Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Live
- ›
- About hbalzac
About hbalzac
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
07-21-2020
46Posts
0Likes
0Solutions
Jul 21, 2020Last Visited
User
Activity
User
Profile
Latest posts by hbalzac
| Subject | Views | Posted |
|---|---|---|
| 445 | 06-28-2020 08:43 AM | |
| 413 | 05-10-2020 08:42 AM | |
| 422 | 05-05-2020 10:36 AM | |
| 596 | 05-03-2020 05:17 AM | |
| 961 | 05-02-2020 05:45 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 | |||
| 1 | |||
| 3 | |||
| 1 | |||
| 1 |
User Badges
Public Statistics
| Date Registered | 05-30-2018 10:12 PM |
| Date Last Visited | 07-21-2020 04:34 AM |
| Total Messages Posted | 46 |
06-28-2020
08:43 AM
https://access.redhat.com/articles/3642632 Can someone with insight answer if palo plan to have their collection "certified" ?
... View more
05-10-2020
08:42 AM
Hi, can we share some script in this thread? I can post some when i have the computer infront of me.
... View more
05-05-2020
10:36 AM
Feels abit lazy to ask here, but i cant find how to query for hitcount using pandevice. How do i do that?
... View more
05-03-2020
05:17 AM
Why are not this hosted at palo altos own site? Yes im abit paranoid but i have never understod why this kind of packages are hosted at pip? At least if they are hosted at external site. Would it not be possible to implement something like this https://media.djangoproject.com/pgp/Django-2.2.12.checksum.txt ?
... View more
05-02-2020
05:45 AM
Is this still the behavior? It will install the mentioned modules evrytime i run a playbook? (I dont have access to a ansible installation to test with atm)
... View more
05-02-2020
05:26 AM
Is there any reason to use this insted of the built in backup function with scp?
... View more
09-09-2019
09:50 AM
Im trying to setup a syslog forward from a loggcollector with tls, i get this error in the syslog log on the collector. Certificate subject does not match configured hostname; hostname='scrubbed', certificate='blah.blah.com' However the certificate has the correct hostname as a san name (aswell as blah.blah.com), however it has lots of san names (10+), blah.blah.com is the last one in the list of san name if i check the certificate with openssl from a other host. Has anyone run into issue with lots of san names on a palo while using client certificate?
... View more
08-03-2019
10:23 AM
Not an answer, but how do you avoid disabling rules that just was added?
... View more
05-14-2019
08:50 AM
Say that i have imported a big ruleset (from junos), i have to split this ruleset i to multiple firewall (due to redisign) Is there any way to export part of the ruleset (maybe be search The part i want)
... View more
05-13-2019
06:11 PM
So we are in a big project to replace lots of junos firewall. Atm every time we do a new firewall we create a new project and have to The same task over and over (search replace ping, rpc applications and some more) we also do a renaming of some host group. Since this takes some time each time. Im wonder if its somewhow any advance feature to do a macro for this?
... View more
03-01-2019
08:43 PM
I have not installed pan os 9 yet. WIll try to get ahold of a vm to play with. Looks nice from the documentation How about the ansible playbooks (and pandevice), will they have support for the json api in the future? Thanks!
... View more
02-28-2019
11:42 AM
Well first off, is it recommended to use dynamic or static routing between the aci/palo? Does anyone still implement zones? (using multiple vrf/s to seperate it?)
... View more
02-22-2019
01:26 PM
This is often talked about from bot cisco and palo (when you use a pbr in aci to route some ports to the firewall) Is there anyone here acctuly using it?
... View more
02-10-2019
11:42 PM
Ok, it strange that there is no problem configure it on a pa 3260 (The status even say its ena led)
... View more
02-10-2019
02:12 AM
Is this supported or not? It can be configured, but rumors floading around the internet says that there is a part in the panos 9 that says support for pre-negotiation will be added for some models, among those 3200
... View more
02-05-2019
11:21 AM
Any news about more ansible modules? 🙂
... View more
12-12-2018
10:22 AM
PA has a bit strange behavior on BFD, apparently it will flush the fib during a ha failover if BFD is in use. (this was confirmed by a local SE after we spent quite some time with bfd tweaking), so if i understand your concern, you are correct. BFD can make it worse during a failover. This was to cisco routers (with a l2 switch between). We never got it to work even with tweaking the timers.
... View more
12-08-2018
01:45 AM
We have quite alot of devices and they are growing in numbers. If we would like to check different settings accross all the devices how would you accomplish that? (from what i have understood, there is no way in panorama to see for example if settings are overided local on the device?), and there is sometime settings that you have local on the device aswell. How would you solve this?
... View more
12-04-2018
09:48 AM
2287 - Not sure the name in PA:s systems. But it is to have a more flexible loopbackfilter (at the moment, you cant have different subnets in the acl for snmp and https for example)
... View more
11-28-2018
10:02 AM
Our pki team has setup a scep/ndes server for us to use for new firewall we setup. The error i get in the gui is not saying anything. If I would like to start a debug on the firewall cli for scep. Where do i do that?
... View more
11-27-2018
11:45 AM
Just of curriosity, has something happend with the ansible playbook progress discussed? Compared to some month ago there was alot more activity and new modules published here https://github.com/PaloAltoNetworks/ansible-pan When i look now there are tons of Pull Requests waiting to be done, see no activity from the maintainsers for almost a month.
... View more
11-11-2018
10:33 AM
I found this, however as BPry points out, the user dont put the answer in code box, so i still dont know the answer 🙂 https://live.paloaltonetworks.com/t5/General-Topics/Adding-device-serial-number-to-Panorama-with-API/m-p/224805#M64526
... View more
11-09-2018
10:01 AM
Despite me reading alot of documentation i have not really understood this. Im trying to add a device in panorama, so i run this command from the cli. set mgt-config devices 1234555 hostname 1234 This gives me the following output. (container-tag: mgt-config container-tag: devices container-tag: entry key-tag: name value: 1234555 leaf-tag: hostname value: 1234)
((eol-matched: . #t) (xpath-prefix: . /config) (context-inserted-at-end-p: . #f) )
(mgt-config (devices (entry (@ (name 1234555)) (hostname 1234))))
(hostname 1234)
<request cmd="set" obj="/config/mgt-config/devices/entry[@name='1234555']" cooki
e="5357976790132914"><hostname>1234</hostname></request>
2018-11-09 16:35:03
<response status="success" code="20"><msg>command succeeded</msg></response>
So when i try to create a request of this it looks like this (if i take the url) https://1.1.1.1/api/?type=config&action=set&Key=LUFRPT1FYXpRSlNvdjc2M1ZIVDdHZG40NWx2c1BlZ2c9bHAyUmhhRHBxRUptd1ZXNNNNnQrK2hnZz09&xpath=/config/mgt-config/devices/entry[@name '1111'] This give me a "error 12" If i use the api browser it gives me a get command, but i want to add a new device. Any ideas?
... View more
11-07-2018
12:49 PM
I hate snmp overall aswell, however in larger enterprise its not always that easy to decide what monitor equipment to use 🙂 But i will try to do it from each firewall
... View more
11-07-2018
10:45 AM
My idea was first to setup panorama to monitor the logs for critical and then send snmp trap. But from what i can see from the PA mibs, there are no way for panorama to send info in the trap about the device? So all i see in the trap is the panorama ip. Is there any way around this? Or is maybe best practise to trap from the individual device?
... View more
10-16-2018
01:57 PM
Thanks alot for the long and qualified response! It sounds good that there are alot of modules coming up, i have already posted what modules i see as most prioritize for me. Looking forward to it 🙂 I can only speak for myself, but we install ansible from the rpm:s that are delivired by redhat (epel aswell, so xmltodict is fine) , the serveradmins and so on are generally very strict about installing things in production from places like pip (i think they have been scared by paranoid security people with stories like https://www.bleepingcomputer.com/news/security/ten-malicious-libraries-found-on-pypi-python-package-index/ ). For me, in a ideal situation it would be possible to download a signed rpm with the two library from palo but i understand that it would take quite alot of work.
... View more
10-11-2018
11:58 AM
Yeah exact, i like the way the ansible part is going with palo. There are still some very key modules missing, but more and more are added. My biggest problem in all this is the thing about modules. In my case managment and architects, perhaps being abit to much oldschool dont really like to idea of having everything built around external thirdparty modules.
... View more
10-08-2018
10:37 PM
Yeah you can install the panpython/pandevice from other places then github. What i mean is if i run into a bug on any of this modules. The only way to get help is to post a anonumoys post on palos github place in the issue section. I know that they are normaly answerd quite soon.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-21-2020
04:34 AM
|
Likes Given To
Latest Blogs
Latest Posts
Copyright 2007 - 2020 - Palo Alto Networks
