This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4508 Views
  • 0 replies
  • 1 Likes

Does VM Series-Trial Support VMware Workstation ?

HI Guys I have registered and got a VM-Series Trial for 30 days from this link. https://www.paloaltonetworks.com/vm-series-trial I clearly understand that the guide says the Hypervisor Supported are VMware ESXI. But I want to use it in my VMware workstation. I have downloaded ovf template and installed it on the Workstation. the installation w...

AriqAziz_0-1688287839598.png

Fortinet Pre-authentication Heap-based Buffer Overflow Vulnerability (CVE-2023-27997) is covered in Palo Alto NIPS Signature ?

Hi all, Can I check with you the following Fortinet Pre-authentication Heap-based Buffer Overflow Vulnerability (CVE-2023-27997) is covered in Palo Alto NIPS Signature ? If yes, May I know which released signature version and threat id is covered for this vulnerability? Vulnerability Details: Title Fortinet Pre-authentication Heap-base...

http-req-user-agent-header

Hello, SSO is requesting to me to add a rule on policy to alert http request without user-agent (empty) on header. i know I can use vulnerability by adding a condition when « http-req-user-agent-header » is equal to a regex. i tried to use the regex .*$ and negate but it don’t work. Can you help me on the good regex to add ? BR

Resolved! Device Gropus: How to see previously devices

Hi,We got an RMA, but for the new fw there has not been selected any devices. It was a lot back and forth when trying to set up and add the new fw to Panorama, so in the process the old fw has been deleted from Panorama.Does anyone know if there is possible to see or find out which devices that have previously been selected in the different devi...

Using XFF for Logs Only

Hello, I have an application behind a WAF, without XFF the source IPs are always my WAF and for auditing reasons I need to get and log the real client IP addresses. Traffic flow is like this: Client -> WAN -> NAT -> DMZ - App Server My security policy only allows the communication from internal IP addresses, in this case the priva...

Captive Portal and Response Pages

hello 2 all, i've a strange behaviour with my edge-palo-alto firewall: we've enabled a captive portal on the inside (lan) interface with redirect, working as expected... but when i enable the response-page on the outside (wan) interface following ports are reachable on the outside interface 6081 + 6082 ( captive portal ports on inside i...

Security rule with URL category mixed up

Hello, We have a weird rule in our Security Rules list. Basically it's allowing any to any with some specific applications, but also a custom URL Category in "Service/URL Category" tab. So normally it should allow only the traffic hitting the URLS in this category. But it's allowing all the traffic actually that is hitting the specific a...

CTramier by L0 Member
  • 1234 Views
  • 1 replies
  • 0 Likes

Tenant ID change on NGFW

Hi all, We have a set of NGFWs that somehow are pointed to an old tenant ID and therefor not dropping the logs into the CDL. We have put in a TAC case but haven't gotten any resolution as of yet. Is there a way in the CLI to change the tenant ID? Or is this a log forwarding profile issue? Any assistance would be helpful.

2 PA-850s and 1 PA-440

Hi,I received a quote from a supplier for 2 PA-850s with Wildfire , Partner enabled premium support and GlobalProtect subscription.Then for the PA - 440 - Wildfire , GlobalProtect , advanced Url filtering , advanced threat protection and premium support.As far as i can tell they want to run 2 separate networks with the same level of protection o...

Calc66 by L1 Bithead
  • 4536 Views
  • 5 replies
  • 0 Likes

Resolved! Palo Alto NGFW: LDAP authentication with DUO/OKTA MFA

Hi, We have a got a new Palo Alto NGFW in our Premises and configured with LDAP for authentication. Things were good with LDAP for authentication until we started looking for MFA. I couldn't find any document to have LDAP and DUO/OKTA for MFA. As this is my first firewall configuration, it hits me so hard. Can someone help me with this? Thanks...

jeromej by L1 Bithead
  • 4513 Views
  • 2 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks