Situation: The client configured HA on two PA-850 units. They would like to know how to test it?
Resolution 1: Go to Device>High Availability> Operation Commands. Click on Suspend local device. Here are the example.
It takes 1 to 2 seconds to switch.
Resolution 2: If you want to disconnect a cable for the test, you can add a interface in Link Group. Go to Device>High Availability>Link and Path Monitoring. Add the Interface, for example trusted interface. You can unplug the trusted interface to test it.
If the cable is disconnected, it take about 15 seconds to switch to standby unit.
Situation: The company configures GloablProtect VPN on Paloalto Firewall for home users accessing Office network. They also have site-to site VPN to AWS. The office computers can access the AWS but Home users. This video shows how to configure Paloalto Firewall to allow GloablProtect VPN accessing AWS.
Step 1: Add IPSec
Tunnel IP addresses to GlableProtect Gateway
1. Login Paloalto Firewall.
2. Go to Network>GloableProtect>Gateways.
3. Click on the GloablProtect
Gateway.
4. Go to Agent>Client Settings.
5. Click on configure name, end-users in our example.
6. In Configure, click Split Tunnel tab.
7. Click Add.
8. Add the AWS Tunnel IP address
subnet.
9. Click Oks to save the settings.
Step 2: Modify Security Policy
1.Go to Policies>Security.
2.Click the Security policy you want to modify, AWS Traffic-3-4 in our example.
3. In Security Policy Rule, click
on Source tab.
4. Click Add to add source zoon,
for example GlobaleProtect.
Situation: when attempting to open Certification
Authority in Windows MMC, you don’t see Certification Authority and Certificate
Templates. This video shows how to install Certification Authority on Windows
Server 2019.
Step 1: Install certification Authority
1.With the Server Manager open, go to Dashboard.
2.Click Add roles and features.
3. Click Next.
4. Make sure Role-based or feature-based Installation is checked, and
click Next.
5. Select the server which will be
installed Certification Authority.
6. Check Active Directory
Certificate Services.
7. In the popup, click Add features and the follow the wizard to complete the installation.
Step 2: Post-deployment
Configuration
1. Click yellow exclaim
icon
2. Click Configure Active Directory
Certificate Services.
3. Specify credentials to configure
role services.
4. In Select Role Services to configure, check Certification Authority.
5. Specify the setup type of the
CA, Enterprise CA in our example.
6. Specify the type of the CA, Root
CA in our example.
7. Specify the type of private key,
Create a new private key.
8. Specify the cryptographic
options, keep the default and click on Next.
9. Specify the name of the CA, keep
the default and click on Next.
10. Specify the validity period, 10
in our example.
11. Specify the database locations,
keep the default and click on Next.
12. To confirm the settings, click Configure.
13. You will see Configuration succeeded after the configuring. Click Close.
You should have Certification Authority and Certificate Templates in MMC
If you are setting up a new CA for
the first time for use with Operations Manager 2007, use the following
procedure to configure an HTTPS binding for the certification authority (CA).
Step 1: Install SSL
1. On the server hosting your CA,
run Administrative Tools, and then click Internet Information Services (IIS) Manager.
2. In the Internet Information Services (IIS) Manager, navigate to your server’s name>Site
3. Click Server Certificates under IIS.
4. Click Create Certificate Request under Actions
5.
Send the CSR to a Certification Authority.
6.
Download the SSL from the
Certification Authority
7. On IIS Manager, click on Complete
Certificate Request.
8. Browser
the certificate you downloaded, enter the Friendly name, and the store
location. You can double-click on it to
check the Certificate.
9. Now, you should have the certificate installed.
If you want to reissue and re-key a SLL Certificate, you can do it easily. This video will show you how to reissue and re-key a SLL Certificate on ssls.com.
1. Login the SSL website, ssls.com
in our example.
2. Click on My SSL.
3. Click Details.
4. Click REISSUE & RE-KEY.
5. Enter your domain or subdomain.
6. You will have options to save
the private key: Create CSR In-Browser
or I have a CSR.
Note: If you use Create CSR In-Browser, you should install certificate
by importing. If you provide
the CSR, you should install the certificate by completing the request in the
Windows Server.
7. If you click Create CSR
In-Browser, it will download to the local computer.
8. Select the mothed to get the
certificate, for example receive an email.
9. Now, you should have a download
link.
10. Follow the link and enter the
code.
11. You should receive certificate
attached in your email.