We replaced our palo last night and now the GUI will only open in Incognito mode in Chrome.
I tried clearing the cache. That didn't help.
Solved! Go to Solution.
Do you have any extensions in your browser that block ads or anything like that; uBlock Origin I know for sure will messes with the ability for the GUI to render.
@BPry Hey, thanks for replying. I don't think that's it because the other one in the pair works just fine. That being said, as I mentioned in the post, we just replaced this one and the config we used was the one from the palo in the pair. Because of that I think I know what the issue might be - It's using the cert from PA2.
What we had:
What we replaced:
The config we used on the new hardware:
That brought over the cert from PA2
I think that's what the problem is. If that fixes it I'll post here in case anyone else has the same issue at any point.
I have a question though.
If the FWs are in an HA pair (presumption) that the cert on PA1 and PA2 should have been the same.
When PA1 failed, and you copied the PA2 cert, it should have been identical to the original PA1 cert.
@SteveCantwell Hey Steve -
I'll try my best to explain, I'm still not great at this stuff yet.
Device > Setup > Management > General Settings > SSL/TLS Service Profile
We have a "management" cert set up for each Palo in the pair. That cert has to be IP specific pointing to the IP of the Palo management interface.
Does that make sense or are you telling me I have something setup wrong? Eeeeek!
Makes sense now what you are saying.
But I do not see this as part of the FW causing your overall issue, but if you think it is the wrong cert, then the browser should balk at it, and give you a untrusted cert error splash page... or similar...
You may want to double check and verify.
Let us know.
That did fix the issue. Not sure why exactly, but when I fixed the cert it came up in chrome with no issues.
I appreciate your time! Thanks again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!