Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4638 Views
  • 0 replies
  • 1 Likes

Resolved! HA on a PA-450 using Strata Cloud Manager

I’m attempting to configure active/passive HA on a PA-450 using Strata Cloud Manager as per this guide: https://docs.paloaltonetworks.com/ngfw/administration/high-availability/set-up-activepassive-ha/configure-active-passive-ha I’m aware a PA-450 doesn’t have dedicated HA ports, however when using Panorama I can set Eth1/7 & Eth1/8 to HA mod...

JamesWoodhouse1_0-1724423694145.png
JamesWoodhouse1_1-1724423694146.png
JamesWoodhouse1_2-1724423694148.png

Max number of units (aeX.Y subinterfaces) supported under a single AE interface?

Hi Team, I’m looking to confirm the maximum number of units (aeX.Y subinterfaces) that can be configured under a single Aggregate Ethernet (AE) interface on Palo Alto firewalls. Specifically for models like PA-440,PA-450, PA-820, and PA-850, and across recent PAN-OS versions: • What is the hard platform limit for aeX.Y units per AE?• Are there a...

VivekMs by L1 Bithead
  • 2429 Views
  • 2 replies
  • 0 Likes

Strange IP exiting our network and erasing its logs

Hi everyone! Good Afternoon, I'm from Brazil, and my organization have two appliances PA 3220 in HA. This morning we've noticed some suspicious traffic exiting our network with IPv6 ::b638:2a0a:ffff:0 (for example), there was more than one those IPv6. The payload was huge, something about 4.2GB. This can be an exfiltration data attack? Could ...

UNIRIO by L1 Bithead
  • 3102 Views
  • 2 replies
  • 0 Likes

Palo Alto for email security

Hi All, I would like to inquire whether Palo Alto Networks provides an on-premises email security solution. Specifically, we are looking for a product or platform that can handle email threat prevention, anti-phishing, and malware detection within our local infrastructure, rather than a cloud-based service.Could you please share information abou...

PAN-OS 10.2.17 HA A/P - Mgt interface reported as duplicate IP of data interface

After installing PAN-OS 10.2.17 to a PA-440 HA A/P pair ( to address - CVE-2025-4615 PAN-OS: Improper Neutralization of Input in the Management Web Interface . ) 'duplicate IP' system logs reported where the stated MAC address appears to be the fw mgt interface. This is reported as a duplicate of the 'facing' data interface. Example: Received c...

Azure to OnPrem Connectivity issue

We have migrated our on-premises firewall from FortiGate to Palo Alto and are experiencing an issue with VPN traffic routing that previously worked as expected. We have an Azure Point-to-Site (P2S) VPN and an Azure-to-Corporate Site-to-Site (S2S) VPN. A P2S client with IP address 10.40.1.2 is unable to access resources on the Corporate LAN (19...

H.Thiam by L2 Linker
  • 4996 Views
  • 2 replies
  • 0 Likes

Resolved! No ping response from AAD

I have a rule in Palo Alto PA 440 running 11.2.6 to allow 'any' to Azure AD. I see only DNS responses from Azure AD. For ping and LDAP packets received is zero. The traffic is hitting the right rule though. I did a packet capture I don't see ping request on the transmit stage on the firewall. Ping and LDAP working from another site. How do I fix...

Website unreachable

hi my customer got an issue regarding palo alto. This issue happens thismorning, no changes was done beforehand. The website was still accessibleyesterday until this morning. We have done a few testingsas per below. Office LAN users – Notaccessible Bypass website’s Public IP– Not accessible Bypass website URL – Notaccessible Wi-Fi users – Acce...

Palo Alto PA-850 Login Issue After Power Shutdown — Request for Guidance

Hi all,I’m currently dealing with a login issue on a Palo Alto PA-850 firewall after a scheduled power shutdown. Here's the situation:The firewall was shut down prior to the outageAfter powering it back on, I can ping the firewall's IP address and see network traffic flow normally.However, I’m unable to log in via:Web UI (receives "incorrect use...

Question about Wildfire signature updates in Palo Alto Active-Passive mode.

Hi, Currently, the customer has a configuration where signature updates are performed on the passive device and then synchronized with the active device.In this configuration, is it appropriate to perform signature updates on the active device?Or what are the recommended settings for Palo Alto Active-Passive Mode? Thank you.

Palo Alto to Azure vpn tunnel fails at random

We installed a PA 3440 at a customer site which is being used to create a VPN tunnel with Azure. Two links have been configured in fail over mode (currently manual). The VPN tunnel fails randomly and needs to be rest manually. we have raised the case with PA who are struggling with logs since last 2 weeks without a fix. Basic configuration of...

  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors