TS FTD like TAC

 https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/R6BGArNQ/TECSEC-3004.pdf

system support trace

network design ideas

Just writing down some idea's

Dual internet connection with failover
Share public range with BGP
Alternativly two public IP ranges with dyndns
OOB mananagement (open gear)
Redundancy starting at the SAN
Rule of thumb 2 of everything
HA firewall
HA switch (stack)
Vlans/networks LAN,WIFI, DMZ, DB, APP, VOICE, RSPAN, OOBMGMT, BACKUPS, MONITORING
Off site (cloud) backups or tape taken off site
Monitoring, graphing, alerting, PTRG, Netflow, SNMP
NTP server
TFTP server
config backup 
radius and MFA (DUO) where possible 
syslog (syslog-ng)
opendns (Cisco umbrella / dnsfilter)

IPS like security onion

Multiple DMZs or Private VLANS in your DMZ alternatively consider reverse proxy.

palo alto bulk add log forwarding profile to security policy rules

You can use the migration tool to do this 

After version 10.1 there is also a log forwarding for security services policy optimizer under 

Policies > Security 

Policy optimizer in the bottom left

You need to have configured logging and your log forwarding profile in advance

Select "None" to find all the rules with no logging policy applied 

click the first rule

scroll to the bottom

hold shift and click the last rule to select all

In the bottom left click "Attach log forwarding profile"

Select your profile "LOG-FWD-PROFILE"

Click ok

Commit

Info found on: 

https://live.paloaltonetworks.com/t5/general-topics/log-forwarding-profile-in-all-security-policies/td-p/205426

useful windows cmds

Get hostname

hostname

Get current user

whoami

Get serial number

wmic bios get serialnumber

Get manufacturer model name

wmic csproduct get name

Print out date/time

echo %DATE% %TIME%

Get OS name and ver (takes a few seconds to run)

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

All IP config details

ipconfig /allcompartments /all

Get all NIC details

wmic nicconfig get description,IPAddress,MACaddress

Display the DNS cache

ipconfig /displaydns

Check hosts file

more %SystemRoot%\System32\Drivers\etc\hosts

Netstat (run as admin)

Get listening/established ports and PIDs

netstat -naob 

netstat -naob | findstr LIST

Print routing table 

netstat -nr 

route print

List sessions with other computers

net session

net session \\pcname /list

Print our machines we can see on domain

net view

net view \\127.0.0.1

View Netbios over TCP details

nbtstat -S

Show arp table

arp -a

WLAN info

netsh wlan show interfaces

netsh wlan show all

List services

services.msc

tasklist

Show whats inside svhosts

tasklist /svc

tasklist.exe /FI "PID eq 8988" /svc

sc query

wmic service list config

Sysinternals

pslist 

pskill

Event logs

eventvwr

wevtutil qe security /f:text | more

Localusers

Lusrmgr

net users

Startup apps 

msconfig

autoruns

xcopy find files for a specific date (note date format)

xcopy \\servername\sharename$\*.* /S /L /H /D:mm-dd-yyyy | more

Find files bigger than 30MB

for /R c:\ %i in (*) do @if %~zi gtr 30000000 echo %i %~zi

Sysinternals

tcpviewcon -a 

psloggedon

logonsession

handle

listdlls

processexplorer

processmon

sysmon

autoruns

restart services on palo alto firewall from CLI

 debug software restart log-receiver

debug software restart management-server

packet capture on palo alto

 This can be done from the web gui under Monitor > Packet capture

Setup your filters

Add your stages rx,tx,fw,drop

Switch on filter and packet capture

You can also run tcpdump from the CLI which is the only one that will show mgmt interface traffic like syslog

dynamic VPN on sonicwall to HQ with a static IP

 https://www.sonicwall.com/support/knowledge-base/configuring-aggressive-mode-site-to-site-vpn-when-a-site-has-dynamic-wan-public-ip-address/170505565649605/