Sometimes, you need to do a quick factory reset on a Palo Alto Networks firewall. If you aren’t decommissioning the firewall, a Private Data Reset can be a faster way to accomplish similar results as a factory reset and can be done via CLI directly and could technically be done remotely with some coordination. In…
Out of the box, you can’t just add a Security Profile to the interface that runs GlobalProtect fortunately there’s a relatively easy way to do it with minimal impact to your existing GlobalProtect setup. In this post, I will show you step-by-step how to secure GlobalProtect by adding protection with a Vulnerability Protection Profile or…
I needed to route an FQDN (Fully Qualified Domain Name) down an IPSEC VPN tunnel but couldn’t because it was an external address and the IP is dynamic so I wasn’t able to just make a static route to force it down the IPSEC VPN tunnel. To solve this I discovered something called policy based…
I recently ran into an issue where I had uninstalled Onyx on my switch and I was trying to reinstall it but couldn’t because I was getting an error. Below is an example of the error. partition exists – please uninstall firstEXT4-fs (sda3): couldn’t mount as ext3 due to feature incompatibilitiescp: write error: No space…
I’m a big fan of CLI, I love to use it when I can, it always feels more complete and absolute. A while back I posted how to Upgrade Palo Alto Firewall HA Pair (Active/Passive) in that post I only covered the GUI method this post will detail how to complete everything with CLI only.…
By default Palo Alto Networks firewalls export their configuration as an XML file which is great however, I’m more used to set commands such as the ones commonly used in switches. Fortunately, there’s a way to have the best of both worlds. In this post, I’ll show you step-by-step how to output the Palo Alto…
LinuxServer.io makes some great Docker images. I’ve been using their UniFi Controller image for a very long time. Sadly it is being deprecated in January 2024. Fortunately, they have a new replacement image named UniFi Network Application. There’s a bit more to the setup as the database portion has been decoupled from the image. In…
I’m a fan of doing as much as possible with CLI. It always feels more complete and can sometimes be automated. In this post, I will detail step-by-step how to upgrade the firmware image on an Aruba AP (Access Point) with CLI. ArubaOS is also called Aruba Instant and has nothing to do with Aruba…
Switches that support ONIE (Open Network Install Environment) are amazing switches because you can just change which NOS (Network Operating System) you are running relatively easily. ONIE was created by Cumulus Networks in 2012. In 2020 Nvidia bought Cumulus just after purchasing Mellanox the year before. I will detail step-by-step how to install ONIE and…
By default all Fortinet FortiGates are in Profile-based NGFW mode. There is nothing wrong with the default mode. However, I personally prefer policy mode more. Profile mode works like most firewalls like SonicWall, pfSense and UniFi for example. All your rules are based on ports. Policy mode works like Palo Alto Networks firewalls. All your…
