This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

EDL - Access Log

HI, I have two EDLs that point to the same server but to different pages.The pages contain domain records.EDL -XEDL-Y The problem is that once there is access to a domain from the EDL'S , the Log monitor (threat) always shows access to EDL X even though the domain is from EDL Y ? Does anyone know the issue? Firewall, Panorama,

M.Galler by L0 Member
  • 934 Views
  • 0 replies
  • 0 Likes

Lost NGFW PA CLI superuser password

Hello. I have a question and I don't know if someone could help me with it. I have 2 users on the Palo Alto firewall is a PA220 One of them that CLI superuser and I don't remember the password The other one I have access to is admindevice but it won't let me create users via the GUI I have tried to take a copy of the firewall configuration,...

ccortijo by L2 Linker
  • 2336 Views
  • 4 replies
  • 0 Likes

PA-3430 Oracle Session Drop

We have multiple application servers that need to go through the firewall to access different oracle database servers, but after the recent replacement of the PA-3430, one of the application servers accessing the Oracle database session is unstable, and the other application server accesses other Oracle database servers through the firewall. Suc...

Global Protect Satellite over 2 ISP's

Hi, We have multiple branches connecting to a data center via Global Protect satellite connections. This works perfectly fine. We've now started installing redundant Internet links but I'm experiening issues with the GP Satellite config. Obviously, when you configure the Satellite IPSec tunnel, you need to specify the interface from which you...

rudiGQ by L0 Member
  • 1855 Views
  • 1 replies
  • 0 Likes

Resolved! Can't define Forward Trust certificate

Hello, We have a new firewall, PA-460 model. The panos version is 10.2.4-h2. I have a problem for define the Forward Trust certificate for the decryption. The certificate i want to declare for Forward trust is a root certificate of our domain. I import the certificate with is private key in pkcs12. When i check the case "Forward Trust Certifi...

CHARRIER by L2 Linker
  • 3593 Views
  • 5 replies
  • 0 Likes

Allowing only low-risk of a url category

Hello everyone, I have a requirement to adjust security policies in a way that only "white list" logic is enabled, and for one specific rule I have to allow only the low-risk category of given url category, for example training-and-tools, and not high-risk and medium-risk. However, the rule should not block the medium and high risk of trainin...

Shams.G by L0 Member
  • 3450 Views
  • 3 replies
  • 0 Likes

BGP peeering

Trying to setup a Two BGP session with 2 separate routers that provide internet access.The 3 devices (PA, router1 and router2) share the same network 10.9.9.0/25.BGP session 1 : PA <--> Router1BGP Session 2: PA <--> Router2the two sessions seems working fine when activating them individually, however when trying to establish the 2 se...

Resolved! UserID to be used in security policy - FW not offering user/group list

Hi, I have problem with User-ID not being selectable when creating/editing security policy rule. Setup is as followed: branch firewalls connected to Panorama Firewall 3400 with 10.2.4 software LDAP server configured Authentication profile configured Included groups in "user identification" configured User-ID configured (i am seeing domain\u...

szi7443 by L1 Bithead
  • 3331 Views
  • 5 replies
  • 0 Likes

Can we create a rule to match only the selected application without selecting WEb-Browsing dependency

Dear All, I need a community advice, we are migrating all our Firewalls from Checkpoint to Palo Alto. First Palo Alto was implemented 2 weeks ago, a PA 3420 version 10.2.4-h2 We are trying to transform the imported rules into Palo alto style. For example I want to create a rule to allow only access to "TeamViewer" application for some comput...

Resolved! GlobalProtect Portal provides 404 message

Best regards Team We upgraded a 3250 device from version 10.1.10 to version 10.2.4-h2. Once we performed the update, a problem arose with the GLobal Protetc portal, since if we look for it in the browser the message provided is 404 not found (see image). However, the ping to the portal is successful, likewise, if users try to connect from the VP...

Resolved! Flat Network across PA-415

Hello All, I have spent ages and days and a few weeks setting up a PA-415 to work with a group of LAN ports into one network set into a VLAN configuration using the on-board DHCP server. One of the engineers in this forum assisted me extensively and helped me build the settings. I found this idea/solution in this community and the only way to gr...

Ghost session after VPN down/up

Hello, I have an issue with many sites working with PA440 series. When the tunnel VPN fail down and comes up, some devices like printers, phones and access point can't connect normally to the network until that we clear old session related to the affected device. In printer we have job blocked and offline, access point also offline. Once we cl...

Mamoudou by L2 Linker
  • 2457 Views
  • 2 replies
  • 0 Likes

Question about REST API in PAN OS

Hi everyone, I have a question about REST API in PAN OS. 1. When a query is generated using rest api in pan os, what is the process/daemon that handles this task? And how can I check it (from CLI or GUI)? 2. How many CPU/memory resources are consumed (used) when processing REST API queries? 3. If I want to use REST API, what should I con...

  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks