This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4564 Views
  • 0 replies
  • 1 Likes

PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

After installing PAN-OS 10.2.17 to a PA-440 HA A/P pair ( to address - CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface . ) 'duplicate IP' system logs reported where the stated MAC address appears to be the fw mgt interface. This is reported as a duplicate of the 'facing' data interface. Example: Received c...

Azure to OnPrem Connectivity issue

We have migrated our on-premises firewall from FortiGate to Palo Alto and are experiencing an issue with VPN traffic routing that previously worked as expected. We have an Azure Point-to-Site (P2S) VPN and an Azure-to-Corporate Site-to-Site (S2S) VPN. A P2S client with IP address 10.40.1.2 is unable to access resources on the Corporate LAN (19...

H.Thiam by L2 Linker
  • 4841 Views
  • 2 replies
  • 0 Likes

Resolved! No ping response from AAD

I have a rule in Palo Alto PA 440 running 11.2.6 to allow 'any' to Azure AD. I see only DNS responses from Azure AD. For ping and LDAP packets received is zero. The traffic is hitting the right rule though. I did a packet capture I don't see ping request on the transmit stage on the firewall. Ping and LDAP working from another site. How do I fix...

Website unreachable

hi my customer got an issue regarding palo alto. This issue happens thismorning, no changes was done beforehand. The website was still accessibleyesterday until this morning. We have done a few testingsas per below. Office LAN users – Notaccessible Bypass website’s Public IP– Not accessible Bypass website URL – Notaccessible Wi-Fi users – Acce...

Palo Alto PA-850 Login Issue After Power Shutdown — Request for Guidance

Hi all,I’m currently dealing with a login issue on a Palo Alto PA-850 firewall after a scheduled power shutdown. Here's the situation:The firewall was shut down prior to the outageAfter powering it back on, I can ping the firewall's IP address and see network traffic flow normally.However, I’m unable to log in via:Web UI (receives "incorrect use...

Question about Wildfire signature updates in Palo Alto Active-Passive mode.

Hi, Currently, the customer has a configuration where signature updates are performed on the passive device and then synchronized with the active device.In this configuration, is it appropriate to perform signature updates on the active device?Or what are the recommended settings for Palo Alto Active-Passive Mode? Thank you.

Palo Alto to Azure vpn tunnel fails at random

We installed a PA 3440 at a customer site which is being used to create a VPN tunnel with Azure. Two links have been configured in fail over mode (currently manual). The VPN tunnel fails randomly and needs to be rest manually. we have raised the case with PA who are struggling with logs since last 2 weeks without a fix. Basic configuration of...

What happens when the premium partner and subscription license expires?

Dear all, Premium license expiredI thought I wouldn't get RMA or technical support at expiration, but is it also correct that the following is not supported?* Premium expire- RMA Impossible- Software update Impossible- Dynamic update Impossible* subscription license- TP : New pattern update not possible- URL: Predefined URL Category Not Availa...

HoSoo by L0 Member
  • 3311 Views
  • 2 replies
  • 0 Likes

Where to see graphs of peak bandwidth usage?

Hi, I'm new to using PaloAlto devices, we have PA-440's and don't use panorama. We are moving internet providers so in deciding what type of connection to purchase I need to see some graphing of our internet bandwidth usage of all traffic in and out on the internet interface. I've seen the bandwidth graphs under Network - QoS, but they only seem...

Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Hello, I am working with an IPsec VPN setup on my Palo Alto Networks firewall and am currently using certificate-based authentication. My organization utilizes an internal Certificate Authority (CA) that supports ACME (Automatic Certificate Management Environment) for certificate enrollment. However, I haven't been able to find any resources or ...

GUEST WIFI for new client

Hi All, I just have a question. We have a new client on office and they will be using their own domain and laptop. They will connect to our GUEST internet and will use it to access their internal network. The thing is client wants to have a dedicated guest vlan for them. We have an existing GUEST VLAN for our clients and this new client do...

weezy by L3 Networker
  • 3394 Views
  • 4 replies
  • 0 Likes

Firewall sessions

Spoiler (Highlight to read)I'm in a competition against a vendor who is claiming that two small firewalls sessions (not bandwidth ) can be added to give higher number of sessions and the customer seems to be buying it, although the.firewall doesn't work that way as its a statedul device and sessions can't be added to maximise the number of sessi...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks