Add a gateway. Add a new gateway (NetworkGlobalProtectGateways). Name the gateway.The gateway name cannot contain spaces and must be unique for each virtual system. As a best practice, include the location or other descriptive information to help users and administrators identify the gateway. (Optional) Select the virtual system Location to which this gateway belongs. Specify the network information that Read More
Category: Palo Alto
How to Fix GlobalProtect Gateway Certificate Error
SymptomWhen trying to connect GlobalProtect to the Palo Alto Networks firewall, it is successfully connecting to the portal, but gives a certificate error when it tries to connect to the gateway. When using older versions of the agent it connects without issue. Environment Pan-Os Global Protect Cause This issue might be caused by a new check Read More
How to Generate a CSR (Certificate Signing Request) & Import the Signed Certificate in Palo Alto
Environment PAN-OS 7.1 and above. Palo Alto Firewall. Resolution PAN-OS includes a feature to create a Certificate Signing Request (CSR). This feature can create a Certificate Signing Request (CSR) for sending to a public third-party Certificate Authority like Verisign, Globalsign, Entrust, and so on… Steps Generate the CSR Go to Device > Certificate Management > Certificates. Read More
Configure Active/Passive HA on Palo Alto Firewalls
The following procedure shows how to configure a pair of firewalls in an active/passive deployment as depicted in the following example topology. To configure an active/passive HA pair, first complete the following workflow on the first firewall and then repeat the steps on the second firewall. Connect the HA ports to set up a physical Read More
How to Troubleshoot IKE VPN Error on Palo Alto Firewall
SymptomThis document explains the various error logs seen during the IPSec tunnel negotiation issues. EnvironmentPA firewall version 8.1 and above ResolutionThe following debug is enabled to get the debug logs shown in the document. Primary-Tunnel is the IPSec tunnel name usually refers to the Phase 2.Primary-GW is the IKE Gateway that holds the Phase 1 settings. Read More
How to Set Up Site-to-Site VPN on Palo Alto with NordLayer
Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead. Configuring the tunnel in the Palo Alto WebGUI Open the Palo Alto WebGUI, and select the Network tab Select Interfaces and open the Tunnel tab Click Add Assign the parameters with the following information Virtual Router: Select Read More