 503 error code and this happens randomly against different APIs. When I looked at the firewall the ...

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks