setup syslog on cisco switch

 10.46.251.254

Logging on

logging origin-id ip

logging facility local0

logging source-interface Vlan250

logging host x.x.x.x

x.x.x.x = your syslog server

For testing

send log TEST

cisco secure client replacing anyconnect

The roaming client and anyconnect client are both going end of life and will be replaced by the cisco secure client. The new client is becoming a general endpoint client for many cisco products. It will work until April 2025:

Before April 2025, you will need to uninstall the roaming client and install the new cisco secure client with umbrella module and the json file for all roaming computers that you want to protect with umbrella when they are at home.

All are available for download in your umbrella dashboard:

Download the new cisco secure client and .json file.

You can use SCCM or similar to deploy it out to your clients.

useful openssl commands

 echo "" | openssl s_client -connect website.ie:443 -showcerts

echo "" | openssl s_client -connect website.ie:443 -showcerts | openssl x509 -noout -text -fingerprint

echo "" | openssl s_client -connect AD01.domain.local:636 -showcerts

echo "" | openssl s_client -connect AD01.domain.local:389 -starttls ldap -showcerts

openssl pkcs12 -nokeys -nocerts -info -in Example1.pfx

openssl.exe s_client -connect 100.100.50.8:443 -servername fs1.domain.com -showcerts

Get info

openssl pkcs12 -nokeys -nocert -info

Export key

openssl pkcs12 -in bundle.pfx  -out key.enc.key

openssl rsa -in key.enc.key -out key.key

Export private key from PFX

opennssl pkcs12 -in bundle.pfx -nodes -nocerts -out key.enc.key

Filter out TCP re transmissions wireshark

 (tcp.analysis.retransmission or tcp.analysis.fast_retransmission)

palo global protect rdp freeze issue

 https://live.paloaltonetworks.com/t5/general-topics/rdp-freeze-fix-globalprotect/td-p/335816

Important: This regedit goes on the machine you are remoting into, not the machine you are remoting from.

 

HKLM\SOFTWARE\Microsoft\Terminal Server Client

UseURCP (Create this new DWORD with value of 0)

 

You can use this from a command prompt as long as you have admin privileges on the box:

REG ADD "HKLM\SOFTWARE\Microsoft\Terminal Server Client" /v UseURCP /t REG_DWORD /d 0 /f

palo alto software upgrade

Backup config 

Device > Setup > Operations > export 

Download the software and sync to HA peer

Device > Software > Check now

You can jump with in a major release like 10.2.10 to 10.2.10-h3

If you need to go up a few versions you need to go

10.2.5 > 10.2.10 > 11.0 > 11.5

Go onto the standby and install the update

Let that install and reboot

reboot can take 15 minutes

You may see an error on primary that config is not sync'd you can ignore

Disable HA on primary to let the secondary take over

Device > High Availability > Suspend local device for high availability

Install update and reboot on primary

When it comes back up re-enable HA

open case with palo support

They need these details

example 

Device: Palo alto firewall PA-850

Device serial number: 1234567890

Software version: 10.1.5-h1

End user company: Customer Name

Reseller company: MSP Company Name

Contact number: +xxx xxxxxxxx