Next-Generation Firewall Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

New VPN effects on existing VPNs

I am very new to Palo Alto administration, having been a Checkpoint guy at my previous job. At my new job I am tasked with creating a new IPsec site to site VPN with a vendor on our perimeter firewall. There are already several other VPNs running. My question is, when I set up the new VPN, will it have any effects on currently running processes,...

URL Encording issue

I am using URL Block Page.However, there is a part where the & part appears as %26 in a specific URL. ex. I entered abc.d/&uid=B5C61D407 in the browser, but it appears as URL:abc.d/%26uid=B5C61D407 in the block page. Why is this and what can be done to fix it?

block non decrypt traffic

Hello, I need to know how to block traffic that is not going through decrypt.

migrating ASA to Palo alto with inline deployment

We are planning to migrate firewall from ASA to Palo Alto . Instead of performing hot cutover , we will install the Palo Alto firewall in-line along with existing ASA firewall using virtual wire interface type. Since we have many security zones on ASA and there are policies to allow access between zones, where can i place the new firewall and ...

Attempt accessing the active and/or passive firewalls fails with the error "fork failed: No space left on device"

Dear and valuable Live Community Members, I'm wondering if anyone has an issue when trying to access the MGMT interface off the active and/or passive firewalls and getting the error "fork failed: No space left on device" We were never able to access the firewall and in the end, we rebooted both devices to be able to access the management int...

Post OS Upgrade for PA-5220 from 9.1.4 to 10.2.3-h4 Users Started Experiencing Issues with Accessing MS Office 365 Applications Internally

Hi There, Recently, we upgraded the OS on our PA-5220 from 9.1.4 to 10.2.3-h4. Immediately after we upgraded to 10.2.3-h4 our helpdesk began receiving calls from users reporting that they cannot get logged into MS Office365 Applications, it'll never bring them to the MS prompt to input their Office365 email/password it'll just say "Can't reach...

DNS resolution for management interface not working after upgrade to 10.2.3

Since upgrading our firewalls from 10.2.2-h2 to either 10.2.3 or 10.2.3-h2, any DNS resolution from the management interface is failing. Attempting to ping an FQDN from the CLI results in "ping: cnn.com: System error". I confirmed that the DNS servers configured in Device -> Setup -> Services and the management interface settings in Device...

Dokuments like Ciscos "Forensic Investigation Procedures for First Responder Guides"

Hi, I'm updating our documentation and after switching from ASA to Palo: Is there something comparable to the Ciscos Guides https://blogs.cisco.com/security/new-forensic-investigation-procedures-for-first-responder-guides but for Palos? I can find only self-promotion from unit42... Thanks Thorsten

Trying to connect two separate networks that share the same IP addresses to a third networking using virtual routers and NAT on PA-440

We have a bunch of separate video networks that are separate, but use the same IP address space for each. Each is connected to their own dedicated switches and is attached to a couple of hundred cameras and a DVR. We would like to connect these networks to a Palo PA-440 and use virtual routers to accomplish this. Right now I have only two VRs co...

Resolved! WF

Hi guys, Besides Monitor - Logs - Wildfire Submissions, where else must we check whether Wildfire is working? Thanks All.

Resolved! Antivirus vs WF

Thanks.

Resolved! The mechanism of agentless user-id between firewall and monitored server.

The customer wants to know the query mechanism of agentless user-id. I can see the following description from the documentation. With server monitoring a User-ID agent—either a Windows-based agent running on a domain server in your network, or the PAN-OS integrated User-ID agent running on the firewall—monitors the security event logs for spe...

X-forwarder header does not work when vulnerability profile action changed to block ip

ISSUE REPORTED: unable to block x-forwarder ip when the action is set to block ip in the vulnerability profile------------------------------------------------------------------------------------------------------------------------Discussion,observation, Troubleshooting:-----------------------------------------------------------------------------...

Resolved! Delete Anti-virus update

Hi all, I have a HA cluster in which a trial threat prevention license was activated on active firewall only. Thus on the HA widget i have mismatch on anti virus version. Since it is already expired, in order to bring the firewalls back in sync, I wonder if its safe to delete via CLI the currently installed Anti virus update with the command ...

The allow security policy configured with the app-ID "netbackup" and an "application-default" as a service doesn't work correctly.

Dear and valuable Live Community Members, I have a problem understanding the below-described behavior in regard to the security policy used in the firewall: We have a firewall policy configured to allow NetBackup traffic, but if we configure it by setting the "Application" tab to "netbackup", it often doesn't work (the behavior is random). ...

Discussions