Tag: Firewall

Palo Alto Certificate Chain Fix

An issue I’ve run into on Palo Alto Networks firewalls is that everything seems to work when importing a certificate (usually a PFX). Until you start using the certificate, then after a validation or a commit, there’s a warning that the certificate chain is not correctly formed. Warning: certificate chain not correctly formed in certificate…

Palo Alto Terminal Server Agent Upgrade

Palo Alto Networks makes a program named Terminal Server Agent, aka the TS Agent. It is similar to the User-ID agent. However, the TS Agent is built to identify users on a multi-user system. In this post, I will show you step-by-step how to upgrade the Palo Alto Networks Terminal Server agent. Prerequisites The TS…

Palo Alto Device Certificate

Palo Alto Networks firewalls often require a device certificate. A device certificate is needed for items like device telemetry and for some of the CDSS (Cloud-Delivered Security Services) items, such as WildFire, DNS and URL filtering, and others. In this post, I show you step-by-step how to check if a device certificate is installed and…

Palo Alto Private Data Reset with HA (Active/Passive)

Sometimes, you need to do a quick factory reset on a Palo Alto Networks firewall. If you aren’t decommissioning the firewall, a Private Data Reset can be a faster way to accomplish similar results as a factory reset and can be done via CLI directly and could technically be done remotely with some coordination. In…

Securing GlobalProtect

Out of the box, you can’t just add a Security Profile to the interface that runs GlobalProtect fortunately there’s a relatively easy way to do it with minimal impact to your existing GlobalProtect setup. In this post, I will show you step-by-step how to secure GlobalProtect by adding protection with a Vulnerability Protection Profile or…

Upgrade Palo Alto HA Pair (Active/Passive) with CLI

I’m a big fan of CLI, I love to use it when I can, it always feels more complete and absolute. A while back I posted how to Upgrade Palo Alto Firewall HA Pair (Active/Passive) in that post I only covered the GUI method this post will detail how to complete everything with CLI only.…

FortiGate Policy Mode vs Profile Mode

By default all Fortinet FortiGates are in Profile-based NGFW mode. There is nothing wrong with the default mode. However, I personally prefer policy mode more. Profile mode works like most firewalls like SonicWall, pfSense and UniFi for example. All your rules are based on ports. Policy mode works like Palo Alto Networks firewalls. All your…