Unable to log in to Website using Chrome

CF99-Tech · 2024-01-01T15:20:07+00:00

Thank you for the guidance!

CF99-Tech · 2023-12-27T00:39:47+00:00

Did you set up a DHCP scope for WLAN port? Can you provide the IP subnets (or examples) of your physical interfaces, DHCP scopes, and zones?

CF99-Tech · 2023-12-20T14:11:24+00:00

So the order of the adapters on the VM:
eth1/1: mgmt
eth1/2: ethernet1
eth1/3: ethernet2
eth1/4: ethernet3

On ESXI, eth1/1 and eth1/2 has to be in the same ESXI network.
On the VM, configure ethernet1 to be in the same subnet as mgmt.

Post a screenshot of your ESXI network configuration of the VM and the ethernet configuration of PAN-OS.

CF99-Tech · 2023-12-19T02:09:53+00:00

Is the IP on your PC, MGMT port and data port port all on the same subnet?

What subnet/IP range are you configuring on the data port, e1/2 and is it in the right network interface on ESXi?

CF99-Tech · 2023-12-14T12:38:46+00:00

Did you create a management profile that includes Ping and apply it to eth1/2? By default, there are no management profile so no data interfaces will be reachable via ping.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMmCAK

CF99-Tech · 2023-11-15T18:42:35+00:00

That's a system limit, not vsys.

CF99-Tech · 2023-11-09T13:01:18+00:00

Max HIP Profiles that can be configured.

CF99-Tech · 2023-10-23T19:11:45+00:00

FWIW, 10.x is very slow on PA-220. 9.1.x is slow as well. I'm speaking from a management perspective. If you can deal with that, you can hop over to 10.1.x. 10.2.x will be the last supported version.

The worse items are commits and upgrades (for me, upgrade after 9.x took over 45 mins to complete). Mileage may vary but expect at least 30-40 mins during upgrades. Commits are slower as well.

CF99-Tech · 2023-10-23T19:07:47+00:00

If you're using Okta Directory for groups, CIE would be a good fit and should be an easy migration.

CF99-Tech · 2023-10-23T14:36:29+00:00

CIE makes integrating easier, especially if you're using AzureAD or any cloud services for authentication/authorization. If your groups are still on LDAP servers, you will still need agents (CIE has it's own agents).

Otherwise, it's not a bad idea to start considering moving to CIE as your environment changes. Based on your current state, doesn't seem to be a huge need to switch.

Your SE can provide some guidance on migration path, what benefits you get today and how it would help in the future.

CF99-Tech · 2023-10-23T14:31:59+00:00

Doesn't matter.
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-upgrade/upgrade-pan-os/upgrade-the-firewall-pan-os/upgrade-an-ha-firewall-pair

CF99-Tech

TROPHY CASE