This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4560 Views
  • 0 replies
  • 1 Likes

Firewall servicing as UserID Client - limit

Good Morning, Searching for a PA doc I found a while back and my google-fu is failing me. Looking for the documented limit of clients who can connect to a PanOS device acting as a redistribution agent. I'm positive I saw 1000 at one point a few years ago, but unable to find it again. Command query to see current CLIENTs firewall 1000 is ac...

After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info     general        general 0  Received conflicting ARP on interf

After an upgrade to version 10.2.3 h4 I got this message: 2023/03/08 20:52:23 info general general 0 Received conflicting ARP on interface ethernet1/4 indicating duplicate IP 172.16.0.1, sender mac 00:50:56:92:cd:0c And this address is for the other peer . The firewall is a VM300

No DPD message while peer tunnel is down

Problems with IPSEC VPN tunnel between PAN FW PLWALFWxx and the BlueCoat datacenters (Amsterdam, Frankfurt) DPD does not seem to work. Extra Information: PLWALFW = PANOS 10.2.2.h2 INTERNET FW = PANOS 8.1.x We have IPSEC tunnels between our PAN FW and BlueCoat Datacenters. BlueCoat were doing maintenance on their datapods last week. DPD on ...

Resolved! Allowed SSL traffic reporting as policy-deny

We have a decryption rule to allow user internet access over SSL. Access to LinkedIn was working until 2 days back we started getting certificate error with validity expired. All users accessing the internet use the same CA signed certificate with no issues. I have attached the logs showing access permitted but the session end reason is policy-...

How to Test a Vulnerability Protection Rule

Hello Everyone, I have a use case that I’m trying to test in a lab, but I can’t figure out how to perform the test, and I’m looking for guidance. My use case is to drop traffic if the firewall detects certain CVE vulnerabilities in the traffic. My question is, how can I actually test this if my test endpoint is not vulnerable, or I do not know...

LDAP Integration with Redhat IPA in Palo Alto Firewall

Dear Teammate, How can I integrate with the LDAP feature of RedHat (IDM) IPA server authentication on Palo Alto Firewall, I tried to configure in Palo Alto LDAP configuration setting as the documents reference by official site but it's not working, Palo Alto to IPA Server is reachable connection and related port are already open in RedHat and ...

Certificate

I have two expired certificates that have expired. I am new to the position so i am still learning how everything is setup here. We have 4 total certificates. Two of which are expired. One of the active certificates is for our VPN but I am not sure what the other 3 are used for. Can you help pls. I am trying to figure out if I need to renew the ...

hmrjason by L0 Member
  • 1655 Views
  • 2 replies
  • 0 Likes

Integrating 3rd Party feeds in Palo Alto firewall for blocking IOC's

We would like to know if we can integrate 3rd Party feeds in Palo Alto firewall for blocking IOC's automatically. Generally we seen people integrate Open Source threat intel with SIEM etc with Virus total and IBM Xforce xchange https://www.dshield.org/block.txthttps://blocklist.greensnow.co/greensnow.txtOpen source threat intel to block IOC's au...

Resolved! 802.3bz multi-gig 2.5

march2023 and 802.3bz devices are arriving from ISPs, (eg comcast CGA4332COM) where is the compatibility/forecast/roadmap from PAN? After searching high and low i found zero content from PAN on this topic... if you have info post here and share with other members. https://en.wikipedia.org/wiki/2.5GBASE-T_and_5GBASE-T

Resolved! User ID (with Windows Agent) not working

Hi, we set up User ID based on these docs: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent Konfiguration and installation is working: - the agent installed on serve...

Resolved! Can we use 10GbE SFP+ on PA-3220 to connect directly to NetApp SAN over optical connection

Hey all. We're kind of in a bind. We procured a NetApp AFF A220 SAN that only have 10GbE optical transceivers for data access. We have no network hardware (no fabric or network switch) that support 10 gigabit except potentially our PA-3220 that have 4 x SFP+ ports capable of 10GbE. Is it possible to connect the SAN directly to the SFP+ ports o...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks