Category Archives: Palo Alto

Troubleshooting Palo Alto Networks Hardware Issues

Troubleshooting Palo Alto Networks Hardware Issues
Hardware issues can vary from power supplies, fans, and disk drives. This document provides a guide to detect, determine and validate common hardware issues. Possible recovery actions are also provided, where applicable.

This document covers:

Accessory failures (power supply, fans, fan tray)
Disk problems
ECC errors (memory)
Using maintenance mode
General boot problems
owner: sdarapuneni

https://drive.google.com/open?id=1PHQ9co2VZPjlJNFnysTiFdvZUk84Y98a

https://live.paloaltonetworks.com/t5/Learning-Articles/Troubleshooting-Palo-Alto-Networks-Hardware-Issues/ta-p/62083

Palo Alto Firewall Setup and Basic Configuration

Basic Palo Alto Firewall Setup and Configuration

Topology:
10

I. Creating Zones (Network > Zones > Add)
11

12

Note: It’s better to use Layer 3 Type because we will be using routing and translation.

II. Network Profile (Network > Network Profile > Interface Mgmt> Add)
13

Note: We can specify specific src address to permit.

III. Interface Configuration (Network > Interfaces > Edit Interface)
14

We are using the default Virtual router and set the interface to trust zone.
15

Assign IP address.
16

Apply the Network Profile we created. Click Commit to apply changes

CLI Verification:
Show interface all
17

Show deviceconfig (Configuration mode)
18

Ping source x.x.x.x host x.x.x.x

19

By default it will use the management ip as source so that’s why we need to add specific source add on ping command.

Palo Alto Firewall Backup and Restoration Process

Backing Up & Restoring Configuration of Palo Alto Firewall

I. Commit/Save Changes.
II. Export Existing Config (Device > Setup > Operations)
1

Click Save named configuration snapshop. (Snapshop of the configuration that will be saved on local device.)
2

Create name.

Click Export named configuration snapshotto export the saved snapshop that was stored in the local device.
3

Select the created named configuration.

It’s going to download and will be saved on your local computer.
4

Done. We can now proceed to basic bootstrapping of the new firewall including the management interface address and simply import the configuration that we have backed up.

Note: To Reboot/Shutdown the PA Firewall using GUI.
5

III. Import Configuration (Device > Setup > Operation)
6

Click Import named Configuration snapshot
7

Click browse and select backup file on your local computer.
8

Successfully saved in your local device(firewall)

Click Load named configuration snapshot
9

Select file backup configuration.

Click commit! Done!

Palo Alto Firewall High Availability

Palo Alto Firewall High Availability

Modes:
1. Active – Standby
2. Active – Active

High Availability Links:
1. HA1 – Control link
2. HA2 – Data Link

Triggers:
1. Hearth beats Hello Message
2. Link Monitoring
3. Path Monitoring

Pre-requisite:
1. Same Model
2. Same PAN OS Version
Configuration

I. Connect the HA ports to setup physical connection between the devices.
20

For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.

For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls. Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.

II. Enable HA, Group ID, Assign Mode, Enableconfig sync and assign peer address.
21

III. Configure Control Link(HA1) on Palo Alto Primary and Secondary

PA1
22

IP will be used on Peer address

PA2

23

You can also enable encryption to secure the communication between to peer.

IV. Configure Data Link (HA2)

24