{"id":5007,"date":"2024-01-31T11:24:26","date_gmt":"2024-01-31T19:24:26","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=5007"},"modified":"2024-01-31T11:24:28","modified_gmt":"2024-01-31T19:24:28","slug":"how-to-fix-unable-to-access-palo-alto-web-interface-hmmm-cant-reach-this-page","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=5007","title":{"rendered":"How to Fix Unable to Access Palo Alto Web Interface\u00a0&#8220;Hmmm can&#8217;t reach this page&#8221;"},"content":{"rendered":"\n<p>If you have problem like below with Palo Alto devcices<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img fetchpriority=\"high\" decoding=\"async\" width=\"975\" height=\"547\" src=\"https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image.png\" alt=\"\" class=\"wp-image-5008\" style=\"width:1035px;height:auto\" srcset=\"https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image.png 975w, https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image-300x168.png 300w, https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image-768x431.png 768w, https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image-128x72.png 128w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/figure>\n\n\n\n<p>Here is the solutions:<\/p>\n\n\n\n<p>configure<br>delete deviceconfig system ssl-tls-service-profile<br>commit<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"591\" height=\"402\" src=\"https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image-1.png\" alt=\"\" class=\"wp-image-5009\" srcset=\"https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image-1.png 591w, https:\/\/SUMMALAI.COM\/wp-content\/uploads\/2024\/01\/MicrosoftTeams-image-1-300x204.png 300w\" sizes=\"(max-width: 591px) 100vw, 591px\" \/><\/figure>\n\n\n\n<p>More details here if needed.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Symptom<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>SSL-TLS profile with certificates has been configured for HTTPS authentication to Firewall.<\/li>\n\n\n\n<li>After few days of operation, HTTPS access is not working<\/li>\n\n\n\n<li>SSH is working fine.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Environment<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Palo Alto Firewall.<\/li>\n\n\n\n<li>PAN-OS 8.1 and above.<\/li>\n\n\n\n<li>Management access using HTTPS<\/li>\n\n\n\n<li>SSL-TLS profile configured.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Cause<\/h2>\n\n\n\n<p>The certificate is expired or there are other issues with the certificate. The web server process is not allowed to run on expired certificates as a standard security practice, which makes the GUI inaccessible.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Resolution<\/h2>\n\n\n\n<p id=\"toc-hId-1158815420\"><strong>Option1:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If the SSL TLS profile used for management is known delete the same. This way the management access starts using the default certificate.<\/li>\n\n\n\n<li>For example, The following command deletes the&nbsp;SSL TLS profile used for HTTPS&nbsp;access&nbsp;named&nbsp;<em>profile-1<\/em><\/li>\n<\/ul>\n\n\n\n<p>&gt; configure<br># delete deviceconfig system ssl-tls-service-profile<br># delete shared ssl-tls-service-profile profile-1<br># commit<br># exit\u200b\u200b\u200b\u200b\u200b<br><strong>Option2:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Since SSH access is possible, a new certificate can be created from the CLI.<\/li>\n\n\n\n<li>Add the certificate to the SSL TLS profile<\/li>\n\n\n\n<li>Use the newly configured certificate and SSL profile to be used for HTTPS.<\/li>\n<\/ol>\n\n\n\n<p>Example below:<\/p>\n\n\n\n<p>&gt; request certificate generate ca yes certificate-name &lt;cert name&gt; name &lt;IP or FQDN&gt; algorithm RSA rsa-nbits 2048<br>&gt; configure<br># set shared ssl-tls-service-profile &lt;profile name&gt; certificate &lt;cert name&gt; protocol-settings min-version tls1-0 max-version tls1-2<br># set deviceconfig system ssl-tls-service-profile &lt;profile name&gt;<br># commit<br># exit<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Additional Information<\/h2>\n\n\n\n<p>To view the configured SSL-TLS-Service profiles, use the highlighted commands in configuration mode.<\/p>\n\n\n\n<p>FW> configure<\/p>\n\n\n\n<p>FW# <\/p>\n\n\n\n<p>FW# show deviceconfig system | match ssl-tls-service-profile <\/p>\n\n\n\n<p>FW# show shared ssl-tls-service-profile <\/p>\n\n\n\n<p>FW# exit Exiting configuration mode <\/p>\n\n\n\n<p>FW><\/p>\n\n\n\n<p>Ref: <\/p>\n\n\n\n<p><a href=\"https:\/\/knowledgebase.paloaltonetworks.com\/KCSArticleDetail?id=kA10g000000Cli0CAC\">Unable to Access Web User Interface via HTTPS &#8211; Knowledge Base &#8211; Palo Alto Networks<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you have problem like below with Palo Alto devcices Here is the solutions: configuredelete deviceconfig system ssl-tls-service-profilecommit More details here if needed. Symptom Environment Cause The certificate is expired or there are other issues with the certificate. The web server process is not allowed to run on expired certificates as a standard security practice, <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=5007\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[9,1161],"tags":[1755,1754,1753,1752],"class_list":["post-5007","post","type-post","status-publish","format-standard","hentry","category-networks","category-palo-alto","tag-palo-alto-cant-reach-this-page","tag-palo-alto-hmmm-cant-reach-this-page","tag-unable-to-access-palo-alto-gui","tag-unable-to-access-palo-alto-web-interface"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5007","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5007"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5007\/revisions"}],"predecessor-version":[{"id":5010,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/5007\/revisions\/5010"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}