This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsing

Hello Team, i want to understand How PaloAlto App ID detects application traffic in encrypted traffic apart from web browsingi know its going take application information from SNI through TLS (this is for websites -having SSL) but i want to understand apart from SSL / Webbrowsing traffic.

FW Recommendation version

Kindly note that we found the below vulnerabilities in our boxes . Model PA-5020 Software Version 8.1.20 what is the recommended version and upgrade path . EOL/Obsolete Operating System: Palo Alto Networks (PAN-OS) and Panaroma Version 8.1 Detected Palo Alto Networks (PAN-OS) Improper N...

m.Ghazy by L0 Member
  • 1733 Views
  • 2 replies
  • 0 Likes

Resolved! Threat Intelligence External Dynamic Lists vs URL Filtering Security Profile

Hi All, I have security profiles on my main egress firewall rules, and the URL filtering is blocking anything malware, high-risk etc. I have some custom reports setup that report on any blocks that take place as a result of this profile. I am reading you can also setup firewall rules to block inbound/outbound traffic using sources and destinat...

Panorama fragmentation

Hi,If the checkbox for Fragmented traffic is uncheck, does that mean that the fw will not discard fragmented traffic? I have a case where someone says "10.154.74.0/23: We can not send from, or send to, packages bigger than 1472. All ports are defined to 9216 bits. 10.154.74.17 and 10.154.74.34 can be pinged with big packages."I checked the ...

Richard_M_3-1684146287887.png
Richard_M_2-1684146274804.png

Interface Monitoring

We have total 3 Interface , two ISP interface ( In router we have made them to act as Primary and Secondary) and one trust interface , now the confusion is I am trying to make if both ISP interface goes down , I need to make my trust interface also to goes down automatically by some monitoring feature. Is it possible to do that in Palo-Alto

Sujanya by L3 Networker
  • 3349 Views
  • 4 replies
  • 0 Likes

Proxy based IPSec tunnel is up but data traffic is not passing thorugh

Hi all, I have some issue regarding ipsec tunnel at Palo alto, IPSec tunnel is up and running well before. Suddenly, data traffic is not working without any changes. When i reinitiate tunnel at PA side, it is working fine. it happens frequently, i'm not sure about the cause, what would it be?. Hope i got some helps. Thanks much. BRs,

Resolved! DUO MFA popup twice for approval login GloablProtect

We configured PA 850 firewall to use DUO for GloablProtect MFA. It works. However, we have an issue. In GloablProtect Gateway Configuration>Agent>Client Settings, if I add a user, for example blin. it works fine. If I add a AD OU, for example Employees, the login user will get two DUO aoorval popup twice. From the DUO Authentication, I...

boblin_0-1683769185596.png
boblin_1-1683769394673.png
boblin by L2 Linker
  • 4263 Views
  • 4 replies
  • 0 Likes

Resolved! Palo Alto Network User-ID Agent Setup Not Saving

I have set LDAP setting in my Panorama (M600) templates but when pushed to a branch device (lab in this instance - PA-440) the User-ID Agent information is not being retained. I have attempted to override the setting and set the information locally, but even after writing it locally, the information disappears. Details on device below. Any sugge...

Resolved! problem to download files from Dropbox

We have added dropbox.com to OBJECTS>Custom Objects>URL Category. We can login dropbox online. However, can't download files with these errors: .pdf files are supported but something went wrong or There was an error downloading your file. Any help?

boblin by L2 Linker
  • 5293 Views
  • 4 replies
  • 0 Likes

Resolved! Authentication Sequence problem

I configured DUO Proxy for GloablProtect MFA redundancy on our PA 850 firewall using Authentication Sequence. This post shows how I configured: Configure two duo proxy servers for Palo alto firewall MFA redundancy – Net/PC How to (howtonetworking.com) The problem I have is when the top Authentication profile or DUO Proxy server is down, then t...

boblin_1-1683767742215.png
boblin by L2 Linker
  • 4015 Views
  • 2 replies
  • 0 Likes

New VPN effects on existing VPNs

I am very new to Palo Alto administration, having been a Checkpoint guy at my previous job. At my new job I am tasked with creating a new IPsec site to site VPN with a vendor on our perimeter firewall. There are already several other VPNs running. My question is, when I set up the new VPN, will it have any effects on currently running processes,...

URL Encording issue

I am using URL Block Page.However, there is a part where the & part appears as %26 in a specific URL. ex. I entered abc.d/&uid=B5C61D407 in the browser, but it appears as URL:abc.d/%26uid=B5C61D407 in the block page. Why is this and what can be done to fix it?

WooBak by L0 Member
  • 1440 Views
  • 1 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks