This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4510 Views
  • 0 replies
  • 1 Likes

migrating ASA to Palo alto with inline deployment

We are planning to migrate firewall from ASA to Palo Alto . Instead of performing hot cutover , we will install the Palo Alto firewall in-line along with existing ASA firewall using virtual wire interface type. Since we have many security zones on ASA and there are policies to allow access between zones, where can i place the new firewall and ...

Bkrishnamoorthy_0-1683291233455.png

Attempt accessing the active and/or passive firewalls fails with the error "fork failed: No space left on device"

Dear and valuable Live Community Members, I'm wondering if anyone has an issue when trying to access the MGMT interface off the active and/or passive firewalls and getting the error "fork failed: No space left on device" We were never able to access the firewall and in the end, we rebooted both devices to be able to access the management int...

Post OS Upgrade for PA-5220 from 9.1.4 to 10.2.3-h4 Users Started Experiencing Issues with Accessing MS Office 365 Applications Internally

Hi There, Recently, we upgraded the OS on our PA-5220 from 9.1.4 to 10.2.3-h4. Immediately after we upgraded to 10.2.3-h4 our helpdesk began receiving calls from users reporting that they cannot get logged into MS Office365 Applications, it'll never bring them to the MS prompt to input their Office365 email/password it'll just say "Can't reach...

Krystin by L0 Member
  • 1966 Views
  • 1 replies
  • 0 Likes

DNS resolution for management interface not working after upgrade to 10.2.3

Since upgrading our firewalls from 10.2.2-h2 to either 10.2.3 or 10.2.3-h2, any DNS resolution from the management interface is failing. Attempting to ping an FQDN from the CLI results in "ping: cnn.com: System error". I confirmed that the DNS servers configured in Device -> Setup -> Services and the management interface settings in Device...

sskannan by L2 Linker
  • 4853 Views
  • 2 replies
  • 0 Likes

Trying to connect two separate networks that share the same IP addresses to a third networking using virtual routers and NAT on PA-440

We have a bunch of separate video networks that are separate, but use the same IP address space for each. Each is connected to their own dedicated switches and is attached to a couple of hundred cameras and a DVR. We would like to connect these networks to a Palo PA-440 and use virtual routers to accomplish this. Right now I have only two VRs co...

Resolved! WF

Hi guys, Besides Monitor - Logs - Wildfire Submissions, where else must we check whether Wildfire is working? Thanks All.

tinhnho by L3 Networker
  • 3799 Views
  • 4 replies
  • 0 Likes

Resolved! The mechanism of agentless user-id between firewall and monitored server.

The customer wants to know the query mechanism of agentless user-id. I can see the following description from the documentation. With server monitoring a User-ID agent—either a Windows-based agent running on a domain server in your network, or the PAN-OS integrated User-ID agent running on the firewall—monitors the security event logs for spe...

wxiao by L2 Linker
  • 2948 Views
  • 1 replies
  • 0 Likes

X-forwarder header does not work when vulnerability profile action changed to block ip

ISSUE REPORTED: unable to block x-forwarder ip when the action is set to block ip in the vulnerability profile------------------------------------------------------------------------------------------------------------------------Discussion,observation, Troubleshooting:-----------------------------------------------------------------------------...

Resolved! Delete Anti-virus update

Hi all, I have a HA cluster in which a trial threat prevention license was activated on active firewall only. Thus on the HA widget i have mismatch on anti virus version. Since it is already expired, in order to bring the firewalls back in sync, I wonder if its safe to delete via CLI the currently installed Anti virus update with the command ...

The allow security policy configured with the app-ID "netbackup" and an "application-default" as a service doesn't work correctly.

Dear and valuable Live Community Members, I have a problem understanding the below-described behavior in regard to the security policy used in the firewall: We have a firewall policy configured to allow NetBackup traffic, but if we configure it by setting the "Application" tab to "netbackup", it often doesn't work (the behavior is random). ...

image001.png
Standard Ports_netbackup.PNG

Resolved! Firewall cloning for DR

Hello, I have a Panorama that manage 2 cluster. Each one have a dedicated Device-Group and Template. Now the cluster 2 must be recycled as a DR of the cluster 1. My idea is to reassign the cluster 2 to the same DG and Templ of the cluster 1. Should works, right? As far as I know if I move the cluster 2 on the same DG/templ the Panorama "add" th...

Path Monitoring - latency

I'm not using PAN SD-WAN. I have static route path monitoring configured for multiple ISPs. If pings fail, the path goes down as expected. If the pings succeed, but latency is abnormally high, the path stays up. How can I set a latency threshold? Ideally, I'd have a threshold for each monitored path such as 10ms for the next hop and 200ms ...

communication of vlan interfaces not working

Hello, I have two firewalls connected over "L2 Line" from our ISP. We would like to use this line to route between our two sites instead of IPSec tunnel.On this line I can use vlans from 1-100 for communication. On both firewalls I created L2 interface with tagged sub-interface from this range. Then I created vlan interface with IP address and s...

AdamHP by L1 Bithead
  • 1779 Views
  • 0 replies
  • 0 Likes
  • 1794 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks