This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4559 Views
  • 0 replies
  • 1 Likes

Resolved! Name: Virus/Win32.WGeneric.esxxcl Unique Threat ID: 752597582

Name: Virus/Win32.WGeneric.esxxcl Unique Threat ID: 752597582 Create Time: 2025-11-25 08:01:27 (UTC) Status: active In Current Release: Yes Last Release: 5426 (2026-01-08 UTC) First Release: 5383 (2025-11-26 UTC)f9b8df8703b2651ce97c11692dd5c722e621ac5e11a148993af317018189c8c5 We received a palo alto alert like this: The specified threat cannot b...

bgrsmn by L0 Member
  • 5816 Views
  • 1 replies
  • 0 Likes

AI for FW management

Hey Guys, We are using PA firewalls in our DCs. A lot of focus in our organisation (like everywhere) is on use of AI. So I was wondering how are you guys leveraging AI in Firewall Management? Are you using it for any policy cleanup, shadow rules identification or simply automating firewall configuration push? There are a lot of examples that AI...

PAFWNoob by L1 Bithead
  • 2136 Views
  • 1 replies
  • 0 Likes

ChatGPT User-ID, AD and IP mapping issue

There is an issue with Palo Alto firewall which has to do with user IP mapping and AD. User is grated access via policy in the format source-user = corp\employee. After that's done, the user works fine today accessing ChatGPT but then the user is not able to use chatgpt the next day after working fine the day before. What is the problem? Any in...

Conditional Advertisement / BGP Failover with Dual ISP — How to Remove ISP1 Routes on Internet Loss?

Hi all, I’m running a dual-ISP setup on a PA with BGP to ISP1 and ISP2. My goal is: Monitor ISP1 default route / Internet reachability. If ISP1 becomes unusable, I want all traffic to fail over to ISP2. I am advertising an IP pool to both ISP1 and ISP2 for incoming traffic, with AS-path prepending applied to ISP2 so that incoming traffic ...

Resolved! Palo Alto Networks PA- 450 Next‑Generation Firewall to maintain uninterrupted BSNL SIP trunk services in the event of a primary internet link failure.

Please provide comprehensive and step‑by‑step instructions for configuring a Palo Alto Networks PA- 450 Next‑Generation Firewall to maintain uninterrupted BSNL SIP trunk services in the event of a primary internet link failure. The BSNL SIP Trunk Server which is on cloud having a static IP of 117.198.215.109 & BSNL SIP trunk is presently bou...

Resolved! Request for VPN Capability Enhancement on Palo Alto Networks Firewalls

We respectfully request the addition and native support of Layer 2 and Layer 3 VPN technologies, specifically OpenVPN, SoftEther VPN, and WireGuard VPN, including both server and client functionalities, across all Palo Alto Networks Next-Generation Firewall platforms.The availability of these VPN solutions would significantly improve secure conn...

Pan-OS Dev Corner

Hi Everyone, I wanted to share my project that reduces MTTR for admins who actively use the CLI terminal. While studying Palo Alto Networks NGFWs at my college as a student, I noticed how much time I was spending manually running and parsing CLI commands and realizing how slow Panorama can be at times. I decided to build a "cockpit" to automate ...

Resolved! How to create a support case without a TCF file

Hi all, dont know if the right board. I'm trying to lodge a case with PAN support, but they are wanting a TCF file. The problem is that the device in question is in a broken state. We took the device out of the box, attempted to disable ZTP; the device rebooted, and never finished "rebooting". It got stuck in a boot loop, and eventually corrupte...

PA-440 won't talk via network

Good morning, all! My lab PA-440 threw a weird on at me this week. When I tried to add it to a new SNMP server (Observium) the firewall stopped talking on the web interface and wouldn't respond to pings to the management IP. After some rather involved troubleshooting I found that the filesystem has been corrupted. After some intense rebooting a...

PA440でのDHCPv6-PDでのIP配布について

PA440でのIPv6環境でのシステム構築を実施予定です。 構成としてはWAN(2本) --- PA(HA) --- L3SW(stack) --- L2SW --- デバイスとなり、全て動的なIPv6での環境となります。 回線はフレッツ光クロスとStarlinkになり、各ISPからIPoE回線でのDHCPv6-PDでのIP配布となります。 上記の構成はPA440で実現可能でしょうか。 配下の機器にはPDでの委任もしくはRAでの配布を想定しております。

Activate ECMP without trafic disruption

Hello, I wouldlike to enable ECMP on one HA pair. I read that the process will restart and can lead to trafic disuptions. I was wondering if i could do the following in order to avoid disruptions : Disable config sync. Doing the modification on my passive firewall. Wait that the process restart etc. Force HA failover on the standby member with...

High Data Plane Utilization During Business Hours

Hello, We are experiencing an issue that is becoming hard to isolate, our end users noticed network slowness about a few days ago. During Isolation and investigation it led us to our NGFW PA-3260's. This causing extremely High latency when reaching out from our Inside to Internet interfaces. Resource utilization (%) during last 24 h...

HungTrinh_0-1763749511805.png

NGFW admin account is locked. What should I do?

Hello all, I received a report that I couldn't log in to my GP account. Upon checking my firewall, I discovered that the admin account was also locked, blocking GUI/CLI access. Q1. Is there a connection between the GP account and the admin account being locked? Q2. I reverted to the previous settings, but the issue persisted. Is a factory re...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks