Author: Bob Lin

Situation: The company configures GloablProtect VPN on Paloalto Firewall for home users accessing Office network. They also have site-to site VPN to AWS. The office computers can access the AWS but Home users. This video shows how to configure Paloalto Firewall to allow GloablProtect VPN accessing AWS.

Step 1: Add IPSec Tunnel IP addresses to GlableProtect Gateway

1. Login Paloalto Firewall.

2. Go to Network>GloableProtect>Gateways.

3. Click on the GloablProtect Gateway.

4. Go to Agent>Client Settings.

5. Click on configure name, end-users in our example.

6. In Configure, click Split Tunnel tab.

7. Click Add.

8. Add the AWS Tunnel IP address subnet.

9. Click Oks to save the settings.

Step 2: Modify Security Policy

1.Go to Policies>Security.

2.Click the Security policy you want to modify, AWS Traffic-3-4 in our example.

3. In Security Policy Rule, click on Source tab.

4. Click Add to add source zoon, for example GlobaleProtect.

5. Click Destination tab.

6. Click Add to add the GloableProtect zoon.

Step 3: Commit.

Click Commit to save the configuration.

Please view this step by step video:

1.With Outlook open, switch to People.

2. Click on New Email narrow key under Home. 

3. Click Group.

4. In Contact Group window, type the group name.

5. Click on Add Members tab. 6. Select the Contacts or Address book.

6. Add the members from the contacts or addresses. 

7. Add the members from the contacts or addresses. 

8. Save and Close.

Please view this step by step video:

There are multiple ways to connect to home WiFi network in Windows 10. This video shows you some options.

Option 1: WiFi Key(s) on the keyboard

Option 2: Physical switches

Option 3: Run WiFi from Windows 10

Option 1: WiFi Key(s) on the keyboard

Example 1:

Example 2

Option 2: Physical switches

Example 1:

Example 2:

Option 3: Run WiFi from Windows 10

1.Type wifi in Search bar

2. Click on WiFi Settings.

3. Click on Show available networks. 

4. Find your wifi and click Connect.

5. After the wifi password, you should have the wifi connected.

You are connecting to the WiFi!

Please view this step by step video

This video will show how to restore a Windows Server VM on Veeam Backup & Replication 10.

1.Login Veeam Backup & Replication.

2. Click on Restore and then Microsoft Hyper-V.  

3. Click on Restore from Backup.

4. Select restore type, Entire VM restore in our example.

5. Select the VM and click Next.

6. Specify the desired restore mode: Restore to the original location in our example. 

7. Click Next to skip scanning the restored machine

8. Give the restore reason and click Next.

9. Click OK on the warning.

10. In Summary, click Finish.

11. Click Close  when the restore completes.

Please view this step by step video;

Situation: when attempting to open Certification Authority in Windows MMC, you don’t see  Certification Authority and Certificate Templates. This video shows how to install Certification Authority on Windows Server 2019.

Step 1: Install certification Authority

1.With the Server Manager open, go to Dashboard.

2.Click Add roles and features.

3. Click Next.

4. Make sure Role-based or feature-based Installation is checked, and click Next.

5. Select the server which will be installed Certification Authority.

6. Check Active Directory Certificate Services.

7. In the popup, click Add features and the follow the wizard to complete the installation.

Step 2: Post-deployment Configuration

1. Click yellow exclaim icon

2. Click Configure Active Directory Certificate Services.

3. Specify credentials to configure role services.

4. In Select Role Services to configure, check Certification Authority.

5. Specify the setup type of the CA, Enterprise CA in our example.

6. Specify the type of the CA, Root CA in our example.

7. Specify the type of private key, Create a new private key.

8. Specify the cryptographic options, keep the default and click on Next. 

9. Specify the name of the CA, keep the default and click on Next. 

10. Specify the validity period, 10 in our example.

11. Specify the database locations, keep the default and click on Next. 

12. To confirm the settings, click Configure. 

13. You will see Configuration succeeded after the configuring.  Click Close.

You should have Certification Authority and Certificate Templates in MMC

Please view this step by step video:

In some situations, you may want to expulse some files from scanning in Symantec Endpoint protection. This video shows how to do so.

Option 1: Configure Exceptions Settings

1. With the Symantec Endpoint Protection opens, click Change Settings.

2. Click Exceptions.

3. Click Add and select Exception options; Security Risk Exception, SONAR Exception, DNS or Host File Change Exception, Application Exception. .

Option 2: Auto-Protection Exception.

1.  Open Symantec Endpoint Protection from the system dray.

2. Click Yes in Do you want to allow this app to make changes to your device?

3. Click Options on each catalog such as Virus and Spy Protection, Proactive Threat Protection.

4. Select Change Settings.

5. Click on Auto-Protection tab

6. Check Selection under File Type

7. Enter the extensions of the file types you want to include.

8.  Click OK to save the settings.

Option 3: Use “Undo Active” to exclude the file.

With Symantec Endpoint Protection Detection Result, select “Undo Action Taken” from the Other Actions Menu.

Option 4: exclude the file in Symantec Endpoint Protection Manager.

1. With SEP Manager open, go to Polic..

2. Go to Exception>Exceptions Policies

3. Click on Exception and add the file will be excluded.

4. Click OK to save the settigns.

Please view this step by step video:

If you are setting up a new CA for the first time for use with Operations Manager 2007, use the following procedure to configure an HTTPS binding for the certification authority (CA).

Step 1: Install SSL

1. On the server hosting your CA, run Administrative Tools, and then click Internet Information Services (IIS) Manager.

2. In the Internet Information Services (IIS) Manager, navigate to your server’s name>Site

3. Click Server Certificates under IIS.

4. Click Create Certificate Request under Actions

5. Send the CSR to a Certification Authority.

6. Download the SSL from the Certification Authority

7. On IIS Manager, click on Complete Certificate Request. 

8. Browser the certificate you downloaded, enter the Friendly name, and the store location.  You can double-click on it to check the Certificate.

9. Now, you should have the certificate installed.

Step 2:  Configure Binding

1.Open IIS Momager and go to Default Web Site

2.Click on Binding under Actions.

3. Click Add.

4. Select https as type, enter the Host name.

5. Click SSL certificate.

6. Select the certificate you just installed.

7. Slick OK to save the settings. Now test it.

Please view this step by step video:

If you want to reissue and re-key a SLL Certificate, you can do it easily. This video will show you how to reissue and re-key a SLL Certificate on ssls.com.

1. Login the SSL website, ssls.com in our example.

2. Click on My  SSL.

3. Click Details.

4. Click REISSUE & RE-KEY.

5. Enter your domain or subdomain.

6. You will have options to save the private key: Create CSR In-Browser or  I have a CSR.

Note: If you use Create CSR In-Browser, you should install certificate by importing. If you provide the CSR, you should install the certificate by completing the request in the Windows Server.

7. If you click Create CSR In-Browser, it will download to the local computer.  

8. Select the mothed to get the certificate, for example receive an email. 

9. Now, you should have a download link.

10. Follow the link and enter the code.

11. You should receive certificate attached in your email.

Please view this step by step video

This video shows how to install Remote Desktop Services client access licenses (CALs) on a Windows Server 2019 running as RDS

Step 1: Select Connection Method.

1. In Server Manager, click on Remote Desktop Services

2. Click on Server

3. Click on Server name and then right-click on RD Licensing Manager.

4. In RD Licensing Manager, right-click on the RD Server name and click Properties.

5. In Connection method, select Connection method, Automatic connection in our example. Click OK to save the selection. 

Step 2: Activate Server and Install Licenses

Step 3: Install Licenses

1. Right-click on RD Server name and select Install Licenses.

2. Click Next in Welcome to the Install Licenses Wizard.

3. Select the License program: Open License in our example.

4. In License Program, enter the Open License Agreement number: Authorization number and License number.

Step 3: Activate the license

1. Right-click on the RD Server name and select Activate Server.

2. Click Next in Welcome to the Activate Server Wizard.

3. Make sure the Connection mothed is Automatic Connection and click Next.

4. Enter the company info.

5. In Completing the Activate Server Wizard, click Next to process. 

You have installed the RD license successfully!  

please view this step by step video:

In some situations, you may need to convert an SSL Certificate format to a different format. This video shows how to do so.

Option 1. Go to https://www.sslshopper.com/ssl-converter.html, choose file to be converted. You may need key text file.  If you want to convert to PFX, you may enter the password.

Option 2: Go to https://decoder.link/converter, enter the Certificate File, Key File, Bundle File, and password. Click convert

Please view this step y step video: