Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Selecting Appropriate Security Profile

I am planning to make a group profile of security profiles which include, Vulnerability protection , antivirus , anti spyware and wildfire analysis profile. I am planning to provide same group for every policy in firewall. I have few questions on thi

...

Multiple CDL instances in the same region

Hi Guys,

Can one CSP account have multiple CDL instances in the same region for Firewall Log Service. Use case is the user want to separate logs of different firewalls to different CDL instances. And eventually, also to have multiple AIOPS instance

...

PAN-OS HA Clustering and Integrated management and logging

Hi, I have questions about PAN-OS HA clustering and management

First, I read the document "HA Clustering Overview - PAN OS Admin Guide". and I was able to confirm about HA Clustering.

However, there is a part in the HA Clustering part of the PAN

...

Resolved! commit failed custom url category exceed shared capacity

Hi, I have an issue about commit failed

When upgrading the OS from 9.1.12 to 10.0.0, auto commit is not possible due to the following error.

: error:Number of custom-url-category/external-url-list(51) exceeds shared capacity(50)

: After restoring t

...

Where to download update for PA-2050 for learning purposes.

this is EOL, so they don't show the images any more. You can't download it via the website Where do I go find the latest supported image for PA-2050.

Resolved! Client ikemgr phase 1 failure

Dear All,

Below is summary of issue and resolution.

1. We added a new firewall to HA set-up.

2. HA was established properly.

3. While doing config sync from active to passive it was falling with error Client ikemgr phase 1 failure

Resolution:

U

...

Any upcoming PCNSE Exam Vouchers?

Hello Palo Alto Community!

I hope this post finds you all in good health and high spirits. I'm reaching out to inquire about the availability of any upcoming PCNSE (Palo Alto Networks Certified Network Security Engineer) exam vouchers. I'm

...

SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY)

Hi

In a recent few days we are seeing the below mentioned email alert coming to the customer mail box every day

SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY)

I am attaching the screenshot for reference.

Regards,

Satya Kalyan

content updates for paloalto from my internal server

Hello Team,

How to get content updates to my paloalto firewall instead of using updates.paloaltonetworks.com , I want to setup my private server and download the all content updates in to server and i want to updates from private server to firewall,

...

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Hello Team,

i want to understand How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing
i know its going take application information from SNI through TLS (this is for websites -having SSL) but i want to understan

...

Palo alto redundancy

Other that putting a palo alto in an HA pair are there any other ways to add redundancy?

FW Recommendation version

Kindly note that we found the below vulnerabilities in our boxes .

Model PA-5020

Software Version 8.1.20

what is the recommended version and upgrade path .

EOL/Obsolete Operating System: Palo Alto Netw

...

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Hi All,

I have security profiles on my main egress firewall rules, and the URL filtering is blocking anything malware, high-risk etc. I have some custom reports setup that report on any blocks that take place as a result of this profile.

I am readi

...

Panorama fragmentation

Hi,
If the checkbox for Fragmented traffic is uncheck, does that mean that the fw will not discard fragmented traffic?

I have a case where someone says "10.154.74.0/23: We can not send from, or send to, packages bigger than 1472. All ports are de

...

Interface Monitoring

We have total 3 Interface , two ISP interface ( In router we have made them to act as Primary and Secondary) and one trust interface , now the confusion is I am trying to make if both ISP interface goes down , I need to make my trust interface also

...

Discussions

Welcome to the Next-Generation Firewall Discussions!

Rules and Best Practices

Resolved! Selecting Appropriate Security Profile

Multiple CDL instances in the same region

PAN-OS HA Clustering and Integrated management and logging

Resolved! commit failed custom url category exceed shared capacity

Where to download update for PA-2050 for learning purposes.

Resolved! Client ikemgr phase 1 failure

Any upcoming PCNSE Exam Vouchers?

SENSOR MEMORY: SLOT-0 MANAGEMENT MEMORY (SNMP MEMORY)

content updates for paloalto from my internal server

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Palo alto redundancy

FW Recommendation version

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Panorama fragmentation

Interface Monitoring

PALOALTO NGFW HIP

PAN OS versioning differences

HA1-Backup Failing when setting to Management

What is "UserIpMap.txt"?

Users with multiple devices: more than one ip per username

Re: Is there a way to configure Pan-OS to integrate with an ACME server for certificate enrollment?

Re: Microsoft WNS App ID

Re: Concerns of Firewall 5250 dropping packets and enabled DSRI (Disable Server Respponse Inspection) relieve issues for a few hours but came back

Re: LACP LINK DOWN FW PALO ALTO

Palo Alto Firewall Migration – VSYS Consolidation

Unlock your full community experience!

Rules and Best Practices

Resolved! Selecting Appropriate Security Profile

Resolved! commit failed custom url category exceed shared capacity

Resolved! Client ikemgr phase 1 failure

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile