Archive for Blog - page 2

BGP Route Filtering with Palo’s Advanced Routing Engine (ARE)

With PAN-OS 10.2, Palo Alto Networks has introduced the “Advanced Routing Engine” (ARE) with its “Logical Routers” (LR) rather than the legacy “Virtual Routers” (VR). The Advanced Routing Engine simplifies operations with a standards-based configuration, which reduces your learning curve since… Source link Author: legendary…

Continue reading →

Misusing Palo’s Captive Portal as a Guest Wi-Fi Welcome Page

I was faced with an interesting customer requirement: An existing guest Wi-Fi should be prefaced with a welcome page for accepting the terms and conditions. Since there was already a Palo Alto Networks firewall in place, could we perhaps use its captive portal directly for…

Continue reading →

Dynamic DNS on a Palo

With PAN-OS 9.0 (quite some time ago), Palo Alto Networks has added Dynamic DNS for a firewall’s interfaces. That is: If your Internet-facing WAN interface gets a dynamic IP address via DHCP or PPPoE (rather than statically configured), the firewall updates this IP address to…

Continue reading →

Some more Mail Captures

Email is still the most common communication protocol on the Internet. And since I was missing some variants of the related protocols, IMAP, POP3, and SMTP in the Ultimate PCAP, I did some captures. Here are a few details. While there were already basic IMAP…

Continue reading →

Akustikdämmung im Büro

Als Consultant im Homeoffice mache ich vor allem eins: Telefonieren und an Videokonferenzen teilnehmen, neudeutsch: Calls. Und es nervt mich total, wenn mein Gegenüber einen schlechten Ton hat. Also akutisch. Das verbaute Mikrofon im Notebook oder irgendwelche Raummikros gehen gar nicht…. Source link Author: legendary…

Continue reading →

Palo’s Mgmt-Intf not usable with IPv6 anymore

Wow, that was unexpected: With PAN-OS 11.1 the out-of-band management interface of Palo Alto Networks firewalls doesn’t accept an IPv6 default route pointing to one of its own data interfaces anymore. That is: In most setups, you can’t use IPv6 for management purposes anymore. “Works…

Continue reading →

How to install Palo Alto’s PAN-OS on a FortiGate

It happens occasionally that a customer has to choose between a Palo and a Forti. While I would always favour the Palo for good reasons, I can understand that the Forti is chosen for cost savings, for example. Fortunately, there is a hidden way of…

Continue reading →

Optimized NAT46 Config on a FortiGate

Johannes published a basic NAT46 configuration for a Fortigate firewall with FortiOS 7.0 some time ago. I run such a service (legacy IPv4 access to IPv6-only resources) since FortiOS 5.6, which means more than six years; lastly with FortiOS 6.4. It’s running for more than…

Continue reading →

Page 2 of 6 1 2 3 4 5 ... Last →