Q: one of our VPN users gets this error: Authentication failed. Enter login credentials when he uses Palo Alto VPN client GloableProtec. What could be the problem?
chicagotech.net: Assuming the password is correct, we assume this is username issue. The username is case sense.
If the user account has been locked, go to Palo firewall to unlocked. Please refer to this page:
How to unlock user in Palo Alto Firewall – How to Network Blog
Situation: the client configures a new laptop with GlobalProect VPN for a home user. When he establish the VPN, he have a problem to access most LAN resources.
Troubleshooting: He is using the same IP range (10.0.0.0/24) as the office (10.0.0.0/16) and both site the default gateway is 10.0.0.1.
Two options: 1. Change his home network to other IP address range, for example, 192.168.1.0/24.
2. Since he doesn’t wan to do do so, we assign his static IP address at home: 10.0.0.3/252 (255.255.255.252 /30 4 IP)
Q: One of our users has this problem. Mitel phone can’t make call to outside and it shows anonymous. She can make internal phone call.
Chicagotech.net: Make sure Mitel Connect is setup for using Desk phone. To do it, click on the username with the Mitel Connect open. Check Desk phone.
Q: we run Malwarebytes on all their computers. We have enabled “Remove and quarantine all threats automatically”
However, The threats are not removed. Why?
Chicagotech.net: After enabling the remove quarantine, you need to restart the malwarebytes service.
Situation: The client configured their Palo Alto firewall connecting to Microsoft Azure site to site VPN. However, it shows “Connecting” forever.
Troubleshooting: It is preshare key problem. We fix it by running these commands:
PS C:\Users\blin> add-azureaccount
Id Type Subscriptions Tenants — —- ————- ——- chicagotech.net@gmail.com User 3d083292-8d49-4ef7-8c72-e54522b52126 {488899b5-4a4a-48b1-a1cf-8a1229d32267}
PS C:\Users\blin> Select-AzureSubscription -SubscriptionId 3d083292-8d49-4ef7-8c72-e54522b52126
PS C:\Users\blin> Get-AzureVNetConfig -ExportToFile “C:\Users\Public\Downloads\networkconfig.xml”
XMLConfiguration —————- …
PS C:\Users\blin> Set-AzureVNetGatewayKey -VNetName ‘Group TestVPN Test’ `
>> -LocalNetworkSiteName ‘498DEBEF_AzuretoOnprem’ -SharedKey asjdfojweioreroihew
Error : HttpStatusCode : OK
Id : b0f50fe7…..
Status : Successful RequestId : ea98d58a3b75a8bf96….
Situation: The company is migrating their Cisco ASA site to site VPN connecting to Azure to PA-850. The consultant copy and configured PA-850 IPSec configuration. However, can’t establish the connection. The log shows no return.
Troubleshooting: We called Microsoft Azure support and compare Azure configuration against PA. There are twio problems.
DH Group: group2 Encryption: aes-256-cbc, 3des Authentication: sha1, sha256.
However, the PA document also says: A new crypto profile can be defined to match the IKE crypto settings of Azure VPN. This is Azre VPN settings:
2. When configuring IPSec Crypto Profile, the Lifeszie is 102,400,000. However, we can’t enter this number on PA. The value for PA is 1-65535. To fix this problem, both Azure and PA VPN need to configure Dynamic Routing instead of Static Routing.
In conclusions: 1. Must read the configuration guide carefully. 2. Copy the configuration from Cisco ASA configuration may not work. 3. PA configuration article could be obsolete.
Q: We just get a new ThinkPad Laptop. When I use push installation to install Symantec Endpoint Protection, I get this message: the client could not be installed on the remote computer. Remote Registry has been enabled. What could be the problem?
Chicagotech.net: We found the problem is McAfee LifeSave is running, you may want to diable it or uninstall it first.