11-07-2019 05:28 AM
Hello -
We replaced our palo last night and now the GUI will only open in Incognito mode in Chrome.
I tried clearing the cache. That didn't help.
11-08-2019 06:08 AM
@BPry Hey, thanks for replying. I don't think that's it because the other one in the pair works just fine. That being said, as I mentioned in the post, we just replaced this one and the config we used was the one from the palo in the pair. Because of that I think I know what the issue might be - It's using the cert from PA2.
What we had:
PA1
PA2
What died:
PA1
What we replaced:
PA1
The config we used on the new hardware:
PA2
That brought over the cert from PA2
I think that's what the problem is. If that fixes it I'll post here in case anyone else has the same issue at any point.
11-07-2019 07:48 PM
Do you have any extensions in your browser that block ads or anything like that; uBlock Origin I know for sure will messes with the ability for the GUI to render.
11-08-2019 06:08 AM
@BPry Hey, thanks for replying. I don't think that's it because the other one in the pair works just fine. That being said, as I mentioned in the post, we just replaced this one and the config we used was the one from the palo in the pair. Because of that I think I know what the issue might be - It's using the cert from PA2.
What we had:
PA1
PA2
What died:
PA1
What we replaced:
PA1
The config we used on the new hardware:
PA2
That brought over the cert from PA2
I think that's what the problem is. If that fixes it I'll post here in case anyone else has the same issue at any point.
11-08-2019 06:40 AM
I have a question though.
If the FWs are in an HA pair (presumption) that the cert on PA1 and PA2 should have been the same.
When PA1 failed, and you copied the PA2 cert, it should have been identical to the original PA1 cert.
Confused.... 😛
11-08-2019 07:15 AM
@S.Cantwell Hey Steve -
I'll try my best to explain, I'm still not great at this stuff yet.
Device > Setup > Management > General Settings > SSL/TLS Service Profile
We have a "management" cert set up for each Palo in the pair. That cert has to be IP specific pointing to the IP of the Palo management interface.
Does that make sense or are you telling me I have something setup wrong? Eeeeek!
11-08-2019 09:32 AM
Hello again.
Makes sense now what you are saying.
But I do not see this as part of the FW causing your overall issue, but if you think it is the wrong cert, then the browser should balk at it, and give you a untrusted cert error splash page... or similar...
You may want to double check and verify.
Let us know.
steve
11-08-2019 10:55 AM
That did fix the issue. Not sure why exactly, but when I fixed the cert it came up in chrome with no issues.
I appreciate your time! Thanks again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
