https://knowledge.broadcom.com/external/article/368995/download-vmware-remote-console.html
Wednesday, 18 June 2025
Wednesday, 4 June 2025
Cisco RMA steps
open case
request RMA
enter serial
chat now
Can I request RMA for this serial number : xxxxxxx
creates a RMA ticket
address needs to have customer name (your address / eircode)
or ship the RMA to the customer site
Friday, 7 March 2025
export user cert from windows cert store
Open MMC
Add certs snap-in
user account and computer store
Check certificates > personal
exported the user cert from user store (use PKCS12 or DER base-64 encoded)
imported user cert into machine
switch aaa and radius authentication settings for duo etc
aaa group server radius DUO-AUTH
aaa authentication login default group DUO-AUTH local
aaa authentication login CON-LOCAL local
aaa group server radius DUO-AUTH
server name DUO-AUTH-PROXY
ip radius source-interface Vlan2
radius server DUO-AUTH-PROXY
address ipv4 192.168.1.1 auth-port 18122 acct-port 18122
pac key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Wednesday, 5 March 2025
find what DH group an ikev1 S2S VPN is using in ASA
Move away from Groups 2, 5, 24.
DH Groups 2, 5, 24 are considered insecure and are deprecated in FTD’s running 6.5/6.6 and will be removed in a later version.
check 6.7 and 7.1 release notes and search for group 5
https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/vpn-s2s.html?
IKEv1
show vpn-sessiondb detail l2l filter ipaddress x.x.x.x
Look for "D/H Group" in IKEv1 section
sh crypto isakmp sa detail | i Grp:
sh crypto isakmp sa | i PFS Group 2,
Looking for groups 2 and 5
sh crypto isakmp sa detail | i Grp:2,
sh crypto isakmp sa detail | i Grp:5,
Can copy the full output of " sh crypto isakmp sa detail" to a text file and search
Tuesday, 4 March 2025
QoS palo alto
Make QoS policies
Policies > QoS
Assign policies to a profile:
Network > Network Profiles > QoS Profile
Assign a profile to interfaces
Network > QoS
Thursday, 27 February 2025
why speed test results are usually lower than advertised speed
Overhead
- Your internet speed is measured in raw bits per second (bps), but real-world data transfer includes additional information like headers, acknowledgments, and error checking.
- TCP/IP, Ethernet, and other protocols add packet overhead, meaning some portion of the bandwidth is used for network management rather than your actual data.
- This overhead typically accounts for 5-15% of the total bandwidth, which explains why you rarely see a full 1 Gbps in speed tests.
Speed test client and server
ISP and firewall/network management and contention
- ISPs often use network shaping, congestion control, and peering agreements that affect speed.
- During peak times, ISPs may limit speeds slightly to ensure fair distribution of bandwidth among users.
- Your internal network/firewall may do the same
- Its best to test out of hours with just your test laptop plugged into the internet connection to give the best results
Thursday, 20 February 2025
check a DNS TXT record
https://mxtoolbox.com/SuperTool.aspx?action=txt%3a%40.dlrcoco.ie&run=toolpage#
nslookup -type=TXT mail._domainkey.domain.com
dig TXT domain.com +short
Powershell
Resolve-DnsName -Type TXT domain.com
Wednesday, 12 February 2025
Meraki monitoring pages
Organisation -> Alerts
Network-wide > clients
Network wide > Traffic
Tuesday, 28 January 2025
geoblock on palo alto
The FW needs to see the IP before geoblock can be applied
under monitor > logs > GlobalProtect
( stage eq 'login' ) and ( status eq 'success' )
Also
Network > Gateways, click on the "Remote Users" link on the right
There is also the option to create the NAT for the GP IP only for the geo locations allowed
Have a general security rules with geoblock to/from any deny
Have a security rule to allow access to the GP IP only from the approved countries
Set the countries up in the GP config (portal / gateway)
Config the geoblock on any 2FA you might be using for 2FA as well as another line of defence
Enable the palo EDL blocks and dynamic threats etc, strict IPS
Wednesday, 22 January 2025
exclude IP's from nessus scan
Say we want to exclude 101 and 102 we can create targets like so:
192.168.1.1-192.168.1.100, 192.168.1.103-192.168.1.254
Reducing scan impact:
1. Exclude or Limit Scanning of Network Infrastructure Devices
-
Exclude devices like:
-
Firewalls
-
Switches
-
Wireless access points
-
Routers
-
-
These devices often:
-
React poorly to port scans and probes
-
Have limited CPU/RAM for handling scan traffic
-
Could throttle or interrupt user traffic when overwhelmed
-
✅ Yes, you should exclude these devices unless you have a clear need to scan them and have coordinated with the network team.
✅ 2. Use Scan Throttling and Performance Settings
Adjust the performance settings in Nessus:
-
Scan Configuration > Performance Settings:
-
Reduce the number of max simultaneous checks per host.
-
Lower the max simultaneous hosts scanned.
-
Increase the timeout to prevent retries.
-
Set network scan delay (e.g., 100–300 ms).
-
Use Safe Checks to avoid DoS-like behavior.
-
This reduces the burst load on the network and the devices.
✅ 3. Use Targeted or Segmented Scans
-
Break the scan into smaller IP ranges or subnets.
-
Focus on servers, endpoints, or business-critical systems first.
-
Scan different segments at different times or windows.
This distributes the load and avoids network congestion.
✅ 4. Schedule Scans During Off-Hours
-
Run scans during non-peak hours (e.g., late evening or weekends).
-
Coordinate with the customer for a maintenance window.
This is often the simplest way to avoid affecting productivity.
✅ 5. Enable Credentialed Scanning Where Possible
-
Credentialed scans are less noisy on the network.
-
They use authenticated access (e.g., SSH, SMB) to gather data from inside the system.
More accurate and less intrusive than aggressive remote scans.
✅ 6. Use Passive or External Discovery Methods First
-
Start with:
-
ARP sweep
-
DNS enumeration
-
SNMP discovery
-
Existing asset inventories
-
-
Use these to map devices before a full vulnerability scan.
✅ 7. Communicate and Test First
-
Run a scan in a test VLAN or lab to profile the impact.
-
Communicate with the network and system admins.
-
Make sure there’s monitoring in place to see how scans affect performance.
Nessus HSTS check and redirects HTTP 3xx codes
https://community.tenable.com/s/article/Verify-strict-transport-security-header-for-HSTS-Missing-From-HTTPS-Server?language=en_US
curl -sSI http://domain.com/
Friday, 17 January 2025
Palo alto and azure SAML auth
KBs:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE
https://learn.microsoft.com/en-us/entra/identity/saas-apps/palo-alto-networks-globalprotect-tutorial
Generate the the cert and make it active
Delete the old cert
Wait a few minutes for azure cloud to update
Download the xml
delete old certs from palo
Import the xml into palo this will create cert and SAML IDP profile
Don't tick validate check box
Select the new IDP profile in your azure auth profile
Thursday, 2 January 2025
NAT rules on palo alto
Making a note because its a bit different to cisco ASA
NAT rule
OUTSIDE > OUTSIDE
Public src > Public dst
FW rule
OUTSIDE > INSIDE (counted as inside because of the NAT)
Public src > Public dst