A customer ask me if the PAN could automatically block an IP address if it triggers a threat log. At first I started to think that I could do it through an EDL and use Elastic Stack, but then I remembered the built-in actions on a log forwarding profile – that’s way easier. I decided […]
Steve Borba
My notes, I hope they help you, feel free to comment/add to them
Category: Palo Alto
Sometimes I do a change that causes a lot of config change, especially with re-ordering of the config. This will download config from the device, then you commit and download again, and then SORT! and compare. I usually do this on the stand-by device, and evaluate if I should do on the primary.
The URL block page on the PAN can be anything, but there is no real wizard to customize it – not even just to add a logo! Here are some easy things and some that are a little more complicated. First well just show how to update the block-page to use you company’s images. Go […]
every once in a while I need to get information from active directory, here are some of them: DN of a user in ad: DN of a group: The next one will do it for domain trusts
Set IP with Static Set IP with DHCP Grab Licenses, install latest TP/App, and install software This will let you add an IP to a DHCP interface
I created my first powershell module, so I am going to put it in my own words so I can create another later if I wanted to. First start making functions and store them by alone in .ps1 files. Create a folder structure with the supporting functions (ones users won’t user) in private and the […]
Portals work a little better when using a publicly signed certificate, but getting the funds for one isn’t always possible, especially not in the initial phase or for a home lab. So, I decided to use Let’s Encrypt, the signing is only for 90 days. So either you have to manual update, or do some […]
Here is a quick filter when you start troubleshooting with someone and pretty much all they know is their name (change the start time): ( receive_time geq ‘2018/12/21 12:00:00’ ) and user.src eq sborba and ( !action eq allow or (proto eq tcp and !session_end_reason eq tcp-fin ) or ((proto eq icmp or proto eq […]
I use Google Fi and I want to make sure phone calls get first priority, then I moved my wife and my devices up (queue 4 is default), then knocked guest down and capped them at 5mb/s up/down, but I wanted to make it full speed if I am using the vpn from the guest […]