SymptomThis document explains the various error logs seen during the IPSec tunnel negotiation issues. EnvironmentPA firewall version 8.1 and above ResolutionThe following debug is enabled to get the debug logs shown in the document. Primary-Tunnel is the IPSec tunnel name usually refers to the Phase 2.Primary-GW is the IKE Gateway that holds the Phase 1 settings. Read More
Category: Palo Alto
How to Set Up Site-to-Site VPN on Palo Alto with NordLayer
Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead. Configuring the tunnel in the Palo Alto WebGUI Open the Palo Alto WebGUI, and select the Network tab Select Interfaces and open the Tunnel tab Click Add Assign the parameters with the following information Virtual Router: Select Read More
How to Set Up Azure Active Directory integration with Palo Alto Networks – Aperture
In this tutorial, you’ll learn how to integrate Palo Alto Networks – Aperture with Azure Active Directory (Azure AD). When you integrate Palo Alto Networks – Aperture with Azure AD, you can: Control in Azure AD who has access to Palo Alto Networks – Aperture. Enable your users to be automatically signed-in to Palo Alto Read More
Save and Export Firewall Configurations – Palo Alto Firewalls
Saving a backup of the candidate configuration to persistent storage on the firewall enables you to later revert to that backup (see Revert Firewall Configuration Changes). This is useful for preserving changes that would otherwise be lost if a system event or administrator action causes the firewall to reboot. After rebooting, PAN-OS automatically reverts to the Read More
How to Renew an Expired Certificate – Palo-Alto Firewall
You have the renew option at the bottom of the certificates page : certificate renew optionIn case a certificate expires or is about to expire, select the corresponding certificate and click Renew. Set the validity period (in days) for the certificate and click OK. If the firewall is the CA that issued the certificate, the firewall replaces it Read More