This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4593 Views
  • 0 replies
  • 1 Likes

Resolved! 802.3bz multi-gig 2.5

march2023 and 802.3bz devices are arriving from ISPs, (eg comcast CGA4332COM) where is the compatibility/forecast/roadmap from PAN? After searching high and low i found zero content from PAN on this topic... if you have info post here and share with other members. https://en.wikipedia.org/wiki/2.5GBASE-T_and_5GBASE-T

Resolved! User ID (with Windows Agent) not working

Hi, we set up User ID based on these docs: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRyCAK https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/user-id/map-ip-addresses-to-users/configure-user-mapping-using-the-windows-user-id-agent Konfiguration and installation is working: - the agent installed on serve...

Resolved! Can we use 10GbE SFP+ on PA-3220 to connect directly to NetApp SAN over optical connection

Hey all. We're kind of in a bind. We procured a NetApp AFF A220 SAN that only have 10GbE optical transceivers for data access. We have no network hardware (no fabric or network switch) that support 10 gigabit except potentially our PA-3220 that have 4 x SFP+ ports capable of 10GbE. Is it possible to connect the SAN directly to the SFP+ ports o...

Resolved! App ID base load balancing dual isp

Hi, I have 2 ISP links failover mode. I wants Lan users Apps base traffic forwarding . For example all users whatsapp and instragam traffic forwarding backup isp path, and others content will passing primary path. Is it possible to forwarding if possible what is the procedure.

Resolved! Problems with URL-DB (it's missing!)

Hi! We've been having on going issues after an upgrade (since downgraded) with our standby firewall - when made live it only functioned at about 10% (i.e. most legitimate traffic was blocked for one reason or another). We fixed an issue with DNS resolution - apparently the domain string being present broke DNS resolution(!), but there remains ...

Block File upload on facebook Messager and instagram

I get a request to allow users to access facebook and allow users to use text chat and comment only. If users want to upload or send files, the firewall has to block them. Instagram as well, does not allow users to upload anything, but they can log in view, and comment. I have configured SSL Description, created a policy to allow facebook-chat...

PAN-OS XML API filtering question

Does the PAN-OS XML API for Global Protect previous users have a time filter option? I didn't see one documented. This query returns all previous users in the firewalls logs, but really I just want the last hour: https://<firewall _address>/api/?type=op&cmd=<show><global-protect-gateway><previous-user/></global-pr...

mgreer by L1 Bithead
  • 1800 Views
  • 1 replies
  • 0 Likes

URL Filtering Categorisation Justification

Hi! We're running URL filtering on our PanOS campus firewalls and I very often get asked to add domains to our 'allow list' - almost always because they're newly registered domains. On occasions we've had sites requested that fit into more serious categories - the latest being 'grayware'. These are very often personal web sites used for teachi...

Resolved! HA Port on PA-5220

Dear All, Is there any way to see the physical status of the HA1 Port through CLI or GUI ? HA1-A and HA1-B —Ethernet 10Mbps/100Mbps/1000Mbps ports used for HA1 traffic in both HA Modes. For HA1 traffic —Connect the HA1-A port on the first firewall directly to the HA1-A port on the second firewall in the pair or connect them to...

Export Management Permitted IP Access List

I have been looking through posts but cannot seem to find what I am looking for. There are some Management Interface Permitted IPs on our Firewalls that do not match the Template that we have for them in Panorama. Is there a CLI command where I can export the Permitted IP list for a firewalls' Management access? From the GUI there doesn't seem...

NelsonE3 by L0 Member
  • 6361 Views
  • 1 replies
  • 0 Likes

any suggestion to replace current PA3020?

Hi. we are planning to replace/upgrade current PA3020 to a newer PA model. could you please suggest which model is the best suitable with my requirement below? thank you. Current PA3020 Setup Info - using 5 virtual routers - using aggregate interfaces - as Internet Gateway - as small Data Center Gateway (AD, some storages and a few apps) - aro...

zinkt101 by L1 Bithead
  • 5754 Views
  • 4 replies
  • 0 Likes

Resolved! PA-850 Management port

Hi. I'd like to configure a PA-850's management port to use DHCP via the CLI using 10.2. All of the information I can find only shows how to set the standard interfaces to either an ip or dhcp, but not the management interface. Does anyone know if that is even possible? Even ChatGPT wasn't helpful 🙂

Kevin407 by L1 Bithead
  • 5115 Views
  • 7 replies
  • 0 Likes

Why Management interface do query instead of DNS-Proxy Interface

Hi Team, I configured DNS proxy Interface e1/1 - 192.168.29.245 to clientless vpn. DNS-Proxy resolves as, General browsing resolves with DNS 8.8.8.8 and 1.1.1.1 Tutelartechlabs.com resolves with DNS 1.1.1.2 and 4.4.4.4 Amazon.forest.in (internal-application) resolves with DNS 172.30.30.31 Note: DNS-Proxy interface is the interface that act...

LC1.jpg
LC2.jpg
LC3.jpg
LC4.jpg
  • 1586 Posts
  • 61 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks