This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4555 Views
  • 0 replies
  • 1 Likes

HSCI port - 5410

Hello All, I'm trying to spec the SFP's for PA-5410's & per the below documentation. https://docs.paloaltonetworks.com/hardware/pa-5400-hardware-reference/pa-5400-series-firewall-overvi... The HSCI port is a 40G port & Palo Alto Networks recommends that you use an active or passive QSFP+ cable. As per the below documentation of P...

Resolved! Not updating low traffic session status with hw offload enabled

PA-32xx series with 10.1.9 (issue showed up after upgrade) There is long-lasting SSH session where only something like keepalive is sent every 5 minutes or so. With hardware offload enabled, this traffic is not registered in the dataplane (session stats are not increasing even though there is traffic for that session) and subsequently TTL is not...

nikoo by L3 Networker
  • 4619 Views
  • 3 replies
  • 0 Likes

snmp configuration question

as we all know , snmp can be configure at Setup -> Operiations ->SNMP Setup the snmp community string default is "public" I would like to ask 1. this is the read-only string or the read-write string ? 2. do we set the read-only string for the device ?

Multiple vsys share one pair of WAN circuits?

I have 4 vsys that are currently using individual ports to connect to the WAN circuits. I need to free up ports for additional vsys, and would like a shared circuit port for the multiple vsys to use. I've tried a layer 3 interface with sub interfaces, one for each vsys, tagged vlans 11,12,13,14 for example, trunked to a switch, but I'm getting p...

ZNetEng by L0 Member
  • 1420 Views
  • 1 replies
  • 0 Likes

IPSec VPN Negotiation Issues

Dear Members, Greeting to All! Curranty, I'm using site to site multiple VPN configuration with Palo alto Firewall to different vendor site. All of the tunnel is working fine VPN ok. My main problem is inside of my firewall public internet down then coming to UP in case, Some of the tunnel is came to up and show green. But one of the tunnel st...

Url access error

Hello Team, I am getting this error in the EDL, also confirm URL and certificate are correct.Gone thorough this kb : https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-release-information/known-issues/known-issues-related-to-pan-os-9-1-releases/pan-os-9-1-13-known-issues#idd45332c3-ff37-42df-a84c-a418356feb7d ---- ...

SKumarDoli_0-1685509176196.png

Resolved! LDAP authentication profile not listing in authentication settings

Hi, I have a problem in adding LDAP authentication profile to the authentication settings in Device>Management. I have also tried creating a new authentication profile with LDAP in it. But getting the below error "system -> authentication-profile 'LDAP_AUTH_WEBGUI' is not a valid referencesystem -> authentication-profile is invalid" ...

jeromej_0-1685089183840.png
jeromej by L1 Bithead
  • 13031 Views
  • 15 replies
  • 0 Likes

Troubleshooting traffic being blocked based on IP - FQDN rules

Trying to find which FQDN object in my FQDN cache resolves to an IP. show dns-proxy fqdn all | match <ip> shows me that it's in my cache, but doesn't show FQDN object name, so it doesn't really help. I'm not sure if there's a way to dump this to a file or something or a more straight forward way to do this. Any insights is appreciated. ...

Check whether PA-220 has already been registered

Hello All, Is there a simple way to check whether a PAN device has been registered before? I bought a supposedly unregistered PA-220, however I would like to know if the device has really not been registered before. Unfortunately there doesn't seem to be a support email address for Palo Alto, and creating a support account requires registering a...

Resolved! Parked domain blocked when traffic not decrypted - Custom URL categories not checked with encrypted traffic

Hi, I have an issue while trying to whitelist a parked trusted domain https://centaur-horizon.eu/. The traffic hits a rule with a URL filtering that has Parked set to Blocked but it also has a Custom URL Category called allow-Baseline as Allow and includes the parked domain. At first, the exception seemed to work but later we realized that for u...

IPSec Tunnel goes Down After Few Minutes

hi All, I am facing a strange issue with IPSec tunnels built on Palo Alto firewalls. Scenario: 1. On both ends we have Palo Alto firewalls(various models PA-220, PA440, PA-3220, PA-VM(AWS)) 2. Public IP addresses of both ends are always reachable. 3. Tunnel lights always look GREEN. 4. Routing also is in place, either with Static or OSPF rou...

Resolved! Selecting Appropriate Security Profile

I am planning to make a group profile of security profiles which include, Vulnerability protection , antivirus , anti spyware and wildfire analysis profile. I am planning to provide same group for every policy in firewall. I have few questions on this approach. 1. Is this a good practice , Do calling this group for every policy will increase fir...

Aaida by L1 Bithead
  • 2113 Views
  • 2 replies
  • 0 Likes

Multiple CDL instances in the same region

Hi Guys, Can one CSP account have multiple CDL instances in the same region for Firewall Log Service. Use case is the user want to separate logs of different firewalls to different CDL instances. And eventually, also to have multiple AIOPS instances in the same region to associate with each CDL instances accordingly. Example: Firewall 1 to ...

Resolved! commit failed custom url category exceed shared capacity

Hi, I have an issue about commit failed When upgrading the OS from 9.1.12 to 10.0.0, auto commit is not possible due to the following error. : error:Number of custom-url-category/external-url-list(51) exceeds shared capacity(50) : After restoring to 9.1.12, commit is possible, and the number of shares of Custom URL Category of 9.1.12 and 10.0....

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks