Resolution : For web-gui access to the Palo Alto Networks firewall, you can choose a certificate on the firewall for all web-based management sessions. Create new or select existing SSL/TLS Profile to be used Firewall: Device> SSL/TLS Service Profile Panorama: Panorama> SSL/TLS Service Profile Click Add Name: Enter name of […]
SSH Manipulation – Palo Alto
The manipulation of the ssh would be required for a critical network. When you verify your Secure Shell (SSH) connection to the firewall, the verification uses SSH keys. You can use the CLI to change the default host key type, generate a new pair of public and private SSH host keys, […]
Check Palo Alto CyberForce Status – Palo Alto
To check the CyberForce Status: Click the below URL Link. Click Me or https://reg2.lightspeed.events/panw/website/status-log-in.htm
How do I associate a contract to my Cisco.com profile (CCO ID)?
Please follow the steps below to associate contracts to your Cisco.com profile: Go to Cisco Profile Manager Select ‘Access‘ tab Click on ‘Add Access‘ Choose ‘Full Support’ and click on ‘Go’ Enter service contracts number(s) in the space provided and click on the ‘Submit’ button. You will receive notification via email that the service […]
Adding the Meraki Devices in Cloud – Cisco Meraki
The best way to add the Meraki devices on cloud is as follows. Recommendation for Meraki AP : Once you open the Meraki AP , you would get the SSID Meraki Scanning. In that provide the details as below : Username : Meraki Serial Number (eg. XXXX-XXXX-XXXX) Password : As […]
Meraki AP in Repeater Issue Resolution – Cisco Meraki
The repeater issue can be see resolved by multiple of ways. Perform the cable test for those AP. If you are using the Meraki Switch then it would be much easier. Once the cable issue is fixed the AP would go to its normal state. In most of the cases […]
Automatic Backup of WordPress Website for Free
Install and Activate the plugins – UpdraftPlus Go to Settings and then select GoogleDrive Make the required selection like weekly backup and save the setting Allow the credentials as of GoogleDrive Once everything is done. Go to Backup/Restore Select Backup Now This will enable the backup of all the files […]
Website Search Bar Malfunction using CloudFlare SSL
The issue can be resolved by using the Cloudflare Flexible SSL. This is pretty straight forward. Find the below steps. Install the Cloudflare Flexible SSL plugins. Activate the installed plugins. Enable the Your SSL/TLS encryption mode in Flexible. Make sure to enable the below setting. Always Use HTTPS : Redirect all […]
Ring Version Mismatch Error In Panorama – Palo Alto Tshoot
SYMPTOMS Deploying Panorama in Panorama/Log Collector Combination in HA Mode on the Panorama Managed Log Collectors tab results in the following error: Ring version mismatch. DIAGNOSIS Resolution To resolve this mismatch, the configuration needs to be committed to both Panorama and the log collector group: Perform local commit on Panorama Perform commit […]
ZoneRunner-managed zone – zrsh – F5 Networks
We could also use zrsh as a workaround, but kindly take note this is not officially supported by F5 Technical support and we don’t have official document published for this tool. ******************************************* There’re two types of DNS records in the customer’s RPZ blacklist zone – normal DNS record – wildcard […]
Freezing zone files to allow manual update to ZoneRunner-managed zone files – F5 Networks
Topic You should consider using this procedure under the following condition: You need to stop dynamic updates to zone files while manually editing files managed by the ZoneRunner utility.Important: F5 recommends using the ZoneRunner utility to manage the DNS/BIND file rather than manually editing the file. If you are required to manually edit […]
Send Gratuitous ARP in Cisco ASA
This would help in sending the Gratuitous ARP from ASA during the migration. Command : ASA/pri/act# debug menu ipaddrutl 6 120.78.149.147 Gratuitous ARP sent for 120.78.149.147
iRule to Log the CLIENTSSL_HANDSHAKE and SERVERSSL_HANDSHAKE- F5 Networks
Use the Below snippet to rewrite the http request. Associate it with the required VS. when CLIENTSSL_HANDSHAKE { log local0. “clientside {[IP::remote_addr]:[TCP::remote_port]} <–> clientside {[IP::local_addr]:[TCP::local_port]}” log local0. “RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]” } when SERVERSSL_HANDSHAKE { log local0. “serverside {[IP::local_addr]:[TCP::local_port]} <–> serverside {[IP::remote_addr]:[TCP::remote_port]}” log local0. “RSA Session-ID:[SSL::sessionid] Master-Key:[SSL::sessionsecret]” }
iRule to Redirect Traffic as Required – F5 Networks
Use the Below snippet to rewrite the http request. Associate it with the required VS. when HTTP_REQUEST { switch -glob [HTTP::uri] { “/apicall*” { pool MIFE_DEP_POOL_8243} “/store*” { pool MIFE_DEP_POOL_9444} “/publisher*” { pool MIFE_DEP_POOL_9444} “/manage-service*” { pool MIFE_DEP_POOL_9444} } }
iRule to Rewrite the URL without Redirection – F5 Networks
Use the Below snippet to rewrite the http request. Associate it with the required VS. when HTTP_REQUEST { if { [HTTP::header Host] eq “zyx.com” and [HTTP::path] starts_with “/api”} { HTTP::header replace Host “abc.com” HTTP::uri [string map {“/api” “”} [HTTP::uri]] } }
iRule to Log HTTP REQUEST and HTTP RESPONSE – F5 Networks
Create the iRule Snippet from below. Associate it with any of the VS as required. when HTTP_REQUEST { set LogString “Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]” log local0. “=============================================” log local0. “$LogString (request)” foreach aHeader [HTTP::header names] { log local0. “$aHeader: [HTTP::header value $aHeader]” } log local0. “=============================================” } when HTTP_RESPONSE { […]
Changing default SSH port in OpenSSH – Linux
The default SSH port on all Operating Systems is port 22. For security measures, KnownHost’s servers are configured to use port 2200. Changing your SSH port The server’s SSH configuration file is located here: /etc/ssh/sshd_config SSH into your server as the root user. ssh [email protected]<ip address> -p 2200 Open the configuration […]
Un-Shut and Shutdown or Enable / Disable Interface – Juniper
Shut Down Interface in Juniper : [email protected]# set interfaces ge-0/0/1.0 disable << This is cisco equivalent of “shutdown” Un Shut Interface in Juniper : [email protected]# delete interfaces ge-0/0/1.0 disable << This is cisco equivalent of “no shutdown”
Work with FTD LINA Engine Captures – Firepower
Requirements 1. Enable two captures on FTD using these filters: Source IP 192.168.103.1 Destination IP 192.168.101.1 Protocol ICMP Interface INSIDE Source IP 192.168.103.1 Destination IP 192.168.101.1 Protocol ICMP Interface OUTSIDE 2. Ping from Host-A (192.168.103.1) to Host-B (192.168.101.1) and check the captures. Solution Step 1. Enable the captures: > capture CAPI interface […]
Work with Snort Engine Captures – Firepower
Prerequisites There is an Access Control Policy (ACP) applied on FTD that allows Internet Control Message Protocol (ICMP) traffic to go through. The policy also has an Intrusion Policy applied: Requirements Enable capture on FTD CLISH mode using no filter. Ping through the FTD and check the capture output. Solution […]
