This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
About ToshiNakano
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About ToshiNakano
03-18-2023
7Posts
5Likes
0Solutions
Mar 18, 2023Last Visited
User
Activity
User
Profile
Latest posts by ToshiNakano
| Subject | Views | Posted |
|---|---|---|
| 1270 | 03-11-2022 12:28 PM | |
| 1286 | 03-11-2022 10:11 AM | |
| 2205 | 03-11-2022 08:39 AM | |
| 2372 | 03-19-2020 07:24 AM | |
| 2451 | 03-17-2020 08:29 PM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-11-2022 12:28 PM | |
| 1 Like | 03-11-2022 10:11 AM | |
| 2 Likes | 03-11-2022 08:39 AM | |
| 1 Like | 09-07-2018 05:56 AM |
User Badges
Community Statistics
| Member Since | 09-03-2016 05:17 PM |
| Date Last Visited | 03-18-2023 09:45 PM |
| Posts | 7 |
| Total Likes Received | 5 |
03-11-2022
12:28 PM
1 Kudo
I found the tick. I was on hold for 6 hours. However I used another phone and called without the case ID. Then, a new engineer picked up within 5 min. This is very strange. Maybe something is wrong with their phone call queuing system.
... View more
03-11-2022
10:11 AM
1 Kudo
Now I am wating for more than 4 hours. Is this becase of the russia and ukraine issue?
... View more
03-11-2022
08:39 AM
2 Kudos
I am wating for about 3 hours now. Something is wrog with Palo Alto support today???
... View more
03-19-2020
07:24 AM
Update: It is resolved. We compared between Palo Alto generated cert and MS generated cert with a default template. We found out one difference between the two. MS generated Cert didn't have Subject (I mean subject value was blank). As soon as we added the subject (CN=FQDN) in the MS cert, Palo alto accepted the MS cert. I think Palo Alto should update the KB saying "subject is requirement" for machine cert Pre-logon.
... View more
03-17-2020
08:29 PM
Hi, We are trying to setup always on + Pre-Login with Machine cert which generated by Microsoft PKI and distributed by GPO when user turned on the machine . Then, when user login to the machine, it will use windows logon with SSO. Like this KB. https://docs.paloaltonetworks.com/globalprotect/9-0/globalprotect-admin/globalprotect-quick-configs/remote-access-vpn-with-pre-logon We confirmed a machine cert exists correct location on the Windows machine. Also, we imported the Microsoft Root cert on to Palo Alto. And we configured Portal and Gateway like KB exception is we are using MS PKI. When we login and log off from user, it will switch successfully switch to Pre-Logon. However, when we reboot the machine, Global Protect won't connect automatically with pre-logon. Global protect is disconnected until user login. It seems the cert is the issue. So far, we found out that if we create Palo Alto generated cert and export the cert with private key, and then import the cert to Windows machine, it will work as expected. We noticed that the main difference between the two is that Palo Alto generated cert has a private key embedded within the machine cert. However, Microsoft auto generated machine cert doesn't have a private key within the cert. If you see at the end of KB, it mentioned "make sure a. it has private key". Is the private key within the machine cert requirement? If so, what is the technical reason? How can we generate a machine cert with a private key by Microsoft PKI? https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEYCA0 6. Once imported, double click the imported machine certificate to make sure a. it has private key b. its certificate chain is full upto its root CA. If the chain is missing root CA or intermediate CA, import them to their respective folders as explained in Step 5.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
03-18-2023
09:45 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks