Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

Source and Destination NAT for Site to site VPN

Hello, I'm trying to configure a site-to-site vpn with between two organizations. Our internal IP range is conflicting with the other organization network, so we are trying implement Source and Destination NAT The VPN tunnel is up, but I'm struggling to NAT Source and Destination. Route : 172.25.255.0/29 via Tunnel.50 The NAT...

Resolved! Link Group with Subinterfaces

Dear all,I'm trying to set up our link monitor configuration in our 440, and I ran into a problem. Each of our physical interfaces has many subinterfaces and I only want to monitor a few of those, but when I want to form a new Link Group it doesn't allow for subinterfaces to be chosen, just physical interfaces. Is there a way in which I can form...

Resolved! PA5220 to Version 10.25

Good Day to All, I have a Firewall PA 5220 running on A/A setup. Initially it is running on 8.1.4 version and just recently we have upgraded to 9.1.16 version. Since 9.1.16 version will be EOS by Dec 13, 2023 we plan to upgrade it to 10.2 version. Questions: 1. Is PA5220 capable of being upgraded to 10.2.5* preferred version? 2. What wo...

DNS routing issue - OpenVPN inside GlobalProtect VPN

Hi, We are running on a setup today where the client connects through L2TP to a Mikrotik-router and then connects with OpenVPN to the next environment. Just now we are switchning to PA440 and GlobalProtect VPN IPSec instead of L2TP, and we have a problem now that the DNS lookup is not working when on the OpenVPN-tunnel inside the GlobalProte...

Resolved! PA-5430 HA1 interface 10G SFP+ support?

hi I would like to know if the PA-5430 HA1 Interface supports 10G. The datasheet says 1G."1G SFP high availability (2), 40G QSFP+ high availability (1)," It is listed as 1G/10G on the PA-5400 Series Front Panel page.Two SFP+ 1Gbps/10Gbps ports for high availability (HA) control. Thank you.

Migration assistance PA-5050 to PA-3420

Hi, I need assistance replacing a firewall cluster PA-5050 and standalone panorama by a firewall cluster PA-3420 and a cluster panorama. Actually the firewall cluster PA-5050 and standalone panorama are in production. The templates network is manage in locally PA-5050 and the devices group is manage by panorama. The new cluster PA-3420 is UP b...

Active/Passive FW with Primary/Backup ISP

Hi My ISP will provide an Internet access with primary access and backup access. We have an HA Active/Stand-by firewall. The primary Internet access will be directly connected on active FW and the backup Internet access will be connected on interface on stand-by FW as showing in the following diagram. My questions are : - How I must configure ...

Mitigation for DHCP Starvation attack in shared network zone (e.g.Eduroam)

Hi everyone, Is there anyway for us to utilize Palo NGFW to prevent or mitigate DHCP starvation attack. For example, a user's BYOD device is infected with malware, after authenticated with eduroam network, the device start performing DHCP starvation attack without the user even realize. I have tried looking online for solutions, there's re...

Resolved! Threat prevention license and logging

I have a question:When my threat prevention and support license expires, can I still use the signatures version at the time of expiration? And on the firewall, I can still see the threat logs and traffic logs that match the threat profiles, right?

Need help for account license

Hi All, My organisation purchase two quantity of PA-800 series firewall and associated license also. Problem is we have not received any account creation mail from OEM to register the devices and linked purchase licenses. Should palo alto provides evaluation license without registeration ? so that we can atleast bring the device into Network m...

Resolved! Obtaining License Actication Codes for New PA 1410's

Hi There, We have 2 * new PA 1410 (NFR) units and whilst we have successfully registered the devices, we cannot work out how to obtain the licenses for which we purchased the units, i.e. "Core Bundle" licenses. If someone can please advise, on how we locate and apply. Many thanks, Jack

PA - 3220 Secondary box Tech support file.

Hi expert, we are trying to Generate the Tech support file using Cli. The TSF file generated but file is not same as we are extracting from GUI. The File size is only two Mb. GUI response is very slow we are not able to generate the tech file. Thanks for your kind help== zip file is attached below

Resolved! Network Security

We have a one customer who is using URL Filtering . The customer is unable to access chat GPT Website . We have tried to change the URL profiles but still unable to access. We have checked the URL Filtering action should allowed but still unable to access. we have tried all possible ways. Kindly help me what should be done here. Regards S...

Resolved! Cisco ASA allowed Arp alias , can Paloalto do arp alias?

HI , I need my Palo Alto to respond to ARP requests as if it were the owner of both the specified IP address and hardware address. My ASA was able to do it, can't figure out how to do it with Palo Alto. Thanks Marianne

rulebase -> security -> rules -> permit_common 'permit_common' is already in use

After importing configuration and after clicking on commit I get this, who know how can I solve itrulebase -> security -> rules -> permit_common 'permit_common' is already in useThanks

Discussions

Welcome to the Next-Generation Firewall Discussions!