This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4553 Views
  • 0 replies
  • 1 Likes

Internal users unable to access some banking URLs/Sites

I'm experiencing an issue with internal users unable to access some banking websites/URLs. Users can access these sites over the VPN (Global Protect) but can’t access these sites from the office/Internal. I then created a URL Filtering category (added all the URLs in question) and attached it to a policy rule, also added these URLs to the SSL ...

WinstonC by L0 Member
  • 2200 Views
  • 1 replies
  • 0 Likes

Receive errors on all traffic interfaces

Hi guys I am a bit lost in our own network...... We have a PA-820 Cluster in active-passive mode. It is running for maybe 7 months now. Each firewall has 2 uplinks to our 2 core switches and 1 downlink to the access switch (with subcontractor on it). We noticed around 2 weeks ago that all those 6 ports have hardware receive errors since we insta...

tulkas by L0 Member
  • 10326 Views
  • 2 replies
  • 0 Likes

Resolved! Not able to delete Vsys1

Hello, We have a problem when trying to delete vsys1 from the FW. Customer enabled multi-vsys and they had two vsys configured. Right now, due to topology changes, vsys1 is no longer required so customer would like to delete that vsys. The thing is that the PaloAlto won't allow us to delete the vsys1 even tough we have double-checked that t...

JMBerzal by L1 Bithead
  • 5487 Views
  • 3 replies
  • 0 Likes

PA 10.2.3, RADIUS Challenge caused timeout even it shows auth success on Monitor

Hello All, I have Palo Alto 10.2.3, and also 10.0.3 as a test. I used RADIUS to authenticate to the admin UI, then the RADIUS server sends a challenge, this is being handled normally by 10.0.3 but 10.2.3 seems to timeout although on Monitor it shows successful. Is this a bug? Can someone help me please this is very urgent. Also if I did want to...

Resolved! Application incomplete or insufficient-data when using NNTPS

Hello, I have been working with Cisco firewalls for the last 20 years, but I'm very new with Palo Alto and PANOS. At the moment I have a PA-460 in my lab for learning purpose. It's a basic setup with just a simple NAT/PAT rule for outgoing traffic to Internet and some basic access rules. Most things are working great, but I'm having some issue...

Advance URL filtering - License - error "License required for URL filtering to function"

Hello team, I have a valid advanced URL filtering License - but when i navigate to URL filtering it says error "License required for URL filtering to function" Do i need to get PAN-DB url filtering license too ?? or is there some setting which i need to enable to get rid of this error ?? valid ADV URL filtering licensebottom you can see ...

URL Fl1.png
URL Fl2.png

Antivirus updates failing 9.1.15

Hi All. I am having issues where the antivirus updates are not checking the servers nor downloading. I have a valid advanced threat license and an expired threat license. Background running: 9.1.15 Observations: Content updates are functional and automatically downloading. If i delete the expired threat license, i am able to download the a...

Old-Roo by L1 Bithead
  • 3917 Views
  • 1 replies
  • 0 Likes

Please Release App-IDs for IBM AS400 user traffic

Hi, we have noticed traffic from users connecting to mainframes/midranges is showing as "unknown-tcp" and "insufficient-data" for the following ports: TCP/449 (Server Mapper) TCP/8470 (License Management) TCP/8471 (Database Access) TCP/8475 (Remote Command)TCP/8476 (Signon Verification) TCP/23 is of course being correctly identified as tel...

P19991 by L2 Linker
  • 3961 Views
  • 2 replies
  • 0 Likes

PAN to rsyslog on Ubuntu 22 yields unusable file names

Hi. I have a default setup w/ Ubuntu 22 as a rsyslog server. I pointed my PAN 10.2 to it, and am getting log data, but I am not getting a usable / meaningful file name. I'd like the log file name to be something like "perimfw" or some such to start. Hoping that some other PAN users here are logging to rsyslog and have a usable template line = be...

dmurdoch by L0 Member
  • 2266 Views
  • 1 replies
  • 0 Likes

Palo Alto ALG (Application Level Gateway) SIP dissable just for a particular source and destination IP addresses in a Security Policy?

Hello to All, From what I read about ALG (Application Level Gateway) functions on the Palo Alto Firewalls this function if needed is disabled globaly for the SIP default application or with application overide policy but this will stop the SIP signature matches. https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEs...

Palo Alto PA 5220 not login after password complexity changes

We changed the password complexity and history settings on our firewall a couple of days ago. After committing the changes the local users are not able to login on the firewall. So we tried to boot into maintenance mode by connecting through a console cable in order to roll back to a older running config. This did not do anything though, because...

Remote Admin via ISP connected interface

I have a PA-440 that I need to be able to manage via it's ISP connected interface. I did the intial setup via the MGT interface but when I had the device moved to it's permanent location, which is not connected to our WAN, I cannot get the login web page when trying to connect to it's internet IP address. I have set the an Interface-Mgmt profi...

  • 1589 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks