About fatboy1607

Try this steps:   Disable WMI services : run - services.msc - Windows Management Instrumentation(WMI) - stop the service. Delete the files under C:\Windows\System32\wbem\Repository Open regedit Go to HKEY_LOCAL_MACHINE > Software and HKEY_CURRENT_USER > Software. Delete the Palo Alto Networks folder. Delete the same if the same folder is present in any other user under HKEY_USERS. Un-install GlobalProtect from Windows 'program and features'. Make sure that the virtual adapter in not present in the Network adapter settings. Reboot the machine. Reinstall GlobalProtect with admin privileges. Confirm that WMI service is running. ... View more

what is error you get ? ... View more

IF we make cert profile to  use subject feild would it require user certificate for that ? ... View more

I suggest you go with PAN OS version 9.0 and latest GP client version.   Make sure under portal authentication is done using certificate.   looking at error it seems your certificate chain is not full.   take packet capture look at certificate sent cpature from client to check if it sending certiifcate. ... View more

You can setup IPSEC from One Satellite to 2 HUB Firewalls and configure Tunnel Monitor for fail over. In case of failure of connectivity with one hub all traffic  for satellite would get routed through other hub. You can setup this config  in Portal Profile giving appropriate gateway Priority.           ... View more

Did you upgrade OS , just to know if that fixed your issue ? ... View more

Do a check on following :-   Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect\PanSetup Prelogon Value should be 1.   Check your machine certificate status.   your machine certificates it should contain private key.   Check certificate chain for machine certificate.   Troubleshooting logs what error do you see ?     ... View more

@aneeqzia  Are you referring connection with portal  from global protect client ?     ... View more

how do you check in lsvpn if hub is intiator ? ... View more

could you please share rough sketch. ... View more

there are some commands related to dedicated HA interfaces where you can check status of those interfaces and few more details.   show high-availability interface ha1 ... View more

What is  role of auth cookie in pre logon ? ... View more

Thanks @trivers01  Appreciate your reply.   1. Query is it is always recommended to use public cert for IP  facing public so portal IP is public  lets say we use cert from well known CA's like commdo , symantec,verizon etc.   2. If that is same cert I need to use as server cert on gateway ( As I have gateway and Portal on Same firewall ) then issue is with client authentication as we cannot get client certificate from well root CA's I mean not a good practice.   Then for Portal authentication If use LDAP or Local , for the machines that are newly build I dont have user name and password for those users  going to use it , so we want to make authentication using certificate. I think only using cert profile on portaln to match subnet name will solve it , your suggestion ?     Then I dont see document mentioning use of cookie authentication ?   some documents refer using cookie authentication ?   3. Any specific logs on firewall side we can see if pre-logon is getting triggered ?   Thanks Again.       ... View more

To apply qos for incoming traffic from IPSEC tunnel you need to create appropriate QOS profile and apply it on eth1/1 ( untrust ) interface under tunneled traffic , select appropriate  tunnel interface  and QOS Profile.   Screenshot shown below.     ... View more