This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About dberber1
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About dberber1
06-01-2023
27Posts
4Likes
1Solution
Jun 01, 2023Last Visited
User
Activity
User
Profile
Latest posts by dberber1
| Subject | Views | Posted |
|---|---|---|
| 226 | 05-19-2023 09:00 AM | |
| 9279 | 02-08-2019 12:04 PM | |
| 9549 | 02-08-2019 10:32 AM | |
| 1700 | 10-31-2018 11:09 AM | |
| 9327 | 10-22-2018 03:41 AM | |
| 9399 | 10-09-2018 03:11 AM | |
| 10505 | 10-08-2018 10:21 AM | |
| 4152 | 10-05-2018 06:32 AM | |
| 1195 | 05-03-2018 06:26 AM | |
| 1859 | 04-30-2018 08:41 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-09-2018 03:11 AM | |
| 3 Likes | 10-08-2018 10:21 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like |
User Badges
Community Statistics
| Member Since | 10-05-2016 07:37 AM |
| Date Last Visited | 06-01-2023 11:06 AM |
| Posts | 27 |
| Total Likes Received | 4 |
02-08-2019
10:32 AM
Thanks for this. The one from the link that you provided is for vsphere 6.5 and we need 6.0 to work in our environment - are there any tricks for conversion?
... View more
10-31-2018
11:09 AM
Have a look at mindmeld and external dynamic lists. https://github.com/PaloAltoNetworks/minemeld/wiki
... View more
10-22-2018
03:41 AM
Thanks Brian for this response. This is all looking good and thanks to you and your team/contributors for the work. I'm glad that PA has this on the radar and is working on improving the functionality of the Ansible modules. My concern over 3rd party libraries was that with the Ansible modules being dependant on them, a change to either pandevice or pan-python could break the Ansible module and that would leave customers 'stuck' waiting on a fix. If we decide to go the Ansible route for automation, there is a significant time and cost investment involved in it - we would not want to develop and deploy automation solutions that could work one day and then not another. Remember, most of us are net-sec engineers and not developers - this is new ground for a lot of us and it has to work all the time to sell it to management and other engineers. As for the support question - I understand that Github works and is best effort - but to reiterate my statement above - if significant time and cost is sunk into an automation solution, enterprise customers should be able to reach qualified support options other than best effort. I guess the ask is to have a resource that TAC can reach if we have a problem with this. What we're seeing on the customer side is a push from vendors to automate (we were at Ignite and Ansiblefest - automation was definitely a topic for PA) - but we're not seeing enterprise level support options (even if it was added paid for). I'll work on developing my wish list for new modules as well. Thanks.
... View more
10-09-2018
03:11 AM
1 Kudo
To follow up on some of the questions and comments. I posted back in March: "So, looking at the docs, it looks like I would not be able to create a tagged vlan sub interface (ae1.500 - vlan.500 - ip 10.2.2.2/24 -- for example) and also add a BGP peers to the VRouter with Ansible. Looks like something I wold have to do directly through the API - but am I missing something?" So, I don't see those functions. About third party modules being needed, we see in the Ansible Module Index documentation. From https://docs.ansible.com/ansible/latest/modules/panos_security_rule_module.html#panos-security-rule-module : Requirements The below requirements are needed on the host that executes this module. pan-python can be obtained from PyPi https://pypi.org/project/pan-python/ pandevice can be obtained from PyPi https://pypi.org/project/pandevice/ xmltodict can be obtained from PyPi https://pypi.org/project/xmltodict " Sure there is a catchall for running arbitrary commands on a PAN-OS device using XPath and element (new is 2.7) -
... View more
10-08-2018
10:21 AM
3 Kudos
First of all - thanks for the API - it's mostly great. But, let's talk about Ansible and PA. Some of our folks went to Ansible Fest and talked to the PA folks there and they said that they were working on making it better - but requiring external modules if kind of untenable when trying to roll out enterprise automation, as well as the lack for functionality with the modules (no checkmode is a non-starter for us). Also missing is like 75%? of the API functionality in the PA Ansible modules. So, we're left to doing roll-your-own automation with the API and python. That alone restricts a good enterprise integration and maintainability. I guess what I'm asking is someone to step up and supply a feature roadmap so we can plan our enterprise automation solutions.
... View more
10-05-2018
06:32 AM
@LukeBullimoreHey - are you a PA customer? Did your SE get you access to PANTS ot AutoAssistant? If so, on-prem or hosted?
... View more
05-03-2018
06:26 AM
So, none of the docs I can find show parentheses as a reserved character, but when I put in a regex of 'sample(_POST' it is rejected, but when I do 'sample\(POST' it is taken - in these samples the '' are not there. But, I'm not sure if the REXEX is matching on the \( or just ( <edit> here is an error example: pattern '=@eval(base64_decode($_POST' is invalid. syntax error at end of input 42100 -> signature -> standard -> dummyRule -> and-condition -> And Condition 1 -> or-condition -> Or Condition 3 -> operator -> pattern-match -> pattern is invalid Any ideas?
... View more
04-30-2018
08:41 AM
I don't think so as each context is a seperate file. You can do it one-by-one, but not all-at-once.
... View more
03-30-2018
08:24 AM
So, looking at the docs, it looks like I would not be able to create a tagged vlan sub interface (ae1.500 - vlan.500 - ip 10.2.2.2/24 -- for example) and also add a BGP peers to the VRouter with Ansible. Looks like something I wold have to do directly through the API - but am I missing something?
... View more
03-28-2018
11:00 AM
Yeah - I was just wondering if there was one. I don't think so, but thought I would ask. Bad actor could conciveably use up all sessions with valid long running sessions....
... View more
03-28-2018
09:39 AM
Quick question here. If there is a perfect TCP or UDP session that is just sending stream data for example (say, an IP camera feed to a DVR server) and there are no app hiccups or dropped packets - is there a max session age for this condition? I can't seem to find anything in the docs, and I have a few sessions that are nearing 2 weeks old, so I'm assuming the answer is that there isn't a max age on a valid, working session - just wanted to double check that I'm not missing anything. TIA
... View more
01-18-2018
10:08 AM
the allowed values from the context help is: <value> <1-2097152> Show next 1K sessions Can't find refreneces to this anywhere....
... View more
01-16-2018
09:51 AM
From an internal engineer I got the low-down - these is an un-bypassable hard limit. One can keep refining the filter to drop below the 10240 returns, which is what I'm working on as a workaround.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-01-2023
11:06 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks