the worlds gone mad

we've lost the hope we had

Posted on 26 November 2022   11 min read

Palo Packet Captures

packet captures and debugging

Information on running packet captures and debugging commands to follow traffic flows.

Posted on 8 November 2022   8 min read

Viewing palo statistics

system resources and traffic statistics

Useful commands to see general information on the firewall resources been used, interface and traffic statistics, and traffic counters.

Posted on 5 November 2022   16 min read

Palo traffic flows and sessions

application identification and following traffic flows

Information on how applications are identified by App-ID and following sessions and traffic flows through the firewall using the CLI.

Posted on 26 October 2022   12 min read

Palo commit and rollback

pushing policies and rolling back changes

Palo Alto firewalls use the concept of a running config to hold the devices live configuration and the candidate config is copy of the running config where changes are made. A Commit operation causes the running config to be overwritten by the candidate config activating the changes.

Posted on 12 October 2022   23 min read

Palo Basic Setup

palo alto firewall setup using the cli

A run through using the CLI to set up a Palo firewall at home covering the initial configuration, upgrading, BGP routing and a basic firewall policy.

Posted on 27 July 2021   11 min read

Virtual Tunnel Interface (VTI) VPN

vti ipsec vpn between asa and asr

Over the years I have built numerous IPsec VPNs on ASAs using crypto maps and an ACL for the interesting traffic. For a simple solution to join small sites with no need for routing these work great and keep the complexity down to a minimum. For more complex environments or cloud connectivity you are probably going to need to use VTIs, this post goes through the process of building VTI VPNs between an ASR and ASA.

Posted on 13 August 2019   7 min read

Checkpoint Endpoint Security VPNs

remote access VPN on checkpoints

Posted on 13 January 2018   7 min read

Checkpoint Identity Awareness

identity awareness to identify users

The 3 main elements that run identity awareness under the hub are Active Directory Query (ADQ), PDP and PEP. They all intertwine in some way to allow the different blades of the Checkpoint to track and restrict access based on AD user and machine name. I tested these features as part of a POC and personally I would not consider them fit for purpose in a production environment. See the caveats at the end of the post for more details on this.

Posted on 13 January 2018   1 min read

Deleting Checkpoint Logs

cleaning up checkpoint logs

The directories that need to be emptied to delete all the logs on the Checkpoint managers.

Posted on 12 August 2017   3 min read

Checkpoint Portals

functions of all the checkpoint portals

All Checkpoint portals are configured under the Gateway properties.
The IP address of the portal must be that of an IP of an interface on the checkpoint (loopback or physical).
Can either use a different IP for each portal or the same IP for all portals. All portals with the same IP address use the same certificate.
FEATURED TAGS
ansible azure checkpoint cisco eve-ng f5-big-ip firewall labbing napalm narrowboat nornir palo-alto python routing sd-wan switching vmware vpn
ABOUT ME
about_me_image

old school + new school = no school

UNSOCIAL MEDIA
BOOKMARKS
ARCHIVES
2025 (4)
2024 (7)
2023 (3)
2022 (10)
2021 (12)
2020 (2)
2019 (2)
2018 (5)
2017 (11)