Palo Alto | Summa Lai

How to Delete Pending Configuration in Palo Alto Before Commit.

Posted on November 2, 2023November 2, 2023 by Summa Lai

Go to device > setup > Operations > “Revert to running configuration”. This will remove un-committed changes.

How to Configure a GlobalProtect Gateway

Posted on January 26, 2023January 26, 2023 by Summa Lai

Add a gateway. Add a new gateway (NetworkGlobalProtectGateways). Name the gateway.The gateway name cannot contain spaces and must be unique for each virtual system. As a best practice, include the location or other descriptive information to help users and administrators identify the gateway. (Optional) Select the virtual system Location to which this gateway belongs. Specify the network information that Read More

How to Fix GlobalProtect Gateway Certificate Error

Posted on January 23, 2023January 23, 2023 by Summa Lai

SymptomWhen trying to connect GlobalProtect to the Palo Alto Networks firewall, it is successfully connecting to the portal, but gives a certificate error when it tries to connect to the gateway. When using older versions of the agent it connects without issue. Environment Pan-Os Global Protect Cause This issue might be caused by a new check Read More

How to Generate a CSR (Certificate Signing Request) & Import the Signed Certificate in Palo Alto

Posted on January 20, 2023January 20, 2023 by Summa Lai

Environment PAN-OS 7.1 and above. Palo Alto Firewall. Resolution PAN-OS includes a feature to create a Certificate Signing Request (CSR). This feature can create a Certificate Signing Request (CSR) for sending to a public third-party Certificate Authority like Verisign, Globalsign, Entrust, and so on… Steps Generate the CSR Go to Device > Certificate Management > Certificates. Read More

Configure Active/Passive HA on Palo Alto Firewalls

Posted on December 6, 2022December 6, 2022 by Summa Lai

The following procedure shows how to configure a pair of firewalls in an active/passive deployment as depicted in the following example topology. To configure an active/passive HA pair, first complete the following workflow on the first firewall and then repeat the steps on the second firewall. Connect the HA ports to set up a physical Read More

How to Troubleshoot IKE VPN Error on Palo Alto Firewall

Posted on November 21, 2022November 21, 2022 by Summa Lai

SymptomThis document explains the various error logs seen during the IPSec tunnel negotiation issues. EnvironmentPA firewall version 8.1 and above ResolutionThe following debug is enabled to get the debug logs shown in the document. Primary-Tunnel is the IPSec tunnel name usually refers to the Phase 2.Primary-GW is the IKE Gateway that holds the Phase 1 settings. Read More