Thursday, January 31, 2019
Integrity: What Is It?
Can you spot good integrity in the people around you or in yourself? Or bad integrity? So what is it? It's real simple.
Wednesday, January 30, 2019
Home Projects: Closet Shelving
My wife put this together from IKEA. I'm pretty sure she could do this house without me if she wanted to.
Friday, January 25, 2019
Palo Alto Firewall: CLI Command To Verify Optic Module
Guys, real quick, if you need to check the SFP status to know if the Palo is seeing it or not, here is a CLI command to help you determine if it is. The below is a Proline SFP.
killen@PA-850> show system state filter sys.s1.p9.phy
sys.s1.p9.phy: { 'link-partner': { }, 'media': SFP-Plus-Fiber, 'sfp': { 'connector': LC, 'encoding':
8B10B, 'identifier': SFP, 'transceiver': 1000B-SX, 'vendor-name': PROLINE , 'vendor-part-nu
mber': PAN-SFP-SX-PRO , 'vendor-part-rev': A3 , }, 'type': Ethernet, }
killen@PA-850> show system state filter sys.s1.p9.phy
sys.s1.p9.phy: { 'link-partner': { }, 'media': SFP-Plus-Fiber, 'sfp': { 'connector': LC, 'encoding':
8B10B, 'identifier': SFP, 'transceiver': 1000B-SX, 'vendor-name': PROLINE , 'vendor-part-nu
mber': PAN-SFP-SX-PRO , 'vendor-part-rev': A3 , }, 'type': Ethernet, }
Wednesday, January 23, 2019
Palo Alto Firewall: PBF (Policy Based Forwarding) Testing In CLI
Did you know you can test your policy based forwarding yourself in CLI on the Palo Alto firewall? You sure can. Below, Im testing my zone L3-Inside (my inside zone) to verify it will go out Ethernet 1/3 port. Based on the response below, it looks like it does work without having to involve the server guys.
killen@PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source 192.168.5.5 destination 77.77.77.77 protocol 6 destination-port 443
"Exchange; index: 8" {
id 9;
from L3-Inside;
source 192.168.5.5;
destination any;
user any;
application/service any/any/any/any;
action Forward;
symmetric-return no;
forwarding-egress-IF/VSYS ethernet1/3;
next-hop 65.65.65.65;
terminal no;
}
killen@PA850-1(active)>
killen@PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source 192.168.5.5 destination 77.77.77.77 protocol 6 destination-port 443
"Exchange; index: 8" {
id 9;
from L3-Inside;
source 192.168.5.5;
destination any;
user any;
application/service any/any/any/any;
action Forward;
symmetric-return no;
forwarding-egress-IF/VSYS ethernet1/3;
next-hop 65.65.65.65;
terminal no;
}
killen@PA850-1(active)>
Tuesday, January 22, 2019
Monday, January 21, 2019
Fortinet Firewall: How To Do A Factory Reset In CLI
If you know the admin password to get in, then this is what you do to do a factory reset in CLI:
FG100DXXXXXXXX# execute factoryreset
This operation will reset the system to factory default!
Do you want to continue? (y/n)y
System is resetting to factory default...
The system is going down NOW !!
FG100DXXXXXXXX #
Please stand by while rebooting the system.
FG100DXXXXXXXX# execute factoryreset
This operation will reset the system to factory default!
Do you want to continue? (y/n)y
System is resetting to factory default...
The system is going down NOW !!
FG100DXXXXXXXX #
Please stand by while rebooting the system.
Tuesday, January 8, 2019
Palo Alto Firewall: Adding A Static Route In CLI
Real quick, I think this is useful for adding a lot of static routes into a Palo Alto. SSH in and do this in CLI and type "configure". Then type out the following:
set network virtual-router [name of virtual router i.e. default] routing-table ip static-route [name of route i.e. Shanes-Route] admin-dist 10 destination [network/subnet mask i.e 10.10.10.0/24] interface [name of interface to be used outgoing i.e. ethernet1/1] nexthop ip-address [next hop ip i.e. 4.4.4.4]
set network virtual-router [name of virtual router i.e. default] routing-table ip static-route [name of route i.e. Shanes-Route] admin-dist 10 destination [network/subnet mask i.e 10.10.10.0/24] interface [name of interface to be used outgoing i.e. ethernet1/1] nexthop ip-address [next hop ip i.e. 4.4.4.4]
Add 50 or so of them from notepad at one time, then type in "commit".
Tuesday, January 1, 2019
Subscribe to:
Posts (Atom)