Go to device > setup > Operations > “Revert to running configuration”. This will remove un-committed changes.
Add a gateway. Add a new gateway (NetworkGlobalProtectGateways). Name the gateway.The gateway name cannot contain spaces and must be unique for each virtual system. As a best practice, include the location or other descriptive information to help users and administrators identify the gateway. (Optional) Select the virtual system Location to which this gateway belongs. Specify the network information that Read More
SymptomWhen trying to connect GlobalProtect to the Palo Alto Networks firewall, it is successfully connecting to the portal, but gives a certificate error when it tries to connect to the gateway. When using older versions of the agent it connects without issue. Environment Pan-Os Global Protect Cause This issue might be caused by a new check Read More
Environment PAN-OS 7.1 and above. Palo Alto Firewall. Resolution PAN-OS includes a feature to create a Certificate Signing Request (CSR). This feature can create a Certificate Signing Request (CSR) for sending to a public third-party Certificate Authority like Verisign, Globalsign, Entrust, and so on… Steps Generate the CSR Go to Device > Certificate Management > Certificates. Read More
The following procedure shows how to configure a pair of firewalls in an active/passive deployment as depicted in the following example topology. To configure an active/passive HA pair, first complete the following workflow on the first firewall and then repeat the steps on the second firewall. Connect the HA ports to set up a physical Read More
SymptomThis document explains the various error logs seen during the IPSec tunnel negotiation issues. EnvironmentPA firewall version 8.1 and above ResolutionThe following debug is enabled to get the debug logs shown in the document. Primary-Tunnel is the IPSec tunnel name usually refers to the Phase 2.Primary-GW is the IKE Gateway that holds the Phase 1 settings. Read More