This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
About GuidoKramer
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About GuidoKramer
07-19-2019
3Posts
1Like
0Solutions
Jul 19, 2019Last Visited
User
Activity
User
Profile
Latest posts by GuidoKramer
| Subject | Views | Posted |
|---|---|---|
| 3088 | 07-19-2019 03:55 AM | |
| 8017 | 06-07-2019 03:16 AM | |
| 9277 | 06-07-2019 01:34 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 06-07-2019 01:34 AM |
User Badges
Community Statistics
| Member Since | 05-21-2019 03:23 AM |
| Date Last Visited | 07-19-2019 07:54 AM |
| Posts | 3 |
| Total Likes Received | 1 |
07-19-2019
03:55 AM
Hello all, I am currently configuring an HA cluster (active / passive) with the following configuration: Primary (active) box: PA-820 ethernet1 / 1: 1.1.1.1/29 (external interface) ethernet1 / 2: 192.168.0.1/24 (internal interface) MGMT: 192.168.50.251/25 (Management interface) Secondary (passive) box: PA-820 ethernet1 / 1: No IP address, as this is the secondary (passive) box. ethernet1 / 2: No IP address, as this is the secondary (passive) box. MGMT: 192.168.50.252/25 (Management interface) The two firewall systems are located at the customer, so I have no physical access to the MGMT interface. Nevertheless, I would like to be able to administrate both (!!!) firewall systems remotely. Previous attempts to access the management port (MGMT) via a NAT or similar have failed. What works is access to the primary system via VPN. The internal interface (ethernet1 / 2) is in the list of protected networks and the interface itself has been assigned the management role What options do I have left? An active / active HA configuration is eliminated because DHCP is needed on the firewall. Thanks for your help! Regards, Guido
... View more
06-07-2019
03:16 AM
OK, I added a new security policy with the information mentioned on the page "Best Practices for Securing Administrative Access". When I tried to initiate a session with my web browser I can see that the hit count of this policy raises; but still the login prompt does not appear in the browser. Of course, the network from which I initiate the connection was added to "Device --> Setup --> Interface --> Management --> Permitted IP Addresses". Or do I have to connect via GlobalProtect?
... View more
06-07-2019
01:34 AM
1 Kudo
Hey everyone, I have the following active-passive-HA-scenario: ethernet1/1: External Interface (vpn termination point) ethernet1/2: Internal Interface MGMT: Management-Interface HA1: HA HA2: HA For administrative and monitoring purposes I need access from an external network to the WEB-GUI of both firewall-systems. Because of active-passive-HA, just one firewall is available at the same time. So I thought: Is it possible to establish a IPSec-Tunnel between two firewall to get access to the WEB-GUI: The ipsec tunnel works fine and I can see hits on the security policy which should allow the traffic from external network to the Management-Interface of the palo alto firewall. But the access via https does not work. 😞 My questions: - Is it possible to get access from external network via ipsec-tunnel to the Management-Interface of a Palo Alto Firewall? - Are there other ways to get access from external network via ipsec-tunnel to the WEB-GUI of both firewall-systems? Thanks in advance
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks