About Netwerx

Assuming you're running Windows, here's a quick and dirty powershell script I just wrote to download the list for internal hosting. It gets the content, dumps it to CSV file without headers, which I found I had to do otherwise if I just dumped it to a text file, it was one compelte stream of text without any carriage returns, instead of seperate IP addresses. Throw that file on an internally hosted website dedicated for hosting firewall blacklists, and use IP restrictions so only your firewall can pull the data. I also do this for IP addresses I want blocked for longer than the built in max of one hour.    Try not to run the script more than once per hour once it's working so they don't temporarilly block you. Change the foldername to the name of the site in IIS.            $talos = 'C:\inetpub\wwwroot\NAMEOFINTERNALWEBSITE\talosTemp.csv' Invoke-WebRequest -uri https://talosintelligence.com/documents/ip-blacklist -OutFile C:\inetpub\wwwroot\NAMEOFINTERNALWEBSITE\talosTemp.csv if((gc $talos | Measure-Object).count -gt 100){ gc -path $talos | Out-File C:\inetpub\wwwroot\NAMEOFINTERNALWEBSITE\talos.txt -Force -ErrorAction SilentlyContinue -Encoding ascii }        This is very rudamentary, but it is working for me so far.      EDIT: forgot to add the ascii encoding, feel free to tweak it how you see fit, add more conditional logic as needed, that measure-object is just there to make sure the file isn't empty.  ... View more

Had same issue, try changing URL in EDL to https://talosintelligence.com/documents/ip-blacklist   and in CLI run     request system external-list refresh type ip name "Cisco Talos IP Black List"   Give it a second, then try    request system external-list show type ip name "Cisco Talos IP Black List"       post results.      ... View more

Current setup is that the PA firewall has a virtual wire interface bridging our core switch and physical router.    I've worked with our vendor and an ISP network guy. We set up a new /30 network between the router and firewall (Layer 3), set a few static routes on the physical router, and will redistribute them into EIGRP.  ... View more

Sorry for the confusing question. Our present setup is a cisco router as the default gateway for our network, then the firewall in virtual wire mode, then the core switch. We want to change from virtual wire to layer 3 with minimal disruption to our network. This virtual wire connection has been our primary internet connection, but we need to connect a second WAN connection that we need to transfer business processes to. That means layer 3 due to the need for the most options with policy based forwarding, NATting, etc.    I know we can move the subinterface IPs from LAN side of the physical router to the LAN side (to the core switch) of what would be the layer 3 setup on the firewall, using some other private subnet between the virtual router on the firewall as the next hop from the virtual router to the cisco, and use RIP to advertise the routes from our LAN through the virtual router, to the cisco. I just don't have enough understanding if we can use additional local IP addresses from our current subnets so that they are on both sides of the layer 3 connection on the virtual router. Around here is where I get confused, since by defintion router break up networks / broadcast domains. I think in my head i'm confusing a layer 2 deployment with what is possible with a layer 3 deployment.   I'm just trying to get the vwire converted to layer 3 without having to go to far into NAT rules, etc.    I think the easiest thing to do will probably be to work with our ISP who is currently managing our router to plan out a simple RIP setup between what will be the new virutal router, and the cisco. We just need exisitng traffic flows to go to / from our LAN so we can begin mirating things over to another interface on the firewall (new isp connection, basically going to our own public address space from our ISP NATing what we need).      ... View more

Thank you very much. It is a great relief to not have to re-write the policies. About the virtual router. I'm not trying to disrupt existing routes, but an only trying to make globalprotect portal and gateway work. ... View more

This is still an issue and has not seen any progress. May last work ticket summed with the problem being on the cisco side of things. I don't know if I can solve this with Policy Based Forwarding or not. If I try that, what IP do I forward the traffic to? Do I set it to management IP address of the originating Ethernet port, or do I assign an ip address to the tunnel and forward to that? ... View more

Thank you for the info! I did as you suggested. I'll report back if succesfully. ... View more

Hmm, so the traffic is going from the proper egress on the firewall to our lan, but is returning via the virtual wire instead of the L3 interface where it was supposed to go. Instead it's bypassing the firewall and going to our default gateway for the lan, which would be a physical router. ... View more