This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

Resolved! Selecting Appropriate Security Profile

I am planning to make a group profile of security profiles which include, Vulnerability protection , antivirus , anti spyware and wildfire analysis profile. I am planning to provide same group for every policy in firewall. I have few questions on this approach. 1. Is this a good practice , Do calling this group for every policy will increase fir...

Aaida by L1 Bithead
  • 2152 Views
  • 2 replies
  • 0 Likes

Multiple CDL instances in the same region

Hi Guys, Can one CSP account have multiple CDL instances in the same region for Firewall Log Service. Use case is the user want to separate logs of different firewalls to different CDL instances. And eventually, also to have multiple AIOPS instances in the same region to associate with each CDL instances accordingly. Example: Firewall 1 to ...

Resolved! commit failed custom url category exceed shared capacity

Hi, I have an issue about commit failed When upgrading the OS from 9.1.12 to 10.0.0, auto commit is not possible due to the following error. : error:Number of custom-url-category/external-url-list(51) exceeds shared capacity(50) : After restoring to 9.1.12, commit is possible, and the number of shares of Custom URL Category of 9.1.12 and 10.0....

Resolved! Client ikemgr phase 1 failure

Dear All, Below is summary of issue and resolution. 1. We added a new firewall to HA set-up. 2. HA was established properly. 3. While doing config sync from active to passive it was falling with error Client ikemgr phase 1 failure Resolution: Upon deep dive it was figure out that Master key between Active and passive firewall is mistmached...

Any upcoming PCNSE Exam Vouchers?

Hello Palo Alto Community! I hope this post finds you all in good health and high spirits. I'm reaching out to inquire about the availability of any upcoming PCNSE (Palo Alto Networks Certified Network Security Engineer) exam vouchers. I'm currently preparing for the PCNSE exam and would greatly appreciate any information regarding voucher relea...

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Hello Team, i want to understand How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsingi know its going take application information from SNI through TLS (this is for websites -having SSL) but i want to understand apart from SSL / Webbrowsing traffic.

FW Recommendation version

Kindly note that we found the below vulnerabilities in our boxes . Model PA-5020 Software Version 8.1.20 what is the recommended version and upgrade path . EOL/Obsolete Operating System: Palo Alto Networks (PAN-OS) and Panaroma Version 8.1 Detected Palo Alto Networks (PAN-OS) Improper N...

m.Ghazy by L0 Member
  • 1803 Views
  • 2 replies
  • 0 Likes

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Hi All, I have security profiles on my main egress firewall rules, and the URL filtering is blocking anything malware, high-risk etc. I have some custom reports setup that report on any blocks that take place as a result of this profile. I am reading you can also setup firewall rules to block inbound/outbound traffic using sources and destinat...

Panorama fragmentation

Hi,If the checkbox for Fragmented traffic is uncheck, does that mean that the fw will not discard fragmented traffic? I have a case where someone says "10.154.74.0/23: We can not send from, or send to, packages bigger than 1472. All ports are defined to 9216 bits. 10.154.74.17 and 10.154.74.34 can be pinged with big packages."I checked the ...

Richard_M_3-1684146287887.png
Richard_M_2-1684146274804.png

Interface Monitoring

We have total 3 Interface , two ISP interface ( In router we have made them to act as Primary and Secondary) and one trust interface , now the confusion is I am trying to make if both ISP interface goes down , I need to make my trust interface also to goes down automatically by some monitoring feature. Is it possible to do that in Palo-Alto

Sujanya by L3 Networker
  • 3474 Views
  • 4 replies
  • 0 Likes

Proxy based IPSec tunnel is up but data traffic is not passing thorugh

Hi all, I have some issue regarding ipsec tunnel at Palo alto, IPSec tunnel is up and running well before. Suddenly, data traffic is not working without any changes. When i reinitiate tunnel at PA side, it is working fine. it happens frequently, i'm not sure about the cause, what would it be?. Hope i got some helps. Thanks much. BRs,

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks