This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4516 Views
  • 0 replies
  • 1 Likes

PA440でのDHCPv6-PDでのIP配布について

PA440でのIPv6環境でのシステム構築を実施予定です。 構成としてはWAN(2本) --- PA(HA) --- L3SW(stack) --- L2SW --- デバイスとなり、全て動的なIPv6での環境となります。 回線はフレッツ光クロスとStarlinkになり、各ISPからIPoE回線でのDHCPv6-PDでのIP配布となります。 上記の構成はPA440で実現可能でしょうか。 配下の機器にはPDでの委任もしくはRAでの配布を想定しております。

Activate ECMP without trafic disruption

Hello, I wouldlike to enable ECMP on one HA pair. I read that the process will restart and can lead to trafic disuptions. I was wondering if i could do the following in order to avoid disruptions : Disable config sync. Doing the modification on my passive firewall. Wait that the process restart etc. Force HA failover on the standby member with...

High Data Plane Utilization During Business Hours

Hello, We are experiencing an issue that is becoming hard to isolate, our end users noticed network slowness about a few days ago. During Isolation and investigation it led us to our NGFW PA-3260's. This causing extremely High latency when reaching out from our Inside to Internet interfaces. Resource utilization (%) during last 24 h...

HungTrinh_0-1763749511805.png

NGFW admin account is locked. What should I do?

Hello all, I received a report that I couldn't log in to my GP account. Upon checking my firewall, I discovered that the admin account was also locked, blocking GUI/CLI access. Q1. Is there a connection between the GP account and the admin account being locked? Q2. I reverted to the previous settings, but the issue persisted. Is a factory re...

Resolved! Cannot Access Global Protect Portal

Good Morning , I am currently working on implementing Global Protect with Duo SSO integration for user authentication . Although all the following configuration elements appear to be in place I am getting the following error message when attempting to access the portal . Can you please advise what may be going wrong her e? Thank you in ...

HThiam_0-1765312272753.png
H.Thiam by L2 Linker
  • 1983 Views
  • 2 replies
  • 0 Likes

Regarding the Operational Specifications for HA Mode

I am reviewing the operational specifications for HA mode. Could you please clarify the following points? <Device Information>Model: PA-3420 (2-unit HA configuration)OS Version: 11.1.6-h10Interface Information: Onboard (2 ports), Optical SFP10G (3 ports)HA Ports: HA1-A,B     HA2 Eth1/21,1/22 (Optical SFP10G) Please confirm whether my u...

n-tomo by L2 Linker
  • 851 Views
  • 3 replies
  • 0 Likes

Tunnel Monitoring

Hello Team, I have two ISP for site A and site B. we have configured tunnel.1,2,3,4. for all the tunnels i configured tunnel monitoring for failover. My primary tunnel is up and working fine. However, all the backup tunnels are down the tunnel status are showing red. anyone tell me is this expected?

jhussain1_0-1765985998674.png
jhussain1_1-1765991082868.png

web file blocking

Hello Community,We are trying to implement file upload/download blocking for W-Web in our environment using a Palo Alto firewall.Current setup:SSL Forward Proxy decryption is enabled.A decryption certificate has been created on the firewall and installed in the Trusted Root Certification Authorities store on client machines.Security policy and F...

Deepa_D by L0 Member
  • 3592 Views
  • 2 replies
  • 0 Likes

Resolved! Inquiry Regarding Publishing Custom Third-Party IOC Feed via EDL Hosting Service

Hello Palo Alto Team,We are exploring the possibility of integrating a third-party threat intelligence feed (Google Threat Intelligence) into Palo Alto Networks firewalls using External Dynamic Lists (EDLs). While reviewing Palo Alto documentation, we noted the following and would appreciate clarification:BackgroundBased on the documentation, st...

GlobalProtect enforcer exceptions not staying in registry

We have GlobalProtect with "Enforce GlobalProtect" enabled and a set of IP and FQDN exclusions. Additionally, the captive portal exception timeout is configured to 900 seconds. However, we’ve encountered an issue when users are connected to GlobalProtect, put their laptop to sleep, and then travel to a different location (e.g., a hotel). Upon wa...

Jagdeep1 by L2 Linker
  • 1626 Views
  • 3 replies
  • 0 Likes
  • 1795 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks