This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4551 Views
  • 0 replies
  • 1 Likes

Path Monitoring - latency

I'm not using PAN SD-WAN. I have static route path monitoring configured for multiple ISPs. If pings fail, the path goes down as expected. If the pings succeed, but latency is abnormally high, the path stays up. How can I set a latency threshold? Ideally, I'd have a threshold for each monitored path such as 10ms for the next hop and 200ms ...

PAN-DB URL Filter expired even if Advanced URL filtering is still valid

I purchased service bundle for my PA firewall, PAN-PA-220-BND-LAB4-R, which includes PA-220 Lab Unit Renewal Service Bundle (Threat Prevention, DNS, PANDB URL Filtering, GlobalProtect, WildFire, SD-WAN, Standard Support) Period. After activation, I retrieve the license key from the license server, I found the Advanced URL Filtering is valid u...

sysint by L0 Member
  • 2752 Views
  • 1 replies
  • 0 Likes

PA 3260 Policy Rule losing DNS resolution to FQDN-defined site - 4.19.23

We have a policy rule that contains an FQDN-defined website destination (yandr.wiredrive.com). When initially configured to pass traffic to required cloud-based resources, DNS resolution to the wiredrive.com site would happen regularly, usually after an hour or so. A Palo Alto knowledgebase article about the Fast-DNS caching used by cloud-based ...

getting system alerts

Hi Team, frequently we were getting system alerts as " PANDB: Authentication or Client Certificate failure" after restarted the management server we didn't get error for PANDB, but now we are getting " failed to resolve host wildfire paloaltonetwork.com" kindly help me to resolve this case and please let me know why we got PANDB error ...

sujithGovindaraj_0-1681716245223.png

DNS Proxy

Hey, i am configuring an isolated Vlan and i need some static DNS entries to be "supplied" to the clients instead exposing our internal dns servers. i thought about using the DNS Proxy feature, but i seam to be stucked. 1) when DNS Proxy is enabled, is it enabled across all interfaces and if a client configure the FW's IP as a DNS the PA shoul...

DorMarcovitch_0-1681807912675.png
DorMarcovitch_1-1681808292449.png

Cannot see an option to select the management interface for HA1 backup link - PAN-OS 10.2.4

I'm trying to configure HA Active/Passive on a pair of PA-5410's running PAN-OS 10.2.4. I'd like to use the dedicated HA1-A port for the primary HA1 link and the management interface for the HA1 backup link but I cannot see an option to select the management interface for HA1 backup link.

Proxy ARP for Private VLAN?

Is there a 'proxy arp' interface command (or equivalent) to allow l3 communication between isolated devices on private VLANs? I am looking to move our DMZ to a private VLAN. I would like all ports to be isolated, but allow some communication between certain machines. This is where I would generally set up 'proxy arp' on the router to allow l3 ...

BackUp Firewalls

Hi Team, What is the best solution to Backup our firewalls? As we have standalone firewalls we need to make sure we have backup collected and stored. Please let me know the best way. Thanks. Regards, Sanjay S

X-Forwarded-For on Threats logs

what`s mean below article? https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/policy/identify-users-connected-through-a-proxy-server/use-xff-values-for-ip-based-security-policy-and-logging For non-URL Filtering logs, XFF IP logging is supported only when packet capture is not enabled.-->> It mean that XFF ip is visible only whe...

Palo Alto Service Route config for Dynamic Update/Wildfire/IPS

Hi, What service source interface I need to change for IPS /Dynamic/Wildfire Update ? We want to configure custom interface instead of Management interface.Now I've configured custom source interface for "External Dynamic Lists" and "URL Updates" but the system still using management interface for IPS and Wildfire Update. Do I need to change sou...

EvanRaci_0-1681107358954.png
EvanRaci by L1 Bithead
  • 2719 Views
  • 2 replies
  • 0 Likes

IP Block List Feeds

We're looking to add a dynamic block list rather than manually blocking bad IP's as we find them. I understand that Palo Alto comes with one or more of these feeds, do we know how often they are updated?Asking for a friend.

Resolved! Global Protect VPN User did Not Sign Out Automatically after Disconnected

Hi All, After we connected GlobalProtect VPN, the GlobalProtect Client App is not asking for username and password again for the next login. We need to manually sign out from GlobalProtect Client to completely logout the user. Is it normal for GlobalProtect Client App to still Sign in even after disconnected? Are there any way to configure at P...

EvanRaci_0-1680621682641.png
EvanRaci by L1 Bithead
  • 3595 Views
  • 1 replies
  • 0 Likes

how to stop sending duplicate user-ip-mapping by xmlapi

hello..we are using UIA and ClearPass (login/loginout type) to get user-ip-mapping. the issue is Palo Alto firewall is receiving duplicate user-ip-mapping. user-A (using) : 192.168.1.100 receiving from User ID Agent correctly. user-B(not using): 192.168.1.100 receving from XMLAPI incorrectly. user-B ip-user-mapping is sending periodically 45 min...

zinkt101 by L1 Bithead
  • 2326 Views
  • 2 replies
  • 0 Likes
  • 1588 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks