This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About MatthewSabin
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About MatthewSabin
02-06-2023
23Posts
9Likes
1Solution
Feb 06, 2023Last Visited
User
Activity
User
Profile
Latest posts by MatthewSabin
| Subject | Views | Posted |
|---|---|---|
| 310 | 11-04-2022 11:23 AM | |
| 3191 | 01-13-2022 03:13 PM | |
| 1094 | 09-24-2021 03:35 PM | |
| 2547 | 11-03-2020 12:15 PM | |
| 3211 | 10-21-2020 08:20 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-19-2017 11:15 AM | |
| 1 Like | 11-03-2020 12:15 PM | |
| 2 Likes | 05-18-2017 03:43 PM | |
| 4 Likes | 04-13-2017 10:30 AM | |
| 1 Like | 03-31-2017 11:34 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 3 Likes | |||
| 2 Likes | |||
| 2 Likes | |||
| 3 Likes |
User Badges
Community Statistics
| Member Since | 03-15-2017 03:23 PM |
| Date Last Visited | 02-06-2023 02:17 PM |
| Posts | 23 |
| Total Likes Received | 9 |
11-04-2022
11:23 AM
Back in 9.x we feel like the HA peers had no trouble passing LSVPN from active to passive when an HA failover event occurred.
Now in 10.1 we're seeing about half of our sites fail to bring up the tunnels when HA moves from active to passive.
I've been unable to find clear documentation on what to expect in an HA event as far as LSVPN is concerned.
I'm guessing it's related to authentication-cookie expirations or a failure of the active to pass the cookie to the passive or something like that.
Can anyone help me figure out what to check to predict whether a site will be able to roll LSVPN in an HA event? Cookie lifetime or whatever?
... View more
01-13-2022
03:13 PM
Will 10.0.x clients not be able to get authenticated (or renew certificates) until they're upgraded?
... View more
09-24-2021
03:35 PM
The image appears in my search in the software updates area on the support portal - you do need to be a Paloalto customer and I presume must be eligible to use the image in order to see it in the portal.
... View more
11-03-2020
12:15 PM
1 Kudo
Thanks for the tip, but it turns out that my problem wasn't about syntax but method. Pasting all of the parts of a certificate into the configuration and comitting doesn't actually "install" a certificate, or so I've learned. Rather than pasting it in, TAC informs me that I must exit configuration mode and import the certificate as below: scp import certificate source-ip <scp server IP> remote-port <scp server port> from <user>@<scp server>:<path><filename> format <pem|pkcs12> [passphrase <pass phrase>] certificate-name <name> Whe the certificate is imported, that invalid syntax line magically materializes in the show output.
... View more
10-21-2020
08:20 AM
We'll need a little more detail to give you any help. In the meantime, take a look at this thread: https://live.paloaltonetworks.com/t5/general-topics/globalprotect-the-server-certificate-is-invalid/td-p/193204/jump-to/first-unread-message --Matthew
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks