This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.
About Next-Generation Firewall Discussions
Palo Alto Networks Next-Generation Firewalls provide true, complete visibility everywhere, along with precise policy control. Ask your questions or provide insightful answers in the discussion forum specific to NGFW.

Discussions

Start a conversation

Welcome to the Next-Generation Firewall Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4540 Views
  • 0 replies
  • 1 Likes

False positive High-Risk classification for legitimate healthcare SaaS (gmedic.co)

Hello, https://gmedic.co is a legitimate healthcare SaaS platform used by healthcare professionals in Colombia. The domain is correctly categorized as Health-and-Medicine, however it is currently flagged as High-Risk. We already verified:- no malicious content- no phishing- no malware- clean reverse IP- dedicated legitimate hosting The issue see...

Palo Alto Site to Site VPN ipsec tunnel up but unable to ping Source to destination

Dear Team, When I am doing implement Site to Site VPN ipsec tunnel then tunnel status is down & Ike gateways is down after test commands manually trigger negotiation, then all up. But still source to destination unable to ping. Already on virtual router point to tunnel interface for all traffic on both firewall. On security policies allow ...

Multi-VSYS 11.2.8 - How to assign a dedicated Forward Trust Certificate per VSYS for SSL Decryption

Hi everyone,I’m running PAN-OS 11.2.8 with Multi-VSYS enabled (3 VSYS). I need a different Forward Trust Certificate per VSYS for SSL decryption, but since my certificates are imported in the Shared store, I can only select one Forward Trust Certificate globally.Should I import the certificates directly at the VSYS level instead of Shared to fix...

Regarding the migration from HDD to SSD for PA-VM running in the Azure environment

Hello everyone,We are deploying and building a PA VM on Azure.During deployment, there was no option to select between HDD and SSD, so we built it on an HDD.Therefore, as a test, we stopped the virtual machine (Palo Alto) and migrated it from HDD to SSD in Azure.Afterward, we started Palo Alto and performed a differential check, and there were n...

Otsuka by L1 Bithead
  • 180 Views
  • 2 replies
  • 0 Likes

PA 445 setup

So i''m setting up a new site on our JAPAN site. I setup 2 PA 445 A/P. Both FW are setup and HA's are connected as well. The problem is the HA are not synch yet, the primary PA 445 is accessible remotely via both public ISP 1 and ISP2 HTTPS. The reason is i'm not moving yet the private MGMT IP under permitted list on interface MGMT for...

weezy_0-1776845884511.png
weezy by L3 Networker
  • 816 Views
  • 5 replies
  • 0 Likes

NGFW unable to fetch device certificate due to bug

Hi Team,In reference to PAN-313623 describes an issue on Palo Alto Networks firewalls with Trusted Platform Module (TPM), support where device certificate renewals, may fail due to a disk partition becoming full . This occurs because temporary .pub_pem files accumulate in the /opt/pancfg/mgmt/ssl/private/ directory and are not deleted during dev...

PAN-275077 is this bug still affected in 11.1.10-h1?

I am currently observing behavior where both Sinkhole and Alert actions are being logged simultaneously for the same malicious domain. When performing an nslookup from the affected endpoint, the domain resolves correctly to the Sinkhole IP, which indicates that the sinkhole functionality is working as expected. However, I continue to see “Aler...

Rapid7 Insight Agent not showing as vendor in HIP Object Anti-Malware tab despite OPSWAT V4 support

Hi everyone, I'm trying to configure a HIP Object to detect Rapid7 Insight Agent as an antimalware vendor, but the vendor doesn't appear in the Anti-Malware dropdown when creating the HIP Object. According to the OPSWAT support chart (software.opswat.com), Rapid7 Insight Agent is listed under Signature 4098 with categories ANTIMALWARE and HEAL...

PAN‑OS versions affected by PAN‑307795

Attention: Global TPM team, Question:Which PAN‑OS 11.2 versions are affected by PAN‑307795? Background:This issue is listed under Addressed Issues for PAN‑OS 11.2.11.Based on that, I expected it to be listed in the Known Issues of earlier versions, such as PAN‑OS 11.2.7‑h4, but I could not find it there.Could you clarify which PAN‑OS 11.2 vers...

Palo Windows ARP Issue - Windows Hosts Not Installing ARP info

Hello, We have random issue with Windows 11 Enterprise ( 10.0.26200) hosts not installing ARP reply from a stack of PAs running 10.2.7-h8. I have captured the traffic with the (non ip) filter and I can see the ARP requests and the replys. The hosts are sourcing DHCP from a PA interface with standard options for mask, default gateway and dom...

NSutfin by L2 Linker
  • 213 Views
  • 1 replies
  • 0 Likes

Is the unified RPC interface (MonitorDirect.enqueueLogRequest) supported for external use?

Hi all, I'm working on an integration that needs to query firewall logs across multiple log types (threat, url, wildfire, system, config, etc.) on a regular schedule. We currently use the public XML API (/api/?type=log), which works well but requires a separate request per log type. While investigating alternatives, we noticed that the PAN-OS we...

Resolved! Palo Alto 820 - Software Update for CVE-2026-0300

Hi there, I'm trying to patch the current secruity waring for CVE-2026-0300, but it is not clear to me which software version will fix the problem. My current system is on 11.1.10-h10 (PA-820 cluster). The official document from PA can be found here: https://security.paloaltonetworks.com/CVE-2026-0300 The versions in the product table whic...

2026-05-06 08_22_59-PA.png
Netzer by L3 Networker
  • 1529 Views
  • 8 replies
  • 0 Likes
  • 1584 Posts
  • 60 Subscriptions
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks