Firewalls | Summa Lai

How to Troubleshoot IKE VPN Error on Palo Alto Firewall

Posted on November 21, 2022November 21, 2022 by Summa Lai

SymptomThis document explains the various error logs seen during the IPSec tunnel negotiation issues. EnvironmentPA firewall version 8.1 and above ResolutionThe following debug is enabled to get the debug logs shown in the document. Primary-Tunnel is the IPSec tunnel name usually refers to the Phase 2.Primary-GW is the IKE Gateway that holds the Phase 1 settings. Read More

How to Set Up Site-to-Site VPN on Palo Alto with NordLayer

Posted on November 18, 2022November 23, 2022 by Summa Lai

Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead. Configuring the tunnel in the Palo Alto WebGUI Open the Palo Alto WebGUI, and select the Network tab Select Interfaces and open the Tunnel tab Click Add Assign the parameters with the following information Virtual Router: Select Read More

How to Setup Azure AD SSO integration with FortiGate SSL VPN

Posted on November 10, 2022November 10, 2022 by Summa Lai

In this tutorial, you’ll learn how to integrate FortiGate SSL VPN with Azure Active Directory (Azure AD). When you integrate FortiGate SSL VPN with Azure AD, you can: Use Azure AD to control who can access FortiGate SSL VPN. Enable your users to be automatically signed in to FortiGate SSL VPN with their Azure AD Read More

How to Integrate Palo Alto VPN with JumpCloud LDAP

Posted on November 9, 2022November 9, 2022 by Summa Lai

When using Palo Alto Networks VPN LDAP integration, here are the basic settings to configure authentication with JumpCloud’s hosted LDAP service: Prerequisites:See Using JumpCloud’s LDAP-as-a-Service to obtain the JumpCloud specific settings required below. LDAP Server Profile Domain: ldap.jumpcloud.comType: otherBase: ou=Users,o=<your-organization-id>,dc=jumpcloud,dc=com Bind DN: uid=<ldap-binding-user>,ou=Users,o=<your-organization-id>,dc=jumpcloud,dc=comBind & Confirm Bind Password: <ldap-binding-user’s-password>Require SSL/TLS secured connection: Checked Group Mapping Group Objects Search Filter: (blank)Object Class: groupOfNamesGroup Name: cnGroup Member: uid, member User Objects Search Read More

How to Set up Site-to-Site VPN on FortiGate Firewall

Posted on October 5, 2022October 5, 2022 by Summa Lai

Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead. Configuring the tunnel at the FortiGate Management Interface Open the FortiGate Management Interface In the left panel, select VPN, then IPsec Tunnels, and select Create New In the VPN Creation Wizard window set the Name to NordLayer Read More

How to Clear Logs To Increase Disk Space on a Palo Alto Firewall

Posted on June 1, 2022June 1, 2022 by Summa Lai

Symptom The /opt/panlogs disk partition is high > show system disk-space Filesystem Size Used Avail Use% Mounted on /dev/root 7.0G 4.1G 2.6G 62% / none 3.2G 92K 3.2G 1% /dev /dev/sda5 16G 2.4G 13G 16% /opt/pancfg /dev/sda6 8.0G 3.2G 4.4G 43% /opt/panrepo tmpfs 2.2G 1.7G 492M 78% /dev/shm cgroup_root 3.2G 0 3.2G 0% /cgroup /dev/sda8 Read More