Month: January 2019

Q: How do you apply the configuration change on Paloalto Firewall?

chicagotech.net: Click Commit at the top right of the web interface to commit, validate, or preview your changes to the firewall configuration.

Tip: To save, revert, import, export, or load configurations, select Device > Setup > Operations.

Q: Can I lock my configuration when I am working on Paloalto Firewall so that other admin can’t mess up the configuration?

chicagotech.net: yes, you can. The web interface enables you to apply a configuration or commit lock so that other administrators cannot change the configuration or commit changes until the lock is removed. To lock it, click the top right lock of the web interface.

Tip: To configure the firewall to automatically set a commit lock whenever an administrator changes the candidate configuration, select Device > Setup > Management, edit the General Settings, enable Automatically Acquire Commit Lock, and then click OK and Commit.

Q: We would like to a rule to allow VPN users access network resources. Could you please give us the steps by steps instruction.

chicagotech.net: Sure, here is how.

1. Open Symantec Endpoint Protection and right-click Options on Network and Host Exploit Mitigation. Select Configure Firewall Rule.

2. Click Add.

3. Enter Rule name, for example Enable Mapping.

4. Click Host and check IPv4 address. Enter 192.168.108.1-192.168.108.254. Click OK.

5. Now, highlight the Enable Mapping rule and move it to the top.

6. After closing the Symantec Endpoint Protection, re-establish the VPN and try the mapping. If we still have the same issue, please tell me your computer name and the time you try. We will check the error log for further troubleshooting.

Q; I would like to stop/resatrt Symantec Endpoint Protection temproryly. But the sto and restart SEP service is grayed out. How to stop Symantec Endpoint Protection?

chicagotech.net: To stop SEP service, run this command:  smc -stop, and

then run service to stop it.

Q: I hear about Paloalto Firewall Task Manger. What is it and how to use?

chicagotech.net: Paloalto Firewall Task Manager displays the operations that you, other administrators, or PAN-OS initiated since the last firewall reboot. The Task Manger is located at the right bottom of the web interface.

The Task Manager provides these information and actions:

Type: The type of operation, such as log request, reports, license refresh, or commit. You can click certain types to see more details about the operation, such as warning messages.

Status, Start Time, Message, Action, Show and Clear commit Queue.

Q: Which tools can I use to manage Paloalto Firewall?

chicagotech.net: You may have 4 options:

1. Web interface—Configuration and monitoring over HTTP or HTTPS from a web browser.
2. CLI—Text-based configuration and monitoring over Telnet, Secure Shell (SSH), or the console port.
3. Panorama—Palo Alto Networks product that provides web-based management, reporting, and logging for
   multiple firewalls. The Panorama web interface is similar to the firewall web interface but with additional
   management functions
4. ML API—Provides a Representational State Transfer (REST)-based interface to access firewall configuration, operational status, reports, and packet captures from the firewall. There is an API browser available on the firewall
5. at https:///api, where is the host name or IP address of the firewall.

Q: Is there a easy way to join Skype’s meeting without downloading the Skype App?

chicagotech.net: yes, you can sign into Skype for Web on web.skype.com.

Q: Can you show me how to use use Skype in Mac as client?

chicagotech.net: To use Skype in Mac, yo uneed Mac OS X/MacOS 10.9 or higher. Here is how.

1. Download Skype from this link: download Skype for Mac or copy this link: https://www.skype.com/en/get-skype/
2. Click Get Skype for Mac.

3. After download, open the Downloads folder and double-click the ​Skype for Mac installation file to start the installation process.

4. After you double-click the installation file, a Finder window opens prompting you to add the Skype app to your Applications folder. Drag the Skype logo to the Applications folder on that screen.

5. When you receive the invitation, click on Join Skype Meeting link to access it.

6. You should have two options to join the meeting: Sign in and as Guest. Note: you can login use Microsoft account, Facebook account or create a new account on Skype.

7. Now, join your meeting.

Q: We just got a Palo Firewall. Would like to know how to configure Authentication Profile.

Chicagotech.net: Here are the steps by steps with screenshots.

1. After login paloalto, navigate to Device>Authentication Profile.

2. In Authentication page, enter Type, Server Profile, User Domain, Username Modifier.

3. Click Advanced. Add Allow List, for example Chicagotech\admin.

4. Go to Device>User Identification. Add group as shown below screenshots.

5. Go to Device>Server Profile>LDAP. Configure it as shown below screenshots.

Q: How to add a user as administrator in Paloalto Firewall?

Chicagotech.net: Here is how.

1. Login palo firewall using the default user name “admin” and password “admin”.
2. Navigate to Device>Administrator.

3. Click Add and enter name, Authentication Profile if you want to integrate with AD or password if you use local database, and Administrator Type.

4. Click Commit to apply.