In this post we are going to see how we can use the Firepower geolocation feature in the access control policy. The Firepower geolocation comes in handy if you want to block the traffic from or to one or more countries, or even one or more continents. The FMC has…
In this post you will see what could be the root cause of getting the “WARNING: The ID certificate associated with trust-point contains an Extended Key Usage (EKU) extension but without the Server Authentication purpose which is required for SSL use.” message on the ASA when you try to associate…
I was troubleshooting an issue with logging collection a couple of weeks ago between a Palo Alto PA-850 and a Panorama. The PA-850 was configured with a Log Forwarding to push its logs to Panorama, and the Panorama was configured with itself as the Collector as well as with a…
I was working the other day on a Palo Alto firewall running version 10.0.2, and all of a sudden it kicked me out and I could only see an empty login page. I could not see anything on the login page but the background image shown below. I tried to…
You might run into the following issue when you try to retrieve Palo Alto Panorama VM licenses from Palo Alto licenses server. The reason behind that error is the missing of the serial number of the appliance that is trying to retrieve its licenses from the licenses server. Panorama VM…
Recently I had ran into some issues when I was trying to update Wireshark on some workstations and servers. Specifically, the Npcap was failing during its version upgrade, and was returning an error stating that it failed to create the npcap service as shown above. Here is how to fix…
In this post I will share with you how to fix AnyConnect Management Tunnel Disconnected (connect failed) error, but before jumping in here is a quick heads up on what AnyConnect Management Tunnel is. AnyConnect Management Tunnel is a very cool feature that allows us to do some maintenance works…
This post will cover one interesting root cause of getting AnyConnect Certificate Validation Failure. I was working on setting up a Cisco AnyConnect Management Tunnel, which I will cover in another post, and for some reason when I was trying to establish AnyConnect SSL VPN from a Windows client, it…
This post covers a potential issue that might cause a Palo Alto VPN tunnel to be up but with no traffic flowing between the encryption domains. Here is the scenario I came across with a site to site VPN tunnel between a Palo Alto and a Cisco ASA behind a…
This post will cover how to configure Palo Alto site-to-site VPN with Cisco ASA. However, the post will not cover any of the ASA configuration parts, but please check out Cisco documentation on this link if required. Configuring a site to site VPN tunnel on Palo Alto firewalls is not…
