This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4555 Views
  • 0 replies
  • 1 Likes

Resolved! Client ikemgr phase 1 failure

Dear All, Below is summary of issue and resolution. 1. We added a new firewall to HA set-up. 2. HA was established properly. 3. While doing config sync from active to passive it was falling with error Client ikemgr phase 1 failure Resolution: Upon deep dive it was figure out that Master key between Active and passive firewall is mistmached...

Any upcoming PCNSE Exam Vouchers?

Hello Palo Alto Community! I hope this post finds you all in good health and high spirits. I'm reaching out to inquire about the availability of any upcoming PCNSE (Palo Alto Networks Certified Network Security Engineer) exam vouchers. I'm currently preparing for the PCNSE exam and would greatly appreciate any information regarding voucher relea...

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Hello Team, i want to understand How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsingi know its going take application information from SNI through TLS (this is for websites -having SSL) but i want to understand apart from SSL / Webbrowsing traffic.

FW Recommendation version

Kindly note that we found the below vulnerabilities in our boxes . Model PA-5020 Software Version 8.1.20 what is the recommended version and upgrade path . EOL/Obsolete Operating System: Palo Alto Networks (PAN-OS) and Panaroma Version 8.1 Detected Palo Alto Networks (PAN-OS) Improper N...

m.Ghazy by L0 Member
  • 1772 Views
  • 2 replies
  • 0 Likes

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Hi All, I have security profiles on my main egress firewall rules, and the URL filtering is blocking anything malware, high-risk etc. I have some custom reports setup that report on any blocks that take place as a result of this profile. I am reading you can also setup firewall rules to block inbound/outbound traffic using sources and destinat...

Panorama fragmentation

Hi,If the checkbox for Fragmented traffic is uncheck, does that mean that the fw will not discard fragmented traffic? I have a case where someone says "10.154.74.0/23: We can not send from, or send to, packages bigger than 1472. All ports are defined to 9216 bits. 10.154.74.17 and 10.154.74.34 can be pinged with big packages."I checked the ...

Richard_M_3-1684146287887.png
Richard_M_2-1684146274804.png

Interface Monitoring

We have total 3 Interface , two ISP interface ( In router we have made them to act as Primary and Secondary) and one trust interface , now the confusion is I am trying to make if both ISP interface goes down , I need to make my trust interface also to goes down automatically by some monitoring feature. Is it possible to do that in Palo-Alto

Sujanya by L3 Networker
  • 3409 Views
  • 4 replies
  • 0 Likes

Proxy based IPSec tunnel is up but data traffic is not passing thorugh

Hi all, I have some issue regarding ipsec tunnel at Palo alto, IPSec tunnel is up and running well before. Suddenly, data traffic is not working without any changes. When i reinitiate tunnel at PA side, it is working fine. it happens frequently, i'm not sure about the cause, what would it be?. Hope i got some helps. Thanks much. BRs,

Resolved! DUO MFA popup twice for approval login GloablProtect

We configured PA 850 firewall to use DUO for GloablProtect MFA. It works. However, we have an issue. In GloablProtect Gateway Configuration>Agent>Client Settings, if I add a user, for example blin. it works fine. If I add a AD OU, for example Employees, the login user will get two DUO aoorval popup twice. From the DUO Authentication, I...

boblin_0-1683769185596.png
boblin_1-1683769394673.png
boblin by L2 Linker
  • 4328 Views
  • 4 replies
  • 0 Likes

Resolved! problem to download files from Dropbox

We have added dropbox.com to OBJECTS>Custom Objects>URL Category. We can login dropbox online. However, can't download files with these errors: .pdf files are supported but something went wrong or There was an error downloading your file. Any help?

boblin by L2 Linker
  • 5377 Views
  • 4 replies
  • 0 Likes

Resolved! Authentication Sequence problem

I configured DUO Proxy for GloablProtect MFA redundancy on our PA 850 firewall using Authentication Sequence. This post shows how I configured: Configure two duo proxy servers for Palo alto firewall MFA redundancy – Net/PC How to (howtonetworking.com) The problem I have is when the top Authentication profile or DUO Proxy server is down, then t...

boblin_1-1683767742215.png
boblin by L2 Linker
  • 4075 Views
  • 2 replies
  • 0 Likes
  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks