Palo Alto | Summa Lai

How to Fix Unable to Access Palo Alto Web Interface “Hmmm can’t reach this page”

Posted on January 31, 2024January 31, 2024 by Summa Lai

If you have problem like below with Palo Alto devcices Here is the solutions: configuredelete deviceconfig system ssl-tls-service-profilecommit More details here if needed. Symptom Environment Cause The certificate is expired or there are other issues with the certificate. The web server process is not allowed to run on expired certificates as a standard security practice, Read More

How to Delete Pending Configuration in Palo Alto Before Commit.

Posted on November 2, 2023November 2, 2023 by Summa Lai

Go to device > setup > Operations > “Revert to running configuration”. This will remove un-committed changes.

How to Configure a GlobalProtect Gateway

Posted on January 26, 2023January 26, 2023 by Summa Lai

Add a gateway. Add a new gateway (NetworkGlobalProtectGateways). Name the gateway.The gateway name cannot contain spaces and must be unique for each virtual system. As a best practice, include the location or other descriptive information to help users and administrators identify the gateway. (Optional) Select the virtual system Location to which this gateway belongs. Specify the network information that Read More

How to Fix GlobalProtect Gateway Certificate Error

Posted on January 23, 2023January 23, 2023 by Summa Lai

SymptomWhen trying to connect GlobalProtect to the Palo Alto Networks firewall, it is successfully connecting to the portal, but gives a certificate error when it tries to connect to the gateway. When using older versions of the agent it connects without issue. Environment Pan-Os Global Protect Cause This issue might be caused by a new check Read More

How to Generate a CSR (Certificate Signing Request) & Import the Signed Certificate in Palo Alto

Posted on January 20, 2023January 20, 2023 by Summa Lai

Environment PAN-OS 7.1 and above. Palo Alto Firewall. Resolution PAN-OS includes a feature to create a Certificate Signing Request (CSR). This feature can create a Certificate Signing Request (CSR) for sending to a public third-party Certificate Authority like Verisign, Globalsign, Entrust, and so on… Steps Generate the CSR Go to Device > Certificate Management > Certificates. Read More

Configure Active/Passive HA on Palo Alto Firewalls

Posted on December 6, 2022December 6, 2022 by Summa Lai

The following procedure shows how to configure a pair of firewalls in an active/passive deployment as depicted in the following example topology. To configure an active/passive HA pair, first complete the following workflow on the first firewall and then repeat the steps on the second firewall. Connect the HA ports to set up a physical Read More