Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4635 Views
  • 0 replies
  • 1 Likes

Post fixing the firewall from maintenance mode , facing issue in log forwarding

All, Recently our production PA-440 model firewall went into maintenance mode, and post rebooting it came back and all started working fine without any issue.After few minutes of firewall came up, it stopped generating and forwarding (traffic, Threat and configuration) logs to panorama.we did restart log-receiver and mgmt of the firewall , but s...

Sujanya by L3 Networker
  • 2799 Views
  • 2 replies
  • 0 Likes

Resolved! Log appearing when disabling HA Pair

Dear All, I have a question. I assumed that logs would be output on the active firewall by removing the passive firewall side of the HA configuration devices that are in operation, > at that time what kind of log is the output? (like, link downed?)> Is the log continuously output? or just only one time it appears? Thanks!

HA syn configuration

I have 2 PA-440 configure by HA,now one of FW hardware down,And I get a new FW from RMA.now I connect this new FW. When I press "Sync to peer device", it prompts me that synchronization failed. I understand because I have not imported the license to the new firewall. If I import the license into the new firewall, can I directly synchronize the a...

Zhangsx_0-1670573116908.png

User ID firewall integration with mapping server or AD

Have to enable User-ID for corporates users. Not able to locate documentation around best practices for user id. for example in my scenario. we have one domain xyz.com with 50 domain controllers to monitor. we have winRM installed on all the domain controllers. So we will be considering doing agentless user id integration. my questions are ...

Sukhmeet by L1 Bithead
  • 3218 Views
  • 1 replies
  • 0 Likes

DHCP Fail

Hello Community, I have a FW with eth0 configured as DHCP client and it gets IP, no problem. But then I see lots of DHCP Fail system messages between lease renewals: Are these normal? Thanks!

2022-11-28_16-22.png
Alex_S by L1 Bithead
  • 3952 Views
  • 4 replies
  • 0 Likes

Certificates duplicated from Primary to Secondary firewall in Palo alto

Hi All, We have 2 Palo alto firewalls in HA mode (Active-standby). Palo alto mode: PA-3220 OS Version: 10.1.6-h3 We create Unique certificates (for management, interdevice) in each firewall with hostname. After some time, the certificates in secondary firewall gets removed and the certificates from primary firewall are copied into secondary ...

SSL Decrytpion not working consistently on MAC's

We just installed SSL decryption ( not self signed) across our PANs. It is working fine with Windows workstations at office and at home. However, with MAC machines it is working inconsistently when at home and connected to global protect. Some sites it's picking up the SSL decryption cert while for others it wasn't. I have already tried to upg...

Resolved! Cisco Twice NAT

I am working a migration of a Cisco ASA Firewall to Palo Alto and the NATs are confusing. Here are a couple of the NATs: (Outside) to (Vendor) source static 10.5.1.0/24 10.5.1.0/24 destination static (10.24.49.47 & 10.24.49.46) (10.24.49.47 & 10.24.49.46) (Outside) to (Outside) source static 10.160.100.100 67.91.127.197 destinati...

PAN User-ID Agent

Hi All, I installed User-ID Agent on the Windows DC, and it is working somewhat successfully. For some odd reason it recognizes the users from our domain but on the app's monitoring tab, where I can see the IP-User correlations, sometimes the users are identified like this: domain\user and sometimes like this [email protected] Sometimes the ...

Internal users unable to access some banking URLs/Sites

I'm experiencing an issue with internal users unable to access some banking websites/URLs. Users can access these sites over the VPN (Global Protect) but can’t access these sites from the office/Internal. I then created a URL Filtering category (added all the URLs in question) and attached it to a policy rule, also added these URLs to the SSL ...

WinstonC by L0 Member
  • 2245 Views
  • 1 replies
  • 0 Likes

Receive errors on all traffic interfaces

Hi guys I am a bit lost in our own network...... We have a PA-820 Cluster in active-passive mode. It is running for maybe 7 months now. Each firewall has 2 uplinks to our 2 core switches and 1 downlink to the access switch (with subcontractor on it). We noticed around 2 weeks ago that all those 6 ports have hardware receive errors since we insta...

tulkas by L0 Member
  • 10864 Views
  • 2 replies
  • 0 Likes

Resolved! Not able to delete Vsys1

Hello, We have a problem when trying to delete vsys1 from the FW. Customer enabled multi-vsys and they had two vsys configured. Right now, due to topology changes, vsys1 is no longer required so customer would like to delete that vsys. The thing is that the PaloAlto won't allow us to delete the vsys1 even tough we have double-checked that t...

JMBerzal by L1 Bithead
  • 5607 Views
  • 3 replies
  • 0 Likes
  • 1597 Posts
  • 61 Subscriptions
Top Solution Authors
Top Liked Authors