About Basavaraj

Hi Adrian,   Thank for you letting me know, I will be a little careful going forward Regards Basavaraj ... View more

Hi DongQu, what DNS servers are configured in your GP settings Internal or External DNS? what do you see in the traffic logs?   Regards Basavaraj ... View more

Hi Kevin,   may I know what settings are you referring to?    There won't be any changes as long your VPN configuration is concerned, you have to map the new certificate in the SSL/TLS profile once you import the new certificate, only that is the change you will have to do as for as I know   Regards Basavaraj ... View more

Hi,   there are no settings going to be changed in the VPN configurations, you generate the new CSR and get it signed by your CA and bind the certificate with your CSR in the Palo alto firewall. after that, you can map it to your SSL/TLS profile and test it.   Regards Basavaraj ... View more

Hi Bambox,   Can you please explain the situation in a bit more detail?   are you saying that you have already rule configured to access Microsoft teams from your DMZ to INTERNET? are you configuring the rule with the application ID or based on the IP? if your receiving "Not Applicable" in your traffic logs, then you need to reverify the placement of your security rule, maybe move the rule to the top of the list and check.   as per the Palo alto document Not-applicable means that the Palo Alto device has received data that will be discarded because the port or service that the traffic is coming in on is not allowed, or there is no rule or policy allowing that port or service. For example, if there was only one rule on the Palo Alto device and that rule allowed the application of web-browsing only on port/service 80, and traffic (web-browsing or any other application) is sent to the Palo Alto device on any other port/service besides 80, then the traffic is discarded or dropped and you'll see sessions with "not-applicable" in the application field.   Regards Basavaraj   ... View more

Hi,   Could you please explain more about your 2FA setup with TACACS+, for 2FA are you using any other radius server? what logs do you see on the tacacs server when you're trying to authenticate?   Regards Basavaraj ... View more

Hi EminetX,   VMware workstation and Palo alto interfaces are different, when you install Palo alto you get set up of interfaces in the Palo alto VM and in the VMware workstation you can configure whatever the virtual network adapters you need. once you decide how many interfaces you needed on the firewall, those many virtual adapters you need to configure inside the VMware workstation, logically those interfaces whatever you configure on the VMware workstation they get attached to Palo alto interfaces.   for the lab, you can configure 2 or 3 interfaces and practice.   don't get confused with the number of interfaces on the VMware workstation and Palo alto VM.   there are so many youtube videos available if you search you will get plenty, you can watch and practice   Regards Basavaraj ... View more

Hi, you can connect all the links from the firewall to the switch, in case if you're connecting to the same switch then you can do a port-channel between switch and firewall, in the firewall, you can configure the sub-interfaces for all VLANs, in the switch just configure the port-channel as a trunk, it should work fine for you   ... View more