This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Global protect "certificate is not singed by CA" not allow to connect time to time

We have global protect version 6.1.1-5 When we connect to the GP it's working fine. Once we connect to another firewall's GP and disconnected from it and try to connect again to same firewall then we get the error "certificate is not singed by CA" For example : Let's assume Site A is having a firewall cluster and Site B is having a firewall cl...

polycom会议电话流量经过palo alto防火墙,发现会议到达16分钟左右会断开连接

如上面所说,当流量跳过防火墙是连接同一台交换机,状态正常,专线网络,没有做nat,会话保持时间也是默认的3600,尝试过override 策略,流量也匹配正常,但是情况还在,抓包分析,流量建立了三次握手以后,后续会出现超时的流量,网络层是正常的,不明白会有超时的数据,有人碰到过吗,有什么解决建议。

zhangfw_0-1697776779864.png
zhangfw_1-1697776863671.png
zhangfw by L1 Bithead
  • 1244 Views
  • 1 replies
  • 0 Likes

Multiple remote site firewall commit errors/failures after Panorama 10.2 upgrade

Hey all,Recently step-upgraded Panorama from 9.1.14-h4 to 10.2.4-h4. No issues upgrading Panorama. This panorama manages 180+ remote site firewalls. Ever since the upgrade we have *a few* remote site firewalls that are failing to commit properly in 2 ways: 1. commit failures related to particular configuration items, mostly specific interfaces a...

chantilly-error.PNG
MicrosoftTeams-image (2).png

Customer Firewall Transfer

Hello Guys, I am new on the Palo Alto Environment, i work a lot with Fortinet. So in the Fortinet "world" i can register an account like a customer and require for try some of their products, like FortiEMS, FortiOS VM, FortiAnalyzer Etc, all of this for free, without any comercial relationship. So what i want to know is that if there is somethin...

How to limit youtube with QoS max bandwidth?

Hi experts, Palo alto qos is my first time. So i have a task to limit maximum bw for youtube in my company is just 10 MB. Can i assume to config : guarantee bw : 0 max bw : 10 I assume with that config, i didn't reserved any bw for youtube but if youtube reach more than 10 MB, palo will drop the traffict, is that right? I do this becaus...

Source and Destination NAT for Site to site VPN

Hello, I'm trying to configure a site-to-site vpn with between two organizations. Our internal IP range is conflicting with the other organization network, so we are trying implement Source and Destination NAT The VPN tunnel is up, but I'm struggling to NAT Source and Destination. Route : 172.25.255.0/29 via Tunnel.50 The NAT...

Capture.JPG
Capture1.JPG
Tunnel.JPG
FLOW.JPG

Resolved! Link Group with Subinterfaces

Dear all,I'm trying to set up our link monitor configuration in our 440, and I ran into a problem. Each of our physical interfaces has many subinterfaces and I only want to monitor a few of those, but when I want to form a new Link Group it doesn't allow for subinterfaces to be chosen, just physical interfaces. Is there a way in which I can form...

mR00t_s5 by L2 Linker
  • 2761 Views
  • 3 replies
  • 0 Likes

Resolved! PA5220 to Version 10.25

Good Day to All, I have a Firewall PA 5220 running on A/A setup. Initially it is running on 8.1.4 version and just recently we have upgraded to 9.1.16 version. Since 9.1.16 version will be EOS by Dec 13, 2023 we plan to upgrade it to 10.2 version. Questions: 1. Is PA5220 capable of being upgraded to 10.2.5* preferred version? 2. What wo...

DNS routing issue - OpenVPN inside GlobalProtect VPN

Hi, We are running on a setup today where the client connects through L2TP to a Mikrotik-router and then connects with OpenVPN to the next environment. Just now we are switchning to PA440 and GlobalProtect VPN IPSec instead of L2TP, and we have a problem now that the DNS lookup is not working when on the OpenVPN-tunnel inside the GlobalProte...

Vsys and tagging automation

Hello, we have a service that runs when we build servers that will tag the servers being created with its tag and ip information via the rest api. We're trying to migrate to a new vsys, from L2 to a L3 vsys and when we added the new vsys to panorama it started to make objects in the wrong vsys. Where should I be looking to create the ips/tags in...

Resolved! PA-5430 HA1 interface 10G SFP+ support?

hi I would like to know if the PA-5430 HA1 Interface supports 10G. The datasheet says 1G."1G SFP high availability (2), 40G QSFP+ high availability (1)," It is listed as 1G/10G on the PA-5400 Series Front Panel page.Two SFP+ 1Gbps/10Gbps ports for high availability (HA) control. Thank you.

sungbok by L1 Bithead
  • 4639 Views
  • 3 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks