This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4592 Views
  • 0 replies
  • 1 Likes

Resolved! The mechanism of agentless user-id between firewall and monitored server.

The customer wants to know the query mechanism of agentless user-id. I can see the following description from the documentation. With server monitoring a User-ID agent—either a Windows-based agent running on a domain server in your network, or the PAN-OS integrated User-ID agent running on the firewall—monitors the security event logs for spe...

wxiao by L2 Linker
  • 3044 Views
  • 1 replies
  • 0 Likes

X-forwarder header does not work when vulnerability profile action changed to block ip

ISSUE REPORTED: unable to block x-forwarder ip when the action is set to block ip in the vulnerability profile------------------------------------------------------------------------------------------------------------------------Discussion,observation, Troubleshooting:-----------------------------------------------------------------------------...

Resolved! Delete Anti-virus update

Hi all, I have a HA cluster in which a trial threat prevention license was activated on active firewall only. Thus on the HA widget i have mismatch on anti virus version. Since it is already expired, in order to bring the firewalls back in sync, I wonder if its safe to delete via CLI the currently installed Anti virus update with the command ...

The allow security policy configured with the app-ID "netbackup" and an "application-default" as a service doesn't work correctly.

Dear and valuable Live Community Members, I have a problem understanding the below-described behavior in regard to the security policy used in the firewall: We have a firewall policy configured to allow NetBackup traffic, but if we configure it by setting the "Application" tab to "netbackup", it often doesn't work (the behavior is random). ...

image001.png
Standard Ports_netbackup.PNG

Resolved! Firewall cloning for DR

Hello, I have a Panorama that manage 2 cluster. Each one have a dedicated Device-Group and Template. Now the cluster 2 must be recycled as a DR of the cluster 1. My idea is to reassign the cluster 2 to the same DG and Templ of the cluster 1. Should works, right? As far as I know if I move the cluster 2 on the same DG/templ the Panorama "add" th...

Path Monitoring - latency

I'm not using PAN SD-WAN. I have static route path monitoring configured for multiple ISPs. If pings fail, the path goes down as expected. If the pings succeed, but latency is abnormally high, the path stays up. How can I set a latency threshold? Ideally, I'd have a threshold for each monitored path such as 10ms for the next hop and 200ms ...

PAN-DB URL Filter expired even if Advanced URL filtering is still valid

I purchased service bundle for my PA firewall, PAN-PA-220-BND-LAB4-R, which includes PA-220 Lab Unit Renewal Service Bundle (Threat Prevention, DNS, PANDB URL Filtering, GlobalProtect, WildFire, SD-WAN, Standard Support) Period. After activation, I retrieve the license key from the license server, I found the Advanced URL Filtering is valid u...

sysint by L0 Member
  • 2793 Views
  • 1 replies
  • 0 Likes

PA 3260 Policy Rule losing DNS resolution to FQDN-defined site - 4.19.23

We have a policy rule that contains an FQDN-defined website destination (yandr.wiredrive.com). When initially configured to pass traffic to required cloud-based resources, DNS resolution to the wiredrive.com site would happen regularly, usually after an hour or so. A Palo Alto knowledgebase article about the Fast-DNS caching used by cloud-based ...

getting system alerts

Hi Team, frequently we were getting system alerts as " PANDB: Authentication or Client Certificate failure" after restarted the management server we didn't get error for PANDB, but now we are getting " failed to resolve host wildfire paloaltonetwork.com" kindly help me to resolve this case and please let me know why we got PANDB error ...

sujithGovindaraj_0-1681716245223.png

DNS Proxy

Hey, i am configuring an isolated Vlan and i need some static DNS entries to be "supplied" to the clients instead exposing our internal dns servers. i thought about using the DNS Proxy feature, but i seam to be stucked. 1) when DNS Proxy is enabled, is it enabled across all interfaces and if a client configure the FW's IP as a DNS the PA shoul...

DorMarcovitch_0-1681807912675.png
DorMarcovitch_1-1681808292449.png

Cannot see an option to select the management interface for HA1 backup link - PAN-OS 10.2.4

I'm trying to configure HA Active/Passive on a pair of PA-5410's running PAN-OS 10.2.4. I'd like to use the dedicated HA1-A port for the primary HA1 link and the management interface for the HA1 backup link but I cannot see an option to select the management interface for HA1 backup link.

Proxy ARP for Private VLAN?

Is there a 'proxy arp' interface command (or equivalent) to allow l3 communication between isolated devices on private VLANs? I am looking to move our DMZ to a private VLAN. I would like all ports to be isolated, but allow some communication between certain machines. This is where I would generally set up 'proxy arp' on the router to allow l3 ...

BackUp Firewalls

Hi Team, What is the best solution to Backup our firewalls? As we have standalone firewalls we need to make sure we have backup collected and stored. Please let me know the best way. Thanks. Regards, Sanjay S

X-Forwarded-For on Threats logs

what`s mean below article? https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/use-xff-values-for-ip-based-security-policy-and-logging For non-URL Filtering logs, XFF IP logging is supported only when packet capture is not enabled.-->> It mean that XFF ip is visible only whe...

  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks