Month: December 2020

You must activate PA licenses for each of the services you purchased before you can start using the firewall to secure the traffic on your network. This article shows how to do so.

Step 1: Register Device

•Log into the Customer Support Portal.  HTTPS://support.paloaltonetworks.com

•Navigate to Assets>Device

* Click on Register New Device

•You have two options: Register device using Serial Number or Authorization Code and Register usage-based VM-Series models (hourly/annual) purchased from public cloud Marketplace or Cloud Security Service Provider (CSSP)

•Check the option you want and click Next.

* Enter the Device information such as Serial Number, Device Name, and Device Tag.

•Enter Location Information and then click on Agree and Submit.

Step 2: Run day 1 Configuration

 * After registering the device, you have an option to Run Day 1 config.

* Please enter the Serial Number of the device you just registered to create a Day 1 Configuration

Note: Placing a Day 1 Configuration on your firewall will replace any other configurations currently in place

* Click Confirm Serial Number to continue.

* Enter the Setup information such as S/N, Device Type, PAN-OS Version, and Hostname.

•Enter the Management Type and info.

* Click Generate Config file.

* Paloalto Customer Support generates the configuration file.

Step 3: Active the PA support license
* Login PA Firewall web interface
* Device>Support
* Click Activate support using authorization code.

* Enter your Authorization Code and then click OK

* Now, Support page shows Support ExpiryDate, Level, and Description.

Step 4: Activate purchased license

•Go to Device>Licenses •Retrieve license keys from license server—Use this option if you activated your license on the Customer Support portal.

•Enter authorization code to activate other features.

* This is what look like after activate the license and features, which confirms that the license is successfully activated

Please view this step b ystep video:

After you have already registered the PA device, you have an option to run access the Day 1 Configuration tool which helps build a sturdy baseline configuration by providing templates that introduce best practice configuration as a foundation on which the rest of the configuration can be built. This article will show you how to run it and upload to the device.

Step 1: Run Day 1 Configuration

 * After registering the device, you have an option to Run Day 1 Config.

* Please enter the Serial Number of the device you just registered to create a Day 1 Configuration

Note: Placing a Day 1 Configuration on your firewall will replace any other configurations currently in place

* Click Confirm Serial Number to continue.

* Enter the Setup information such as S/N, Device Type, PAN-OS Version, and Hostname.

•Enter the Management Type and info.

•Enter Logging info.

* Click General Config file.

* Paloalto Customer Support generates the configuration file.

Step 2:  Import the prepared Day 1 Configuration file onto your firewall.

* Go to Device>Setup>Operations.

•Click Import named configuration snapshot

* Click Browse…

* Select the Day 1 configuration file, day1config.xml in our example.

* Click OK to import the day 1 config file.

* The config file is uploading.

* Imported is successful.

•Step 3: Upload imported day 1 config file

• In Device>Operations, click Load named configuration snapshot.

* Click narrow down key and select the imported file, day1config in our example

* Click OK to upload the config file.

* The config file has been uploaded. Click Close and refresh the page.

Now, check the configuration.

Please view this step by step video:

This article shows you how to configure Paloalto Firewall base on PA-800 Series. We will configure the firewall MGT interface, DNS, NTP, and verify the firewall can access to external services.

Step 1: Access the firewall

There are different ways to configure Paloalto firewall.

1. Use a serial cable and terminal emulation software (9600-8-N-1)

Connect a serial cable from your computer to the Console port

Run a firewall using terminal emulation software (9600-8-N-1) such as putty.

To find COM port #, you may run Device Manager and then navigate to Ports.

When the firewall in power on and ready, it prompts login.

Note: The default username/password are admin/admin.

For security reasons, you must change the password before continuing with other firewall configuration tasks.

2. Use RJ-45 Ethernet cable and an Internet Browser.

Connect an RJ-45 Ethernet cable from your computer to the MGT port on the firewall.

From an Internet browser, go to https://192.168.1.1 which is the default IP address. Then click on Advanced.

Click on Process to 192.168.1.1.

Type the default user and password admin/admin. Then click  login.

Step 2: Configure the MGT interface using browser

Navigate to Device>Setup>Interfaces

Click on management. You have options to setup Static IP address, netmask, default Gateway, Speed, MUT, Administrative Management Services such as HTTPS, SSH, and Network Services such as Ping, SNMP. 

Click OK to close the configuration. Click on Commit to save the settings

Step 3: Configure DNS, update server, and proxy server settings. Navigate to Device>Setup>Services

Click on Settings icon.

You have options to setup Update Server, DNS settings, Proxy Server

Click NTP tab, you can setup NTP server.

Step 4: Add admin user and change admin password

Go to Device>Administrators

Click on Add icon. You have options to choose the name, Authentication Profile, password, Administrator type, and Password Profile.

Step 5: Test the Internet connection

* After Commit the configuration, Disconnect the firewall from your computer.

• Connect the MGT port to a switch port on your LAN or Router using an RJ-45 Ethernet cable.

•Make sure that the switch port you cable the firewall to is configured for auto-negotiation.

•Run a terminal emulation software, such as PuTTY, launch an SSH session to the firewall using the new IP address you assigned to it

Verify the Internet contention by this command:

ping host updates.paloaltonetworks.com

Or

request support check

Please view this step by step video:

With the Mitel Connect, you may have Desk phone and Softphone options. If you don’t have Softphone, your Mitel administrator needs to enable it in Mitel Connect Director.

1. With Mitel Connect Director, click on Tool icon.

2. Navigate to Users>Users

3. Double click on the user you want to enable Softphone.

4. Click TELEPHONY

5. Move down until you see Enable use of softphone.

6. Click Save to save the settings.

Please view this step by step video:

For the security reason, AutoPlay and AutoRun mat be disabled or you want to disable them. This video shows how to enable or disable AutoPlay and AutoRun .

Type in autoplay in the Search bar and click Open.

On the left pan, click on AutoPlay

You can turn on of off AutoPlay here. 

You also options to Choose Autoplay default for removable drives, memory cards and cell phone to take actions such as Take no action, Open folder to view files, Ask me every time, and Configure storage settings.

Do the same on AutoRun by typing autorun in Search bar. Then click on Open.

* You can enable or disable Autorun here.

You also have an option to enable or disable AutoPlay and AutoRun using the Group Policy

* Type gpedit in the Search bar and then click Open.

•Navigate to Computer Configuration>Administrative Templates > Windows Components > AutoPlay Policies.

* Double-click on AutoPlay Policies. You will have option to manage AutoPlay and AutoRun.

Please view this step by step video:

By default, Windows 10 opens PDF with Microsoft Edge. That may cause some problems and can’t open the new version of PDF file. This video shows how to setup Adobe Reader as PDF default app. There are many ways to do so.

1. Change Open with settings from file property
* Open File Explorer.
* Locate one PDF file.

* Right on the PDF file and select Properties.

* Under General, the Opens with is Microsoft Edge. Click Change.

* Select Adobe Reader or Adobe Acrobat. If you don’t see Adobe apps, click More apps.

* Click OK to save the settings. Now, the Opens with has been changed to Adobe app.

2. Change the default apps from Settings

* Click Settings icon.

* Click Apps

* Click Default apps on the left pan.

* Click on Choose default apps by file type

* Find .pdf 

* Click on the current default app, Microsoft Edge in our example.

 * Select the apps you want to be the default app, Adobe Acrobat Reader DC in our example.

* After closing, you should have Adobe Acrobat Reader DC as default app. 

Please view this step by step video:

By default, Windows 10 opens PDF with Microsoft Edge. That may cause some problems and can’t open the new version of PDF file. This article shows how to change this default settings so that it opens PDF form Adobe Reader. There are many ways to do so.

1. Change Open with settings from file property
* Open File Explorer.
* Locate one PDF file.

* Right on the PDF file and select Properties.

* Under General, the Opens with is Microsoft Edge. Click Change.

* Select Adobe Reader or Adobe Acrobat. If you don’t see Adobe apps, click More apps.

* Click OK to save the settings. Now, the Opens with has been changed to Adobe app.

2. Change the default apps from Settings

* Click Settings icon.

* Click Apps

* Click Default apps on the left pan.

* Click on Choose default apps by file type

* Find .pdf  

* Click on the current default app, Microsoft Edge in our example.

 * Select the apps you want to be the default app, Adobe Acrobat Reader DC in our example.

* After closing, you should have Adobe Acrobat Reader DC as default app. 

Please view this step by step video:

Situation: when downloading or transferring an executable file into your computer,  you may receive a denied access message from Symantec Endpoint Protection. If this is a trusted software or file, you may want to disable Symantec End Point temporarily. This article shows how to do so.

There are multiple ways to disable Symantec End Points. 1.Disable Symantec End Point from the system tray.

• Click on the System Tray.

• Right-Click on Symantec End Protection icon

• Click Disable Symantec Endpoint Protection

• Click Yes in Do you want to allow this app to make changes to your device?

• Now the Symantec End Protection is disabled. After completing the download or transfer, follow the same step to enable it.

2. Disable Symantec End Protection by running stop command

* In the search bar, type smc –stop

* Click Open.

* Click Yes in Do you want to allow this app to make changes to your device?

• The black screen popup and disappear.
• If you check the System Tray, you don’t see Symantec End Protection icon anymore.

• Symantec End Protection has been disabled and try to download or transfer the file.

•After finishing, run this command in Search bar: smc –start.

•Click on Open.

* Check the System Tray to make sure the Symantec End Protection is enabled. Note: it may take a few minutes.

Please view this step by step video:

How to disable Symantec End Protection Temporarily

Q: I just switch my phone number. How to change Authentication Phone Number for office 365?

A: There are two different situations.

1. The old phone or phone number still work.

Please refer to this post:

How to change MFA verification method

2. The old phone or phone number doesn’t work.

Please refer to this post:

• How to disable and re-enable multi-factor authentication in Office 365

One way or other, you need to have the follow screen popup for you to change the phone number.

Or view this step by step video:

By default, multi-factor authentication (MFA) is turned. In some situations, you may need to disable and re-enable MFA for whole organization or a user. This video shows how to do so.

1. Sign into the Microsoft 365 admin center with global admin credentials. Click on Admin.

2. In the left pan choose Show All and under Admin centers, choose Azure Active Directory.

3. In the Azure Active Directory admin center choose Azure Active Directory.

Alternatively, you can login Azure portal.

4. To disable or enable Security default for whole organization, go to Properties>Manage Security default.

Click Yes for Enable Security default or No for Disable Security default.  

5. To disable or enable one or some users, login Office 365. Go to Users>Active users.

* Click on Multi-factor authentication

* Enter the username and press Enter.

* You may have these options: Disable, Enforce and Manage user settings. Click on Manage user settings, and then check Require selected users to provide contact methods again. Click on Save.

* Updates successful. Now, when the user login Office 365, he/she will be prompted to

Note 1.The settings may take a while to active.

2.Make sure the account is MFA enabled.. If it is disabled, you need to enable it first

Please view this step by step video: