This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4519 Views
  • 0 replies
  • 1 Likes

Urgent action required: PAN-OS certificate expiration advisory

I recommend reviewing the customer advisory linked above in detail in order to understand the next steps and applicability. Essentially, the root and default certificate on PAN-OS will expire on December 31, 2023 - if not renewed before that date, this will result in firewalls and/or Panorama losing connectivity to our cloud services as well as ...

MSIntune All IPv4 missing IPs

Hi, what can i do when i find IPs in PA Log thats missing in the official in the EDL Hosting Service IP/ URL Lists? The following IPs are not in die Microsoft 365 "Worldwide Any IPv4" and not in the "MSIntune All IPv4" Lists. URL: intune.microsoft.com Application "microsoft-intune" Example IPs: 13.107.226.45 or 13.107.213.45 Best regards,...

HA Implementation using existing device with autofocus license

Scenario:Client wants to implement HA setup. Currently have 1 exisiting device. Problem:Autofocus license is still active in the exisitng device. No more sku for autofocus license as it is already eos since September 2022. Question:Will the HA work if the existing device have the autofocus license and the new ha pair device have the aiops li...

Arjohn by L0 Member
  • 1535 Views
  • 1 replies
  • 0 Likes

DLP on PAN-OS Firewalls

Question about the DLP on the NGFW's. I have a customer that's interested in enabling the feature but it looks like this is a cloud based DLP (reports back to Palo Alto's cloud and you manage the DLP features from the cloud), is that correct? Locally there's some Data Filtering options that can be used but the DLP option is the Enterprise Data L...

Team call issue after Failover

We have a dual ISP setup. Both ISP's terminate on single firewall. We are doing ebgp with both ISP's and having default route accepted from both. We advertise our public IP to both Peers and use 1 ip from that subnet as egress IP for all internet traffic. ECMP enabled and method IP modulo. When there is a failover we dont see any traffic drop to...

Nischal by L2 Linker
  • 1376 Views
  • 1 replies
  • 0 Likes

High latencies after HA failover

Goodmorning, i have a cluster with two PA3060 running panos 9.1.16. We are about to upgrade to 9.1.16.H3 due to certificate expiration. I had already updated the Secondary (passive) node to 9.1.16.H3 without issues 1 days before . The second step was to upgrade the Primary node. Before to upgrade the active node i requested the failover, the ...

Netadmin by L0 Member
  • 1140 Views
  • 1 replies
  • 0 Likes

MS-Update identified as a threat, there are no corresponding entries in the threat logs, URL filtering log or data filtering logs

Hi team, Although MS-Update was flagged as a threat, there are no corresponding entries in the threat logs, URL filtering logs, or data filtering logs explaining the basis for its classification as a threat The first three logs indicate that the traffic is passing without the security profiles Why MS-update is identified as a threat?? with...

AkashThangavel_0-1701248564919.png
AkashThangavel_0-1701250741984.png

Palo Alto syslog service/daemon restart

Hi, I have three PA-7080 firewalls that have Log forwarding cards (LFC) for forwarding logs using a syslog profile. I use the "debug log-receiver statistics" command to show log statistics. In the output, I found two fields 'log incoming rate' & 'log written rate'. I observed that every firewall log incoming & written rate are almost the...

ssovee_0-1701152370062.png
ssovee by L2 Linker
  • 3877 Views
  • 0 replies
  • 0 Likes

Resolved! Configuring GlobalProtect and DMZ Web Server

Hello, Thank you for entering this post, the reason for it is that I am trying to configure the GlobalProtect VPN and a web server in a completely separate Zone. The programmer will have access to the server through this VPN and we will subsequently expose it to port 443 of my public IP. But I have the problem that GlobalProtect uses port 443. ...

ccortijo by L2 Linker
  • 26516 Views
  • 8 replies
  • 0 Likes

Resolved! The block page for custom URL Filtering categories is not displaying, whereas it is visible for predefined categories.

Hi team, The block page for custom URL Filtering categories is not displaying, whereas it is visible for predefined categories. Predefined category : Custom category: Logs: Blocking is effective, but the block page appears exclusively for predefined categories. Are there specific settings that need to be enabled for custom categories to displ...

AkashThangavel_0-1700893655278.png
AkashThangavel_1-1700893691604.png
AkashThangavel_2-1700893735438.png

Auto Commit Failed and Gray Interfaces after upgrade to 11.0.2-h2

Upgraded to 11.0.2-h2 on my 410 last night and the interfaces were all showing gray after reboot. Auto commit was failing with the following error and just kept trying and trying. client device phase 1 failureManagement server failed to send phase 1 to client logrcvrCommit failedFailed to commit policy to device Tech support said there's an ...

rhnac by L1 Bithead
  • 3185 Views
  • 2 replies
  • 2 Likes
  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks