This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

PaloAlto VM showing Vxlan alert after upgrade

Hello Team, Just the day after upgrading their VM firewall from 9.1.1.16 to 10.1.10-h2, customer has started receiving some critical alarms from their SNMP probe indicating: " Interface vxlan admin:up", however we have fully analysed the firewall and we can't find any interface with a name similar to that one, no interfaces are down, not even ...

JMBerzal by L1 Bithead
  • 1359 Views
  • 1 replies
  • 0 Likes

Migrating from Windows DHCP to Palo Alto

Good afternoon, all! I'm planning to migrate from my current Windows DHCP servers to Palo Alto DHCP. I'm moving from Windows Server 2012 R2 to an HA pair of PA-850s running PanOS 10.1.9-h3. Looking for traps, best practice, and any places to get bumped. Thanks to all for looking! Gregg

ghughes by L1 Bithead
  • 2500 Views
  • 3 replies
  • 0 Likes

Authentication Profile not loading local web auth page

Trying to create an authentication profile so when traffic goes to an internal esxi host at https://10.10.245.99 they get an additional authentication prompt from the local firewall for a local firewall user. Very simplistic I was hoping. I followed the below configuration article from Palo and followed it I believe to the tee. However when I na...

BI-DIRECTIONAL STATIC NAT NOT WORKING

Hi, I have the following situation I want to do a bi-directional NAT for a complete subnet range. I want to translate 192.168.96.0/24 --> 10.196.96.0/24 : 192.196.96.1 --> 10.196.96.1 192.168.96.2 --> 10.196.96.2 ... And this in both directions. When i select bi-directional nat on the NAT policy it is not working for the...

zGomez_0-1698767701056.png
zGomez_1-1698767778179.png
zGomez by L3 Networker
  • 2636 Views
  • 1 replies
  • 0 Likes

Resolved! DDOS / DOS Protection

Is there any benefit of placing an additional firewall on the OUTSIDE of the customer's internet/external router? There is already a perimeter firewall on the inside of this router. (Proposed additional firewall running virtual wire) <---> External Router (BGP and internet links) <----> Perimeter Firewall <----> Internal Router...

Antivirus Download and Install Hanging

Pa11.0.1 onPa820 in High Avaliability mode. The antivirus download and install update job has been at the "download in progress" status for several hours. The last antivirus valid is:4406 -4923 of 31/03/2023. The following resolution answer does not work Resolution [Not work] Run the following commands to clear the stuck download job...

Resolved! Decommission IPSec site to site VPN

Hi All, I have been looking at the best way to decommission VPN tunnels on Palo Alto firewall, and I could only find disabling the IKE phase1 and the IPSec tunnels. is there a recommended way to decom IPSec VPN tunnels on Palo Alto firewalls? Thank you in advance.

PALO ALTO 200 takes time to fail over

Hi All, We have a OLD Palo Alto 200 on one of our sites in OKI. We performed an annual fail over test last week. Here is what happened which is weird on panorama Secondary Firewall is showing as a Primary and it was on color red while the primary is not. I know the license is not renewed. So we test the fail over we shut the Secondary ISP ...

weezy by L3 Networker
  • 1259 Views
  • 0 replies
  • 0 Likes

Resolved! How to use a PA-220R in a small office environment without DC power?

I recently purchased an additional PA-220 firewall for a new small office our company is connecting to other offices running PA-820 and PA-220 firewalls. I was surprised to find that the product I received is a PA-220R which requires DC power, and that the legacy PA-220 firewall I thought I was buying is End-Of-Sale. I requested an RMA from my r...

Cramer by L1 Bithead
  • 3705 Views
  • 3 replies
  • 0 Likes

Wildfire Analysis Report returns 500 internal server error

Hi team I’m new to PA firewalls and facing some WebUI related problem. When I try to open Wildfire Analysis Report under DEVICE>NETWORK>Wildfire Submissions, “500 internal server error” is shown and I cannot check the report. I searched through LIVEcommunity, tech docs, knowledgebase and even Reddit but it seems no one is confronting...

OWET2501 by L0 Member
  • 2124 Views
  • 1 replies
  • 0 Likes

BGP route map

Hello Here is a simple use case. I have 3 palo, on 3 DC, and for each DC i have a router from on ISP with one single /28 public IP network. One computer can move from one DC to one DC. For exposed server, behind a NAT, i am trying to advertise using BGP the ISP to use PADC1, PADC2 or PADC3 as the next hope router. My problem is BGP prefi...

XFF

Hi I am hosting a website behind ngfw. The traffic comes from google load balancer, and i would like to LOG ONLY the x-forward IP (the original). I have used this kb: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/add-xff-values-to-url-filtering-logs But my URL filtering logs a...

chens by L3 Networker
  • 1273 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks