About nevolex

Hi everyone,   I had  a polo alto firewall that I sold on ebay as I no longer needed it, it's out of licence/ support.    How can I remove it from my portal? Would that impact the ability of the person who bought it from me to use it at all?    Thank you  ... View more

hi everyone,   I have GP configured for ipv4, it works (I also have both ipv4 and ipv6 addresses delivered via dynamic assignments from the isp for the internet link) in the configuration if GP I use "none" under the IP assignments for ipv4 as I guess I have nothing to chose from since it's dynamic anyway.   however when I add ipv6 settings to GP and still use "none" under ip assignments I cannot install the change. It complains that ip assignment  is missing. it does work for ipv4 tho.  if I go for ipv6 only, I get exactly the same message, if I got for ipv4 only all works   os 11.0.3   when. ipv6 is enabled under portal and gateway configurations:   missing local address ipv4 or ipv6 of tunnel global-protect-gateway-N (Module: rasmgr) global-protect-gateway tunnel (global-protect-gateway-N) parsing failed (Module: rasmgr) client rasmgr phase 1 failure global-protect-portal local-address is invalid! (Module: gp_broker) client gp_broker phase 1 failure Commit failed   have anyone come across such errors? thank you     ... View more

Hi everyone,   I would like to ask for some assistance in my configuration, the palo alto firewall has been so far a pretty frustrating experience, I guess due to my lack of knowledge of Pas   i have 2 wan dhcp dynamic ips links   I would like to implement some redundancy if 1 link goes down - the second link activates and when the primary goes back, it failovers back    very simple setting   I hav dhcp enabled on both interfaces and I have disabled "automatically install the default route from the isp" I went to logical routes and created: a static route 1  with metric 10 : 0.0.0.0/0 --> next hope "none" and interface being the wan 1 (I have a dynamic next hop, so i cannot point to the temp gateway) a static route 2  with metric 200 : 0.0.0.0/0 --> next hope "none" and interface being  the wan 2 I have a dynamic next hop, so i cannot point to the temp gateway) enabled route  monitoring and after installing I get Path monitoring failed for static route destination 0.0.0.0/0 with next hop ethernet1/2. Route removed. 11/04 06:04:28 Path monitoring failed for static route destination 0.0.0.0/0 with next hop ethernet1/1. Route removed.   so obviously after that internet is not working   can you please advise what do i do wrong, why the PA cannot identity the next hop dinamically via the interface it was told to use??   thank you    ... View more

hi I have been having hard times configuring this simple task   I have 2 tsp links, ips / gateways are dynamic.  I am using default router metric for primary as 10 and the secondary as 30. However randomly the secondary takes over for no reason. Also if I unplug the primary, the secondary does not really failover.   there is path monitoring etc, but all is related to static routes, is there solution that would work with dynamic routing?   thank you   ... View more

Hi folks I am having issues with access via ssh from macos/ linux pcs   pc ~ % ssh admin@10.10.10.1                                                                                                                                          Unable to negotiate with 10.10.10.1 port 22: no matching host key type found. Their offer: ssh-rsa                                                                           I can access it using this modified command:    ssh -oHostKeyAlgorithms=+ssh-rsa admin@10.10.10.1   I have added these options to ssh profile, restarted ssh server/ rebooted as well for testing, but still getting same results    Unable to negotiate with 10.10.10.1 port 22: no matching host key type found. Their offer: ssh-rs     Does anyone know what needs to be configured on the palo alto to resolve ssh compatibility issues? thank you ... View more