Tuesday, 20 February 2024

setup syslog on cisco switch

 10.46.251.254


Logging on

logging origin-id ip

logging facility local0

logging source-interface Vlan250

logging host x.x.x.x


x.x.x.x = your syslog server


For testing

send log TEST

Posted by at No comments:

Monday, 12 February 2024

cisco secure client replacing anyconnect

The roaming client and anyconnect client are both going end of life and will be replaced by the cisco secure client. The new client is becoming a general endpoint client for many cisco products. It will work until April 2025:


Before April 2025, you will need to uninstall the roaming client and install the new cisco secure client with umbrella module and the json file for all roaming computers that you want to protect with umbrella when they are at home.

All are available for download in your umbrella dashboard:


Download the new cisco secure client and .json file.


You can use SCCM or similar to deploy it out to your clients.

Posted by at No comments:

Friday, 9 February 2024

useful openssl commands

 openssl s_client -connect 100.100.100.20:443


echo "" | openssl s_client -connect website.ie:443 -showcerts


echo "" | openssl s_client -connect website.ie:443 -showcerts | openssl x509 -noout -text -fingerprint


echo "" | openssl s_client -connect AD01.domain.local:636 -showcerts


echo "" | openssl s_client -connect AD01.domain.local:389 -starttls ldap -showcerts


openssl pkcs12 -nokeys -nocerts -info -in Example1.pfx


openssl.exe s_client -connect 100.100.50.8:443 -servername fs1.domain.com -showcerts


Get info

openssl pkcs12 -nokeys -nocert -info


Export key

openssl pkcs12 -in bundle.pfx  -out key.enc.key

openssl rsa -in key.enc.key -out key.key


Export private key from PFX

opennssl pkcs12 -in bundle.pfx -nodes -nocerts -out key.enc.key

Posted by at No comments:

Filter out TCP re transmissions wireshark

 (tcp.analysis.retransmission or tcp.analysis.fast_retransmission)

Posted by at No comments:

Thursday, 8 February 2024

palo global protect rdp freeze issue

 https://live.paloaltonetworks.com/t5/general-topics/rdp-freeze-fix-globalprotect/td-p/335816


Important: This regedit goes on the machine you are remoting into, not the machine you are remoting from.

 

HKLM\SOFTWARE\Microsoft\Terminal Server Client

UseURCP (Create this new DWORD with value of 0)

 

You can use this from a command prompt as long as you have admin privileges on the box:

REG ADD "HKLM\SOFTWARE\Microsoft\Terminal Server Client" /v UseURCP /t REG_DWORD /d 0 /f

Posted by at No comments:

Wednesday, 7 February 2024

palo alto software upgrade

Lookup preferred release for your hardware

https://live.paloaltonetworks.com/t5/Customer-Resources/Support-PAN-OS-Software-Release-Guidance/ta-p/258304


Backup configs

Device > Setup > Operations > export 


Make note of relevant IP's and URLs

  • Management IP's
  • Public IP
  • LAN IP
  • GP portal IP and URL
  • Record S2S VPNs up/down
  • Maybe start a continuous ping to IPs


Download the software and sync to HA peer

Device > Software > Check now

You can jump with in a major release like 10.2.10 to 10.2.10-h3

If you need to go up a few versions you need to go

10.2.5 > 10.2.10 > 11.0 > 11.5

  • Start on 10.2.5
  • Download and install latest in family 10.2.10
  • Download 11.0
  • Download latest in next family 11.5
  • Install 11.5 so long as 11.0 files are downloaded it will be ok
  • Don't go more than 1 major version ahead of the other FW, keep in step

Install on secondary

  • Go onto the standby and install the update
  • Let that install and reboot
  • reboot takes about 20 minutes
  • You may see an error on primary that config is not sync'd you can ignore

Switch over to secondary which has just been upgraded

  • Disable HA on primary to let the secondary take over
  • Device > High Availability > Suspend local device for high availability

Completed install on primary

  • Install update and reboot on primary
  • When it comes back up it will re-enable HA but check that it has
  • Repeat the process until upgrade to preferred release 

After upgrade
Testing (internet, email, teams, GP)
Run all the dynamic updates and make sure updates are scheduled

GP client
GP client can be updated as well but this can introduce other issues to best done separately
vpn.domain.com should resolve on the LAN 

Posted by at No comments:

Thursday, 1 February 2024

open case with palo support


They need these details

example 

Device: Palo alto firewall PA-850

Device serial number: 1234567890

Software version: 10.1.5-h1

End user company: Customer Name

Reseller company: MSP Company Name

Contact number: +xxx xxxxxxxx


Posted by at No comments:
Subscribe to: Posts (Atom)