This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

PBF based on URL Filtering/Application

hi everyone, We have a PBF Rule allow all internal users to internet via our ISP1. And I want to create another PBF rule on top of the above PBF rule to allow Instagram application traffic towards ISP2? I look through the below KB but it is not doable: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clq1CAC So i wan...

LeoLion by L0 Member
  • 3242 Views
  • 5 replies
  • 0 Likes

URL Category behavior with rule match condition question

I came across behavior that confused and concerned me recently. I had a test rule with the following conditions set: Source Zone (LAN) Source user Destination Zone (WAN) Application (ANY) URL Category (not in Profile/Action section, but in Service/URL section) I was under the understanding that the URL Category is part of the match condition ...

Traffic: Logs and Indexes and Current Retention

Found our that our FW1 only able to keep 4 days of traffic logs but took more space than FW02 which able to log up to 15 days ( previously FW2 in active for around 2 weeks+) FW01 FW02 Disk usage: traffic: Logs and Indexes: 34G Current Retention: 4 days threat: Logs and Indexes: 18G Current Retention: 6 days system: Logs and Indexes...

LDAPS TLS Handshake Failure

Hello, I upgraded one of our PA devices from 10.1.9 to 10.2.4-h4. LDAPS was configured to access and gather user's info from DC. But it stoped working after upgrade. I captured traffic and saw following error - TLS Handshake Failure. I know that starting version 10.2 Palo Alto Networks has changed requrements for certificates. I checked ours and...

m0tash by L1 Bithead
  • 3574 Views
  • 4 replies
  • 0 Likes

URL Filtering Category level (Streaming Media ) Blocking or Custom Blocking is not working for Youtube.

Palo Alto URL Filtering allows blocked URL categories if one keep refreshing the page. The issue is particularly seen with Youtube.com. We have blocked Streaming Media category and Custom URL to block youtube.com. However the web page is opened after multiple refresh. URL Filtering monitoring logs shows traffic is blocked .However we can access ...

Resolved! Web access issue

One URL does not access on browser, it shows error timed out. PA-3220 we are using. 1. Create one test rule - Where you allow everything for one source only. 2. Clone the test rule and deny the "Quic" application there and put it above the test rule. But it is not working. please help me for this

Advanced WildFire Inline ML - Processing Flow

Does anyone know where in this processing flow does Advanced WildFire Inline ML take place. It would be before the file is sent to WildFire Cloud but would the file be inspected before or after checking the file size? Also, are email links inspected by Advanced WildFire Inline ML? From my understanding email links use dynamic analysis in Wil...

WildFire Flow Diagram.png
John_J by L1 Bithead
  • 2236 Views
  • 1 replies
  • 0 Likes

PA-200 to PA-440 running-config migration

Is it possible to migrate a running-config from a PA-200 to PA-440 smoothly or would we have to manually configure some settings? First issue is that the PA-200 is using PAN-OS version 8.x whilst the PA-440 is using PAN-OS 10.1, meaning we would likely have to use expedition based on research, correct? Secondly seeing that the PA-200 has 4 p...

Main features that separate 10.1.6 from 10.2.4-h2.

Hello All, I currently use 10.1.6 firewall/panorama, and I intend to upgrade every aspect of our infrastructure to 10.2.4-h2 (the preferred version, according to tac).I want to know the main features that separate 10.1.6 from 10.2.4-h2. Additionally, I need to know how the WEB UI would change if we upgrade from 10.1 to 10.2 because when PANO...

Connectivity between hubs in NGFW SDWAN

When building an NGFW SDWAN hub-spoke network, SDWAN tunnels are not built between hubs. I was thinking of 2 options: 1) Manually building two tunnels between the hubs and put them in an SDWAN bundle myself, along with the rest of the SDWAN config (static routes to loopbacks over the SDWAN bundle, BGP Peering). Do you foresee any issues with t...

BBartik by L2 Linker
  • 2479 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks