10.46.251.254
Logging on
logging origin-id ip
logging facility local0
logging source-interface Vlan250
logging host x.x.x.x
x.x.x.x = your syslog server
For testing
send log TEST
10.46.251.254
Logging on
logging origin-id ip
logging facility local0
logging source-interface Vlan250
logging host x.x.x.x
x.x.x.x = your syslog server
For testing
send log TEST
The roaming client and anyconnect client are both going end of life and will be replaced by the cisco secure client. The new client is becoming a general endpoint client for many cisco products. It will work until April 2025:
Before April 2025, you will need to uninstall the roaming client and install the new cisco secure client with umbrella module and the json file for all roaming computers that you want to protect with umbrella when they are at home.
All are available for download in your umbrella dashboard:
Download the new cisco secure client and .json file.
You can use SCCM or similar to deploy it out to your clients.
echo "" | openssl s_client -connect website.ie:443 -showcerts
echo "" | openssl s_client -connect website.ie:443 -showcerts | openssl x509 -noout -text -fingerprint
echo "" | openssl s_client -connect AD01.domain.local:636 -showcerts
echo "" | openssl s_client -connect AD01.domain.local:389 -starttls ldap -showcerts
openssl pkcs12 -nokeys -nocerts -info -in Example1.pfx
openssl.exe s_client -connect 100.100.50.8:443 -servername fs1.domain.com -showcerts
Get info
openssl pkcs12 -nokeys -nocert -info
Export key
openssl pkcs12 -in bundle.pfx -out key.enc.key
openssl rsa -in key.enc.key -out key.key
Export private key from PFX
opennssl pkcs12 -in bundle.pfx -nodes -nocerts -out key.enc.key
(tcp.analysis.retransmission or tcp.analysis.fast_retransmission)
https://live.paloaltonetworks.com/t5/general-topics/rdp-freeze-fix-globalprotect/td-p/335816
Important: This regedit goes on the machine you are remoting into, not the machine you are remoting from.
HKLM\SOFTWARE\Microsoft\Terminal Server Client
UseURCP (Create this new DWORD with value of 0)
You can use this from a command prompt as long as you have admin privileges on the box:
REG ADD "HKLM\SOFTWARE\Microsoft\Terminal Server Client" /v UseURCP /t REG_DWORD /d 0 /f
Backup config
Device > Setup > Operations > export
Download the software and sync to HA peer
Device > Software > Check now
You can jump with in a major release like 10.2.10 to 10.2.10-h3
If you need to go up a few versions you need to go
10.2.5 > 10.2.10 > 11.0 > 11.5
Go onto the standby and install the update
Let that install and reboot
reboot can take 15 minutes
You may see an error on primary that config is not sync'd you can ignore
Disable HA on primary to let the secondary take over
Device > High Availability > Suspend local device for high availability
Install update and reboot on primary
When it comes back up re-enable HA
They need these details
example
Device: Palo alto firewall PA-850
Device serial number: 1234567890
Software version: 10.1.5-h1
End user company: Customer Name
Reseller company: MSP Company Name
Contact number: +xxx xxxxxxxx