Category ✅

This will help to crack your interview -- Key Observations Symptom Analysis : Random periods of packet loss, latency, and performance degradation. Duplicate packets when pinging the ISP gateway. Dropped packets on the inside interface. Extremely high latency from the firewall's interfaces, while network core switches maintain normal sub-10ms latency. Cause : GlobalProtect Client Misbehavior : Clients with GlobalProtect enabled caused significant traffic generation even withou

Environment Platform : Cloud Managed Prisma Access Features : Custom URL Category URL Filtering Procedure 1. Access Prisma Access App Go...

Step-by-Step Guide: Setting Up Azure SAML Authentication for GlobalProtect Portal and Gateway Objective This guide provides detailed instructions to configure Azure SAML authentication for Palo Alto GlobalProtect Portal and Gateway, enabling secure remote access via SAML-based SSO. Prerequisites Admin access to Azure Portal and Palo Alto Firewall . GlobalProtect Portal and Gateway preconfigured with basic settings (IP/FQDN, certificates, etc.). A valid Azure AD subscription.

These steps are intended to help troubleshoot IPSec VPN connectivity issues. They are divided into two parts, one for each Phase of an IPSec VPN. Phase 1 - To rule out ISP-related issues, try pinging the peer IP from the PA external interface. Ensurethat pings are enabled on the peer’s external interface. If pings have been blocked per security requirements, see if the other peer is responding to the main/aggressive mode messages, or the DPDs. Check for the responses of the “

DPD is a monitoring function used to determine liveliness of the Security-SA (Security Association and IKE, Phase 1) DPD is used to detect if the peer device still has a valid IKE-SA. Periodically, it will send a “ ISAKMP R-U-THERE ” packet to the peer, which will respond back with an “ ISAKMP R-U-THERE-ACK ” acknowledgement. The Palo Alto Networks does not currently have a log associated with DPD packets, but can be detected in a debug packet capture. The following is a PCA

About GRE Tunnels GRE (Generic Routing Encapsulation) is a tunneling protocol designed to encapsulate packets inside a transport protocol. A GRE-capable router or firewall encapsulates a payload packet within a GRE packet, which is then further encapsulated in a transport protocol, such as IP. The process is illustrated in the following figure (insert appropriate image). A GRE tunnel operates similarly to a VPN, but without encryption. It effectively transports packets from o

Site to site vpn sheet which shared to vendors to configure tunnel Please find the below link to see the excel sheet, if required this format let us know in comments with your email id https://docs.google.com/file/d/1RgawRZl6tQGWKHEGIEsyWrcdibLI4rgi/edit?usp=docslist_api&filetype=msexcel