This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4613 Views
  • 0 replies
  • 1 Likes

Out of Snyc configuration after successfully push from panorama to managed devices.

Hi everyone, i have uploaded certificate from templates panorama and i already commit and push to managed devices, but we have an issue after successfully commit and push to managed devices, template status out of sync on the panorama>Summary. we already check on the local firewall, the certificate there is on the firewall. i have tried to ...

Global Protect is having issues with newer MACOS version.

Hi, I have problems trying to sign in some mac users that are running some SEQUOIA and TAHOE version, the only version that is working is 15.7.4 Sequoia version. It seems that the gl client is unable to authenticate. I checked in logs and it seems that the gp client is not able to open a .dat file 04/15/2026 17:06:14:954 [Info ]: Portal pre...

Active Active HA Out of Sync due to invalid interface address commit failed.

Our customer has 2 PA-3420's running in Active Active HA which are currently out of sync. All criteria on the HA widget matches across the two devices. When we attempt to sync to peer from the active-primary we get a commit failure on the active secondary stating: invalid interface address XXX-XXX-XXX-XXX-30(Module: routed) client routed phase 1...

Bug fix clarification for PAN-321150

Just seen 11.2.10-h10 has come out and has bug fix PAN-321150 with a description "Fixed an issue where the interface remained down after an upgrade" I find this very unclear in what interface it is referring to. Anyone know how to look up the details of bug fixes as i can't see any where to do this.

Policy Tab Issue Persisting Across PAN-OS Versions

Hello All, The customer is currently running PAN-OS 11.1.15. This issue is reportedly addressed in this release; however, the customer continues to experience the same behavior. Issue Description: The issue is related to the Policy tab. The customer is unable to perform any policy management operations, including: Adding new policies Clonin...

Resolved! GlobalProtect 6.3.3-1016 Failed to Open File Mac M3 Pro (Apple Silicon) macOS Tahoe 26.5.1

There are issues connecting to my Employer's VPN using GlobalProtect 6.3.3-1016 application.Where as an older version which we have (v5.2.10-6) is working fine.PanGPS.logP1190-T8523 06/18/2026 17:49:05:145 Debug( 200): WAIT_TIMEOUT P1190-T8523 06/18/2026 17:49:05:145 Debug( 733): HipMonitorThread quits. P1190-T16643 06/18/2026 17:49:13:656 Inf...

Resolved! PA 445 setup

So i''m setting up a new site on our JAPAN site. I setup 2 PA 445 A/P. Both FW are setup and HA's are connected as well. The problem is the HA are not synch yet, the primary PA 445 is accessible remotely via both public ISP 1 and ISP2 HTTPS. The reason is i'm not moving yet the private MGMT IP under permitted list on interface MGMT for...

weezy_0-1776845884511.png
weezy by L3 Networker
  • 1175 Views
  • 6 replies
  • 0 Likes

NAT policy conversion

hello, im currenly converting the cisco asa's configuration to paloalto . so in cisco asa , the nat policy is configured as following : object network VMAnat (ADM,inside) static 10.15.65.3so if i get it right , this policy means that the traffic from the source VMA and source interface is ADM which is an object already created to destination an...

[SOLVED User-ID Domain Mismatch]: Resolving Domain's Conflicts Between Prisma Access GlobalProtect (CIE) and On-Premises Server Monitoring

Hello LiveCommunity Team! I created this post to share my experience regarding an issue involving the User-ID domain mapping issue between the Prisma Access Mobile Users GlobalProtect conflict with the NGFW On-Premises. The conflict arises when an On-Premises NGFW and Prisma Access GlobalProtect use a different user identity sources and domain N...

DanielSRomero_0-1781263908489.png

Resolved! basic network, complex problem (please help)

Hello Everyone!i have encountered an issue with my network testing environment and would like to ask for your opinion.I wanted to test for connectivity in my environment so the only policy rule is a full any/any on any service with action allow, so it overshadows everything. my layout is such:eth1/4 192.168.1.1/24 eth1/14.1 192.168.20.1/24eth1/1...

Delaying upgrade between an HA pair

Does any successfully perform their HA firewall upgrades in this manner? 1. Upgrade the Seconday(passive) firewall. 2. Make Secondary firewall Active. 3. Wait 1 or more days. 4. Upgrade the Primary(now passive) firewall. 5. Make the Primary firewall active. It would bring us a lot more comfort knowing that we can easily switch to a different...

jambulo by L4 Transporter
  • 225 Views
  • 1 replies
  • 0 Likes

Using ethernet 1/1 - 1/12 fo 10Gbps connections on a pa-3400 series firewall

The spec on pa-3410 front panel states "Ethernet ports 1 through 12 - Twelve RJ-45 10Mbps/100Mbps/1Gbps/2.5Gbps/5Gbps/10Gbps ports for network traffic." Is the speed determined by auto-negotiation? I assume one has to use cat6 copper cable for 2.5Gbps and higher. Can these ports be used for HA? Has anybody used these interfaces to connect to C...

  • 1592 Posts
  • 61 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks