This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

Resolved! Log Collection log forwarding agent is active but not connected

Can someone please assist with troubleshooting articles? admin@KXX-FW-01(active)> show logging-status-----------------------------------------------------------------------------------------------------------------------------Type Last Log Created Last Log Fwded Last Seq Num Fwded Last Seq Num Acked Total Logs Fwded----------------------...

nazddk by L1 Bithead
  • 2611 Views
  • 2 replies
  • 0 Likes

intrazone default

Hello, I am observing that tcp connection between two hosts remaining in the same zone are not able to establish TCP connections [htts], while ICMP is successful. Tracing the traffic it shows up as application incomplete, rule intrazone default is hit. Therefore, I was wondering whether TCP traffic within intrazone traffic is allowed. I would ...

Martin2K by L1 Bithead
  • 2509 Views
  • 3 replies
  • 0 Likes

Multiple L2 interface with same vlan tags

Hello All We are migrating our fortigate firewall to palo alto. Fortigate is configured in transparent mode Currently we have 2 networks and both network have same vlan ID and subnet range. We plan to configure L2 interface on Palo alto then add sub interface for the respective vlan for both the network. Will it work??

Resolved! Pn commit and push affect the local candidate configuration of the wall

The customer has a vm-300 that is configured through panorama management and configure. An accident occurred where the administrator configured a nat police configuration on the vm-300 August 22, , but there was no commit and no task modifications were made. The September 5th, the administator configured an ldap profile for this vm-300 through p...

微信截图_20230917122028.png
Felixcao by L3 Networker
  • 3199 Views
  • 4 replies
  • 0 Likes

Network monitor shows huge traffic spike, but can't find traffic details

Hey folks. I had a situation today whereby one of my PA's was responding really slowly across IPSec tunnels and for Global protect clients - so once I could get onto it I started digging into the network monitor to see if I could find out if there was a link/network load issue. I found a huge spike in traffic in the period concerned - much, ...

darren_g_0-1694648084743.png
darren_g by L4 Transporter
  • 2956 Views
  • 1 replies
  • 0 Likes

SSH Proxy Bock Session with Unsupported Algorithm - What are the palo alto predefined unsupported SSH algorithm and version.

Palo Alto SSH Proxy blocks ssh traffic with error message unsupported Parameters. This is because of the SSH Proxy profile. However where can I find the parameter used for this communication and what is the recommended / supported parameters/algorithm... I could not find any document stating this...For SSL we can see that these parameters are ...

Different telemetry region in ha firewall

Firewall A Previously Default Device Telemetry region is America After sudden commit fails due to error : 'Americas' does not match lcaas region 'in' So i changed the telemetry to india which is present in the drop down. Now , In firewall B vice versa i am receiving error : 'in' does not match lcaas region 'america' And also there is only ame...

Impact after Changing the key size setting clears the current certificate cache.

Due to VA Scanner scan my firewall having vulnerabilities of SSL Certificate Chain Contains RSA Keys Less Than 2048 bits . So I plan to follow below KB to change the key size. https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/certificate-management/configure-the-key-size-for-ssl-forward-proxy-server-certificates In the KB mentioned as...

JiaXiang by L4 Transporter
  • 3601 Views
  • 4 replies
  • 0 Likes

Resolved! How can I run a curl from PAN OS?

Hi; How can I run a curl command from PAN OS NGFW? say to some web-site. I have tried but it seems like curl is not supported. Also, it would be great to see if the curl request can be initiated from a specific IP Address on the PAN OS NGFW? The PAN OS version is 10.1 Kindly Wasfi

PA-1410 / PAN-OS 11 doesn't include many MS Root CA's

We do TLS decryption, and cutover a site to new PA-1410's running 11.0.2. While testing MS updates on endpoints, we were getting notifications that the client couldn't contact the update server. Looking in the decryption log, none of the calls to the MS URL's were trusted. I looked at the default included trusted CA's from our 820's that were...

820.png
1410.png
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks