Palo Alto Networks makes a program named Terminal Server Agent, aka the TS Agent. It is similar to the User-ID agent. However, the TS Agent is built to identify users on a multi-user system. In this post, I will show you step-by-step how to upgrade the Palo Alto Networks Terminal Server agent. Prerequisites The TS…
By default, with Onyx (MLNX-OS), when you export the switch configuration, it is exported as a bin file rather than the regular text-based config files we are all used to. Fortunately, there’s a way to export the configuration as a text file. In this post, I will show you step-by-step how to generate and export…
Palo Alto Networks firewalls often require a device certificate. A device certificate is needed for items like device telemetry and for some of the CDSS (Cloud-Delivered Security Services) items, such as WildFire, DNS and URL filtering, and others. In this post, I show you step-by-step how to check if a device certificate is installed and…
Palo Alto Networks has this awesome program called the User Identification Agent, aka the User-ID Agent. It allows you to identify which device a user is using, allowing you to craft security policy rules based on the users themselves. In this post, I will show you step-by-step how to upgrade the Palo Alto Networks User-ID…
If you have been using the UniFi controller for a very long time, there’s a chance you are running an older version of MongoDB. When Ubiquiti released version 8.1 of the UniFi network application server, they finally bumped up the supported MongoDB version from 4.4 to 7.0. The MongoDB upgrade path only supports jumping one…
When you self-host the UniFi Controller or the UniFi Network Application server, it’s a good idea to take a backup before making major changes. Backups are always a good thing to have. In this post, I will show you step-by-step how to take a settings only backup of the UniFi Network Application server. The Process
Sometimes, you need to do a quick factory reset on a Palo Alto Networks firewall. If you aren’t decommissioning the firewall, a Private Data Reset can be a faster way to accomplish similar results as a factory reset and can be done via CLI directly and could technically be done remotely with some coordination. In…
Out of the box, you can’t just add a Security Profile to the interface that runs GlobalProtect fortunately there’s a relatively easy way to do it with minimal impact to your existing GlobalProtect setup. In this post, I will show you step-by-step how to secure GlobalProtect by adding protection with a Vulnerability Protection Profile or…
I needed to route an FQDN (Fully Qualified Domain Name) down an IPSEC VPN tunnel but couldn’t because it was an external address and the IP is dynamic so I wasn’t able to just make a static route to force it down the IPSEC VPN tunnel. To solve this I discovered something called policy based…
I recently ran into an issue where I had uninstalled Onyx on my switch and I was trying to reinstall it but couldn’t because I was getting an error. Below is an example of the error. partition exists – please uninstall firstEXT4-fs (sda3): couldn’t mount as ext3 due to feature incompatibilitiescp: write error: No space…
