This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4521 Views
  • 0 replies
  • 1 Likes

Where to see graphs of peak bandwidth usage?

Hi, I'm new to using PaloAlto devices, we have PA-440's and don't use panorama. We are moving internet providers so in deciding what type of connection to purchase I need to see some graphing of our internet bandwidth usage of all traffic in and out on the internet interface. I've seen the bandwidth graphs under Network - QoS, but they only seem...

Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Hello, I am working with an IPsec VPN setup on my Palo Alto Networks firewall and am currently using certificate-based authentication. My organization utilizes an internal Certificate Authority (CA) that supports ACME (Automatic Certificate Management Environment) for certificate enrollment. However, I haven't been able to find any resources or ...

GUEST WIFI for new client

Hi All, I just have a question. We have a new client on office and they will be using their own domain and laptop. They will connect to our GUEST internet and will use it to access their internal network. The thing is client wants to have a dedicated guest vlan for them. We have an existing GUEST VLAN for our clients and this new client do...

weezy by L3 Networker
  • 3325 Views
  • 4 replies
  • 0 Likes

Firewall sessions

Spoiler (Highlight to read)I'm in a competition against a vendor who is claiming that two small firewalls sessions (not bandwidth ) can be added to give higher number of sessions and the customer seems to be buying it, although the.firewall doesn't work that way as its a statedul device and sessions can't be added to maximise the number of sessi...

Resolved! Name: Virus/Win32.WGeneric.esxxcl Unique Threat ID: 752597582

Name: Virus/Win32.WGeneric.esxxcl Unique Threat ID: 752597582 Create Time: 2025-11-25 08:01:27 (UTC) Status: active In Current Release: Yes Last Release: 5426 (2026-01-08 UTC) First Release: 5383 (2025-11-26 UTC)f9b8df8703b2651ce97c11692dd5c722e621ac5e11a148993af317018189c8c5 We received a palo alto alert like this: The specified threat cannot b...

bgrsmn by L0 Member
  • 5768 Views
  • 1 replies
  • 0 Likes

AI for FW management

Hey Guys, We are using PA firewalls in our DCs. A lot of focus in our organisation (like everywhere) is on use of AI. So I was wondering how are you guys leveraging AI in Firewall Management? Are you using it for any policy cleanup, shadow rules identification or simply automating firewall configuration push? There are a lot of examples that AI...

PAFWNoob by L1 Bithead
  • 2045 Views
  • 1 replies
  • 0 Likes

ChatGPT User-ID, AD and IP mapping issue

There is an issue with Palo Alto firewall which has to do with user IP mapping and AD. User is grated access via policy in the format source-user = corp\employee. After that's done, the user works fine today accessing ChatGPT but then the user is not able to use chatgpt the next day after working fine the day before. What is the problem? Any in...

Conditional Advertisement / BGP Failover with Dual ISP — How to Remove ISP1 Routes on Internet Loss?

Hi all, I’m running a dual-ISP setup on a PA with BGP to ISP1 and ISP2. My goal is: Monitor ISP1 default route / Internet reachability. If ISP1 becomes unusable, I want all traffic to fail over to ISP2. I am advertising an IP pool to both ISP1 and ISP2 for incoming traffic, with AS-path prepending applied to ISP2 so that incoming traffic ...

Resolved! Palo Alto Networks PA- 450 Next‑Generation Firewall to maintain uninterrupted BSNL SIP trunk services in the event of a primary internet link failure.

Please provide comprehensive and step‑by‑step instructions for configuring a Palo Alto Networks PA- 450 Next‑Generation Firewall to maintain uninterrupted BSNL SIP trunk services in the event of a primary internet link failure. The BSNL SIP Trunk Server which is on cloud having a static IP of 117.198.215.109 & BSNL SIP trunk is presently bou...

Resolved! Request for VPN Capability Enhancement on Palo Alto Networks Firewalls

We respectfully request the addition and native support of Layer 2 and Layer 3 VPN technologies, specifically OpenVPN, SoftEther VPN, and WireGuard VPN, including both server and client functionalities, across all Palo Alto Networks Next-Generation Firewall platforms.The availability of these VPN solutions would significantly improve secure conn...

Pan-OS Dev Corner

Hi Everyone, I wanted to share my project that reduces MTTR for admins who actively use the CLI terminal. While studying Palo Alto Networks NGFWs at my college as a student, I noticed how much time I was spending manually running and parsing CLI commands and realizing how slow Panorama can be at times. I decided to build a "cockpit" to automate ...

Resolved! How to create a support case without a TCF file

Hi all, dont know if the right board. I'm trying to lodge a case with PAN support, but they are wanting a TCF file. The problem is that the device in question is in a broken state. We took the device out of the box, attempted to disable ZTP; the device rebooted, and never finished "rebooting". It got stuck in a boot loop, and eventually corrupte...

PA-440 won't talk via network

Good morning, all! My lab PA-440 threw a weird on at me this week. When I tried to add it to a new SNMP server (Observium) the firewall stopped talking on the web interface and wouldn't respond to pings to the management IP. After some rather involved troubleshooting I found that the filesystem has been corrupted. After some intense rebooting a...

  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks