This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

About Metgatz

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Metgatz
‎02-10-2026
since ‎04-20-2021
L4 Transporter
User Activity
User Profile
Latest posts by Metgatz
View All
Posts I Liked
View All
User Badges
Community Statistics
Member Since ‎04-20-2021 03:55 PM
Date Last Visited ‎02-10-2026 10:40 PM
Posts 329
Total Likes Received 35

Re: Connect to Globalprotect from Guest Zone

by in GlobalProtect Discussions
‎11-14-2022 12:37 PM
‎11-14-2022 12:37 PM
Hello @Falk-Schneider    Create a No NAT rule,  no-nat rule for traffic from the Internal o internals zones networks to the public IP address of the firewall ( The IP Public you use for GlobalProtect Portal / Gateway ). Then you can connecto to global protect from internal notework without problems.   Cheers ... View more

Re: RDP access to private servers behind Palo Alto

by in General Topics
‎11-14-2022 09:20 AM
‎11-14-2022 09:20 AM
Helo @Linford  Ok, so both the security policy and NAT, you already see Hits in it. OK, when you check the incoming traffic in the firewall you already see logs, marked as age-out ? if you filter for example by tcp port 3389 ? Now the next points to check. -Does your server, which you are trying to reach, have local windows firewall ? or some software that could be denying the connection ? Did you validate by disabling, just temporarily to validate, and then make the corresponding adjustments ? -Now the server has correct access to its default gateway ? to the LAN gateway of your Trust network ? Do you have Ping to it ? -Now from the server you have access to the Internet ? if you do a Ping or a trace you have access ? the trace and the ping answer correctly ? -At firewall level has the default route set, the public default gateway, that is your 0.0.0.0.0/0 through the same link associated to your 1/1 interface? -Do you have multiple WAN links ? - From the RDP server, do you have access to the Internet ?   Best regards ... View more

Re: High Availability on Public Cloud

by in VM-Series in the Public Cloud
‎11-13-2022 08:52 PM
‎11-13-2022 08:52 PM
Hello @Mitesh_Nandu    Review carefull the doc say clarify HA Active Passive - HA Active / Active NO, for both modes.   https://docs.paloaltonetworks.com/vm-series/10-2/vm-series-deployment/about-the-vm-series-firewall/vm-series-in-high-availability#:~:text=AZURE-,GCP,-OCI     Best regards ... View more

Re: High Availability on Public Cloud

by in VM-Series in the Public Cloud
‎11-13-2022 08:37 PM
‎11-13-2022 08:37 PM
Hello, thanks for the information, good to know.   So if it is supported, then it should not be that different from any other HA Active Passive VM type requirement, just in GCP environment.   Best regards ... View more

Re: RDP access to private servers behind Palo Alto

by in General Topics
‎11-13-2022 04:45 PM
‎11-13-2022 04:45 PM
Hello @Linford    Your two policies look OK. You review the Monitor Log traffic when you testing the access from external Networks?  Translated Address: Private IP address is the correct   You check if another policy block the trarffic ? You check if your Nat and Security policy do it a Match/Hit ?   You have checked review if the endpoint local Firewall/IPS an other security sofware can block your request to RDP ?   Cheers ... View more

Re: App and Threat Threshold

by in General Topics
‎11-13-2022 04:24 PM
‎11-13-2022 04:24 PM
Hello @Schneur_Feldman , it all depends on how you adjust it. Some people prefer, once a new release comes out, well a new Update Dynamic, to wait before installing, to review and analyze, relying on the threshold set. There are those who prefer to just download and install every 30 minutes and not leave anything in the threshold. It all depends on your environments and scenarios. Check these links related to Best Practices, but the choice should always be based on your choice, priority and environment:   -https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/software-and-content-updates/best-practices-for-app-and-threat-content-updates Best regards ... View more

Re: App and Threat Threshold

by in General Topics
‎11-11-2022 02:49 PM
‎11-11-2022 02:49 PM
Hello @Schneur_Feldman    Hello, good afternoon.   The Threshold corresponds to the additional time. Example you have set every 30, but if you have 48 hrs, after 30 minutes, it will wait the hours you entered in Threshold in your case, example 48, to just perform the action you indicated, as in this case, download and install.   Best regards ... View more

Re: Critical processes (configd) are down. Please try again later.

by in Panorama Discussions
‎11-11-2022 12:42 PM
‎11-11-2022 12:42 PM
Hello @SKS7 , what good news to hear that you were able to solve your problem.   Best regards ... View more

Re: Critical processes (configd) are down. Please try again later.

by in Panorama Discussions
‎11-10-2022 08:57 PM
1 Kudo
‎11-10-2022 08:57 PM
1 Kudo
A Ok ok, and try to restart the especific process:   debug software restart process configd   Or, if you can, reboot Panorama. Pan OS 9.1.X ? or 10.0.X or 10.1.X ? If is PAN 10.0 or 10.1 restart debug software restart process device-server   Cheers ... View more

Re: Critical processes (configd) are down. Please try again later.

by in Panorama Discussions
‎11-10-2022 08:37 PM
‎11-10-2022 08:37 PM
Hello @SKS7    Look for a maintenance window, and restart the management server service. It will close the active sessions, wait a few minutes and reconnect via Web-Gui and/or SSH.   debug software restart process management-server show system resources | match mgmt ( To check that the service is active )   Cheers ... View more

Re: High Availability on Public Cloud

by in VM-Series in the Public Cloud
‎11-10-2022 07:21 PM
‎11-10-2022 07:21 PM
Hello @Mitesh_Nandu    Personaly I dont deploy HA in GCP.   I personally have not deployed Palo Alto in HA in GCP.   I understand that it is not supported for GCP, at least in a traditional way.   Check this Links:   https://docs.paloaltonetworks.com/vm-series/9-0/vm-series-deployment/about-the-vm-series-firewall/vm-series-in-high-availability#:~:text=AZURE-,GCP,-Active/Passive%20HA   https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000PP9zCAG   https://docs.paloaltonetworks.com/vm-series/9-1/vm-series-deployment/set-up-the-vm-series-firewall-on-google-cloud-platform/supported-deployments-on-google-cloud-platform     Cheers   ... View more

Re: PCI compliance ECDHE/RSA

by in GlobalProtect Discussions
‎11-09-2022 05:47 PM
‎11-09-2022 05:47 PM
Hello @wicklunds    Good evening, well if you use a SSL/TLS profile, associated with a custom certificate, self-signed, or signed by an internal CA. You can generate it with ECDSA with a 256 or 384 or RSA at least 512 to 4096, at least for those self-signed by Palo Alto, but then if it is an internal CA, it depends on what support you have to generate certificates. And then this assign it to the firewall administration, to the Web-Gui, so that it responds that certificate.   Review this:   https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmqeCAC#:~:text=value%3E%20%20%20%20%20%20%20%20%20%20Profile%20name-,admin%40192.168.1.1%23%20set%20shared%20ssl%2Dtls%2Dservice%2Dprofile%20TLSprofileTest%20protocol%2Dsettings,-(tab%20to%20view   Best regards ... View more

Re: GlobalProtect fails connection

by in GlobalProtect Discussions
‎11-09-2022 01:17 PM
‎11-09-2022 01:17 PM
Hello @Rathsach    Try this:   Disable WMI services : run - services.msc - Windows Management Instrumentation(WMI) - stop the service. Delete the files under C:\Windows\System32\wbem\Repository Open regedit. Go to HKEY_LOCAL_MACHINE > Software and HKEY_CURRENT_USER > Software. Delete the Palo Alto Networks folder. Delete the same if the same folder is present in any other user under HKEY_USERS. Uninstall GlobalProtect from Windows program and features by clicking the uninstall button that shows after the program is selected. NOTE: You may need administrative rights to uninstall programs. Make sure that the virtual adapter is not present in the Network adapter settings. Reboot the computer. Reinstall GlobalProtect with admin privileges. Confirm that WMI service is running. When you reintall, install the lastes recomended version of Global Protect, exampleo for version 5.2.X, use 5.2.12.   https://live.paloaltonetworks.com/t5/customer-resources/support-pan-os-software-release-guidance/ta-p/258304#:~:text=5.2,5.2.12   Best regards ... View more

Re: Equipment registration in customer support portal

by in Next-Generation Firewall Discussions
‎11-08-2022 07:10 PM
1 Kudo
‎11-08-2022 07:10 PM
1 Kudo
Hello @jchciazacarrion    Good afternoon, of course you can. First you must register your Firewalls in the Support Portal. You must register your equipment, after that, from your firewalls, with Internet Access, apply the retrieve option to automatically download your licenses. Make sure you set the IP parameters in the MGT of your firewalls, and the DNS server, to resolve correctly to the Internet.   You can also, once the firewalls are registered, download the licenses manually and then upload them to the firewalls manually.   It starts counting the time of the licenses, the first time, when the firewalls are registered.   Best regards ... View more

Re: PCI Compliance - Weak SSL/TLS Key Exchange - 443 / tcp over ssl

by in General Topics
‎11-08-2022 04:36 PM
‎11-08-2022 04:36 PM
Hello @jwise    I recently fix same issue in 9.1.X.   First yo need to use a Certificate custom ( Self Signed or issue from a internal C.A ). Then create SSL/TLS profile minimoum TLS 1.2, maximium Max.   Now from CLI you need to disable the weka algortims using in the SSL/TLS profile:   Like this:   Disable 3des • #set shared ssl-tls-service-profile TLSprofileTest protocol-settings enc-algo-3des no • Disable SHA1: • #set shared ssl-tls-service-profile TLSprofileTest protocol-settings auth-algo-sha1 no disable RC4: • #set ssl-tls-service-profile TLSprofileTestprotocol-settings enc-algo-rc4 no   Then you need yo assing the TLS Profile to Managment Web-Gui, en Devece-Setup.   Now for SSH you need to do it this: • # set deviceconfig system ssh ciphers mgmt aes256-ctr • # set deviceconfig system ssh ciphers mgmt aes256-gcm • # set deviceconfig system ssh default-hostkey mgmt key-type ECDSA 256 • # set deviceconfig system ssh regenerate-hostkeys mgmt key-type ECDSA key-length 256 • # set deviceconfig system ssh session-rekey mgmt interval 3600 • # set deviceconfig system ssh mac mgmt hmac-sha2-256 • # set deviceconfig system ssh mac mgmt hmac-sha2-512 • # delete deviceconfig system ssh kex mgmt • # set deviceconfig system ssh kex mgmt ecdh-sha2-nistp521 • # commit Then restart the service SSH: # set ssh service restart   Important: Always as a good practice, generate a Backup of your config.   Best regards ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎02-10-2026 10:40 PM
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks