Connecting to Panorama and Palo Alto Firewalls

You can connect to the Palo VMs via the HMCTS VPN by following the following steps:

Connect to the HMCTS VPN.
Retrieve the url of the Palo VM you want to connect to via the ‘Virtual machines’ section below.
From the login page, click on the Use Single Sign-On link
On the Single Sign-On (SSO) page, leave input box empty, click the Continue button

View screenshot!

Provide your HMCTS login details, you’d be redirected to Microsoft login page if not already signed in

View screenshot!

After successful authentication you’ll be redirected back

Accessing Panorama and Palo Alto Firewalls

Via App Proxy (No VPN required)

Environment	Instance
Sandbox	panorama-sbox
Non-Prod & Production	panorama-prod

Via VPN

Environment	Instance
Sandbox	panorama-sbox
Non-Prod & Production	panorama-prod

Palo Alto Firewalls UI

Environment	Instance
Sandbox	hmcts-hub-sbox-int-palo-vm-0
Sandbox	hmcts-hub-sbox-int-palo-vm-1
Non-Prod	hmcts-hub-nonprodi-palo-vm-0
Non-Prod	hmcts-hub-nonprodi-palo-vm-1
Production	hmcts-hub-prod-int-palo-vm-0
Production	hmcts-hub-prod-int-palo-vm-1

SSH to PaloAlto VMs

This needs done from Bastion server and ssh using the private IP from the Virtual machines in Azure. Get the credentials from Key Vault (for example hmcts-infra-hub-prod-int for production) for the firewall-username and firewall-password.

Environment	Instance
Sandbox	hmcts-hub-sbox-int-palo-vm-0
Sandbox	hmcts-hub-sbox-int-palo-vm-1
Non-Prod	hmcts-hub-nonprodi-palo-vm-0
Non-Prod	hmcts-hub-nonprodi-palo-vm-1
Production	hmcts-hub-prod-int-palo-vm-0
Production	hmcts-hub-prod-int-palo-vm-1

This page was last reviewed on 12 July 2024. It needs to be reviewed again on 12 January 2025 by the page owner platops-build-notices .

This page was set to be reviewed before 12 January 2025 by the page owner platops-build-notices. This might mean the content is out of date.