Troubleshooting Palo Alto Networks Hardware Issues
Hardware issues can vary from power supplies, fans, and disk drives. This document provides a guide to detect, determine and validate common hardware issues. Possible recovery actions are also provided, where applicable.
This document covers:
Accessory failures (power supply, fans, fan tray)
ECC errors (memory)
Using maintenance mode
General boot problems
Palo Can’t resolve specific url category.
1. Palo alto still no update with the url and it details.
2. Address/Site using 1 public IP but retirects to cdn.
3. Different url but using same IP Public address.
Basic Palo Alto Firewall Setup and Configuration
I. Creating Zones (Network > Zones > Add)
Note: It’s better to use Layer 3 Type because we will be using routing and translation.
II. Network Profile (Network > Network Profile > Interface Mgmt> Add)
Note: We can specify specific src address to permit.
III. Interface Configuration (Network > Interfaces > Edit Interface)
We are using the default Virtual router and set the interface to trust zone.
Assign IP address.
Apply the Network Profile we created. Click Commit to apply changes
Show interface all
Show deviceconfig (Configuration mode)
Ping source x.x.x.x host x.x.x.x
By default it will use the management ip as source so that’s why we need to add specific source add on ping command.
Backing Up & Restoring Configuration of Palo Alto Firewall
I. Commit/Save Changes.
II. Export Existing Config (Device > Setup > Operations)
Click Save named configuration snapshop. (Snapshop of the configuration that will be saved on local device.)
Click Export named configuration snapshotto export the saved snapshop that was stored in the local device.
Select the created named configuration.
It’s going to download and will be saved on your local computer.
Done. We can now proceed to basic bootstrapping of the new firewall including the management interface address and simply import the configuration that we have backed up.
Note: To Reboot/Shutdown the PA Firewall using GUI.
III. Import Configuration (Device > Setup > Operation)
Click Import named Configuration snapshot
Click browse and select backup file on your local computer.
Successfully saved in your local device(firewall)
Click Load named configuration snapshot
Select file backup configuration.
Click commit! Done!
Palo Alto Firewall High Availability
1. Active – Standby
2. Active – Active
High Availability Links:
1. HA1 – Control link
2. HA2 – Data Link
1. Hearth beats Hello Message
2. Link Monitoring
3. Path Monitoring
1. Same Model
2. Same PAN OS Version
I. Connect the HA ports to setup physical connection between the devices.
For firewalls with dedicated HA ports, use an Ethernet cable to connect the dedicated HA1 ports and the HA2 ports on peers. Use a crossover cable if the peers are directly connected to each other.
For firewalls without dedicated HA ports, select two data interfaces for the HA2 link and the backup HA1 link. Then, use an Ethernet cable to connect these in-band HA interfaces across both firewalls. Use the management port for the HA1 link and ensure that the management ports can connect to each other across your network.
II. Enable HA, Group ID, Assign Mode, Enableconfig sync and assign peer address.
III. Configure Control Link(HA1) on Palo Alto Primary and Secondary
IP will be used on Peer address
You can also enable encryption to secure the communication between to peer.
IV. Configure Data Link (HA2)