GUI only works with Incognito

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

GUI only works with Incognito

L3 Networker

Hello -

We replaced our palo last night and now the GUI will only open in Incognito mode in Chrome.

 

I tried clearing the cache.  That didn't help.

1 accepted solution

Accepted Solutions

@BPry Hey, thanks for replying.  I don't think that's it because the other one in the pair works just fine.  That being said, as I mentioned in the post, we just replaced this one and the config we used was the one from the palo in the pair.  Because of that I think I know what the issue might be - It's using the cert from PA2.

 

What we had:

PA1

PA2

What died:

PA1

What we replaced:

PA1

The config we used on the new hardware:

PA2

That brought over the cert from PA2

 

I think that's what the problem is. If that fixes it I'll post here in case anyone else has the same issue at any point.

View solution in original post

6 REPLIES 6

Cyber Elite
Cyber Elite

@Shawverr,

Do you have any extensions in your browser that block ads or anything like that; uBlock Origin I know for sure will messes with the ability for the GUI to render. 

@BPry Hey, thanks for replying.  I don't think that's it because the other one in the pair works just fine.  That being said, as I mentioned in the post, we just replaced this one and the config we used was the one from the palo in the pair.  Because of that I think I know what the issue might be - It's using the cert from PA2.

 

What we had:

PA1

PA2

What died:

PA1

What we replaced:

PA1

The config we used on the new hardware:

PA2

That brought over the cert from PA2

 

I think that's what the problem is. If that fixes it I'll post here in case anyone else has the same issue at any point.

I have a question though.

 

If the FWs are in an HA pair (presumption) that the cert on PA1 and PA2 should have been the same.

 

When PA1 failed, and you copied the PA2 cert, it should have been identical to the original PA1 cert.

 

Confused.... 😛

 

Help the community: Like helpful comments and mark solutions

@SCantwell_IM Hey Steve -

I'll try my best to explain, I'm still not great at this stuff yet.

 

Device > Setup > Management > General Settings > SSL/TLS Service Profile

We have a "management" cert set up for each Palo in the pair.  That cert has to be IP specific pointing to the IP of the Palo management interface.

 

Does that make sense or are you telling me I have something setup wrong? Eeeeek!

Hello again.

 

Makes sense now what you are saying.

 

But I do not see this as part of the FW causing your overall issue, but if you think it is the wrong cert, then the browser should balk at it, and give you a untrusted cert error splash page... or similar...

 

You may want to double check and verify.

 

Let us know.

 

steve

Help the community: Like helpful comments and mark solutions

@SCantwell_IM 

That did fix the issue.  Not sure why exactly, but when I fixed the cert it came up in chrome with no issues.

 

I appreciate your time!  Thanks again.

  • 1 accepted solution
  • 4813 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!