Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Obtaining License Actication Codes for New PA 1410's

Hi There,

We have 2 * new PA 1410 (NFR) units and whilst we have successfully registered the devices, we cannot work out how to obtain the licenses for which we purchased the units, i.e. "Core Bundle" licenses.

If someone can please advise, on ho

...

PA - 3220 Secondary box Tech support file.

Hi expert,

we are trying to Generate the Tech support file using Cli.

The TSF file generated but file is not same as we are extracting from GUI.

The File size is only two Mb.

GUI response is very slow we are not able to generate the tech file.

...

Resolved! Network Security

We have a one customer who is using URL Filtering .

The customer is unable to access chat GPT Website . We have tried to change the URL profiles but still unable to access.

We have checked the URL Filtering action should allowed but still unable to

...

Resolved! Cisco ASA allowed Arp alias , can Paloalto do arp alias?

HI ,

I need my Palo Alto to respond to ARP requests as if it were the owner of both the specified IP address and hardware address.

My ASA was able to do it, can't figure out how to do it with Palo Alto.

Thanks

Marianne

rulebase -> security -> rules -> permit_common 'permit_common' is already in use

After importing configuration and after clicking on commit I get this, who know how can I solve it
rulebase -> security -> rules -> permit_common 'permit_common' is already in use

Thanks

PPPOE authentication with Plusnet FTTP not working

Hi I wonder if someone can help with this issue, it's a weird one I have a PA-220 firewall connected directly to the ONT provided by BT and I am trying to get FTTP broadband working using PPPOE, the interface on the PA-220 that is connected to the ON

...

Resolved! Create security policy & move to top at a time

When I create a security policy it goes bottom of the list. Is there any way that I can create the security policy it will go top of the list?
I am using the below command.
set device-group devicegroup-name pre-rulebase security rules rule1 from trust

...

Having issues with ipsectunnel after upgrading FWs(5260s) to 10.1.3

Hello Palo Community!

I have a a couple of ipsec tunnels connecting to a cloud vendor providing ERP services to our users. Since we upgraded our FWs to 10.1.3 a couple of weeks ago from 9.1.10, we are having issues with connection slowness, timeout

...

Resolved! how to export security policy in json format

Is their any why to export Panorama managed security Policies in JSON file

Resolved! Log Collection log forwarding agent is active but not connected

Can someone please assist with troubleshooting articles?

admin@KXX-FW-01(active)> show logging-status

-----------------------------------------------------------------------------------------------------------------------------
Type Last Log Creat

...

intrazone default

Hello,

I am observing that tcp connection between two hosts remaining in the same zone are not able to establish TCP connections [htts], while ICMP is successful. Tracing the traffic it shows up as application incomplete, rule intrazone default is hi

...

provide temporary internet access for some systems at specific period(1day)

our requirement is that temporary internet access systems want to remove automatically after specific period. any options available in Palo Alto?

Multiple L2 interface with same vlan tags

Hello All

We are migrating our fortigate firewall to palo alto. Fortigate is configured in transparent mode

Currently we have 2 networks and both network have same vlan ID and subnet range.

We plan to configure L2 interface on Palo alto then add

...

Resolved! Pn commit and push affect the local candidate configuration of the wall

The customer has a vm-300 that is configured through panorama management and configure.

An accident occurred where the administrator configured a nat police configuration on the vm-300 August 22,

, but there was no commit and no task modifications we

...

Network monitor shows huge traffic spike, but can't find traffic details

Hey folks.

I had a situation today whereby one of my PA's was responding really slowly across IPSec tunnels and for Global protect clients - so once I could get onto it I started digging into the network monitor to see if I could find out if there

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! Obtaining License Actication Codes for New PA 1410's

PA - 3220 Secondary box Tech support file.

Resolved! Network Security

Resolved! Cisco ASA allowed Arp alias , can Paloalto do arp alias?

rulebase -> security -> rules -> permit_common 'permit_common' is already in use

PPPOE authentication with Plusnet FTTP not working

Resolved! Create security policy & move to top at a time

Having issues with ipsectunnel after upgrading FWs(5260s) to 10.1.3

Resolved! how to export security policy in json format

Resolved! Log Collection log forwarding agent is active but not connected

intrazone default

provide temporary internet access for some systems at specific period(1day)

Multiple L2 interface with same vlan tags

Resolved! Pn commit and push affect the local candidate configuration of the wall

Network monitor shows huge traffic spike, but can't find traffic details

User-ID & LDAPS service account AD permissions

New User-Account (__telemetryuser) with PanOS 11.2.10

Palo Alto wildcards for whitelist

High availability system alarms

diable cortex xdr agent

Duplicate DNS packets

Re: PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

LACP Features on Palo Alto Firewall

Re: Which model is the rack mount kit for the PA-510?

Unlock your full community experience!

Rules and Best Practices

Resolved! Obtaining License Actication Codes for New PA 1410's

Resolved! Network Security

Resolved! Cisco ASA allowed Arp alias , can Paloalto do arp alias?

Resolved! Create security policy & move to top at a time

Resolved! how to export security policy in json format

Resolved! Log Collection log forwarding agent is active but not connected

Resolved! Pn commit and push affect the local candidate configuration of the wall