This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4599 Views
  • 0 replies
  • 1 Likes

PA - 3220 Secondary box Tech support file.

Hi expert, we are trying to Generate the Tech support file using Cli. The TSF file generated but file is not same as we are extracting from GUI. The File size is only two Mb. GUI response is very slow we are not able to generate the tech file. Thanks for your kind help== zip file is attached below

Resolved! Network Security

We have a one customer who is using URL Filtering . The customer is unable to access chat GPT Website . We have tried to change the URL profiles but still unable to access. We have checked the URL Filtering action should allowed but still unable to access. we have tried all possible ways. Kindly help me what should be done here. Regards S...

PPPOE authentication with Plusnet FTTP not working

Hi I wonder if someone can help with this issue, it's a weird one I have a PA-220 firewall connected directly to the ONT provided by BT and I am trying to get FTTP broadband working using PPPOE, the interface on the PA-220 that is connected to the ONT (ethernet 1/1) is configured to use PPPOE however the interface does not obtain a public IP add...

withers by L0 Member
  • 3658 Views
  • 1 replies
  • 0 Likes

Resolved! Create security policy & move to top at a time

When I create a security policy it goes bottom of the list. Is there any way that I can create the security policy it will go top of the list? I am using the below command.set device-group devicegroup-name pre-rulebase security rules rule1 from trust source any to untrust destination any application any service any category any action allow log-...

ssovee by L2 Linker
  • 3058 Views
  • 4 replies
  • 0 Likes

Having issues with ipsectunnel after upgrading FWs(5260s) to 10.1.3

Hello Palo Community! I have a a couple of ipsec tunnels connecting to a cloud vendor providing ERP services to our users. Since we upgraded our FWs to 10.1.3 a couple of weeks ago from 9.1.10, we are having issues with connection slowness, timeouts, ssh session termination, webpage not available etc where users aren't able to connect to any s...

JJoseph by L1 Bithead
  • 4467 Views
  • 2 replies
  • 0 Likes

Resolved! Log Collection log forwarding agent is active but not connected

Can someone please assist with troubleshooting articles? admin@KXX-FW-01(active)> show logging-status-----------------------------------------------------------------------------------------------------------------------------Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded----------------------...

nazddk by L1 Bithead
  • 2713 Views
  • 2 replies
  • 0 Likes

intrazone default

Hello, I am observing that tcp connection between two hosts remaining in the same zone are not able to establish TCP connections [htts], while ICMP is successful. Tracing the traffic it shows up as application incomplete, rule intrazone default is hit. Therefore, I was wondering whether TCP traffic within intrazone traffic is allowed. I would ...

Martin2K by L1 Bithead
  • 2617 Views
  • 3 replies
  • 0 Likes

Multiple L2 interface with same vlan tags

Hello All We are migrating our fortigate firewall to palo alto. Fortigate is configured in transparent mode Currently we have 2 networks and both network have same vlan ID and subnet range. We plan to configure L2 interface on Palo alto then add sub interface for the respective vlan for both the network. Will it work??

Resolved! Pn commit and push affect the local candidate configuration of the wall

The customer has a vm-300 that is configured through panorama management and configure. An accident occurred where the administrator configured a nat police configuration on the vm-300 August 22, , but there was no commit and no task modifications were made. The September 5th, the administator configured an ldap profile for this vm-300 through p...

微信截图_20230917122028.png
Felixcao by L3 Networker
  • 3333 Views
  • 4 replies
  • 0 Likes

Network monitor shows huge traffic spike, but can't find traffic details

Hey folks. I had a situation today whereby one of my PA's was responding really slowly across IPSec tunnels and for Global protect clients - so once I could get onto it I started digging into the network monitor to see if I could find out if there was a link/network load issue. I found a huge spike in traffic in the period concerned - much, ...

darren_g_0-1694648084743.png
darren_g by L4 Transporter
  • 3232 Views
  • 1 replies
  • 0 Likes

SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.

Palo Alto SSH Proxy blocks ssh traffic with error message unsupported Parameters. This is because of the SSH Proxy profile. However where can I find the parameter used for this communication and what is the recommended / supported parameters/algorithm... I could not find any document stating this...For SSL we can see that these parameters are ...

  • 1587 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks