This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

OSPF issue betwwen PA VM-100 and Cisco 4431

Hello everyon, I have an strange issue with OSPF, it is working normaly but one or two time in 24 hour palo alto loses its neighbors for 1 to 5 seconds. I tied to troubleshoot and get message: **** AUDIT 0x3e01 - 210 (0000) **** I:001d0046 F:00000002qoamnfsa.c 768 :at 15:58:30, 22 November 2023 (268141554 ms)OSPF 12 i/f idx 0X00000010 rtr ID ...

Dzemail by L0 Member
  • 1089 Views
  • 0 replies
  • 0 Likes

Resolved! EDL - unable to get local issuer certificate

Hi, Having issues with EDL and certificates. Followed the best practices, and believe everything is set properly. running pa-8xx clusters running 10.1.9h3, all have the same issue opendbl.net cert chain is imported and set both root and intermediate in the cert profile. opendbl EDL created, cert profile attached and outbound policy applied....

orbcomm by L2 Linker
  • 11345 Views
  • 9 replies
  • 0 Likes

application based rule

Hi All ,We are planning to implement application based rule like under application tab add required app and under service tab add application default.However what would be best approach to apply rule where application is showing "incomplete".Currently we have any any set , so we are planning above steps and don't want to break any on going traffic.

Resolved! SSL Forward Proxy Not Working

Hello all, another problem on my road to learning! I have created a self-signed CA Cert on my Palo Alto firewall. Exported to my Windows 10 box, imported into root CA store etc. I have set the cert as a Forward Trust Certificate, created a decryption policy and even added a custom SSL-Decrypt profile/policy. The action is decrypt. I can browse f...

GWynn by L3 Networker
  • 4590 Views
  • 7 replies
  • 0 Likes

URL Lookup Returns IP Address

We use a URL filtering profile to limit outbound traffic. Occasionally known good traffic will fail because an IP address, instead of the FQDN of the URL, is presented. The traffic is blocked because the URL (IP address) is in the "Unknown" URL category. What could be the cause of this random failure?

Resolved! How To use Certificate For Secure Web-GUI Access HA pair

Dear All, referred below link for Secure Web-GUI access, successfully done with my primary firewall, how can i achieve this when i have firewall in HA? How To use Certificate For Secure Web-GUI Access - Knowledge Base - Palo Alto Networks I will be using a self-signed certificate. and will distribute and install that certificate to necessary...

Syslog issue

Hello All, When we are using 9.1.14 Pan os we are getting below "" between ,, after upgrading 10.1.10-h2 it is missing..... Is there any way to get back the double quote like early?

KhaleelE_0-1700376553593.png
KhaleelE by L4 Transporter
  • 854 Views
  • 0 replies
  • 0 Likes

Cloud Identity Engine (CIE) and group mapping on firewalls - Groups and/or group membership updates not working as expected

I just wanted to let more folks know about this KB article concerning Cloud Identity Engine (CIE) and group mapping on firewalls. Knowing about this issue documented in the KB ahead of time would have saved a lot of frustration for us. Its information that SHOULD be in the main documentation, but isn't. "How to push Cloud Identity Engine (CIE)...

Custom URL category matching

Hello, I'm trying to block a domain but allowing specific URL. like: test.com/ - block test.com/test - allow I made two custom categories and rules, first rule for allowing "test.com/test" and second rule for blocking "test.com" The connection is http, so don't need to set decryption. I tested two different environment, both 10.1 but differe...

yhlee1 by L2 Linker
  • 1029 Views
  • 0 replies
  • 0 Likes

10.1.11-h1 broken on PA-410

Just lost 2 devices far away from home, seems to be the same bug described in https://www.reddit.com/r/paloaltonetworks/comments/17rjzfm/pa410_10111h1_no_ethernet/ 440s and 3220s running fine with 10.1.11-h1. Is there no one at Palo testing their Hardware anymore???

thah by L0 Member
  • 1135 Views
  • 0 replies
  • 0 Likes

Resolved! portal-auth vs gateway-auth

Hi, I’m trying to understand Palo Alto VPN client, Global Protect login process with logs and I’m a little bit confused. What I can see in logs: First is: portal-auth. Then usually portal-gen-cookie Next gateway-auth And finally, gateway-register I would think the portal-auth would be login to PA portal but it is not so I’m quite confused what...

  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks