Road to NSE8 !!
CCNP
Friday, June 21, 2024
Let start NSE8 !
Thursday, August 3, 2023
Cisco FTD route-map metric
If you tried search the information even with chatgpt still cant locate the information. Yup, Cisco FTD replace the metric value with bandwidth:
Monday, June 12, 2023
Palo Alto Power Cycle or power outage cause HA down
After done power cycle or power outage for PA 5220 (Active / Active or Active / Passive), once it boot up but the data plane failed
with error dataplane down : path monitor failure or Policy push to dataplane failed
Just physical power cycle it 2 ~ 3 times
herewith KB
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCcXCAW
Tuesday, April 4, 2023
Palo Alto Failed to find begining of certificate. Make sure certificate starts with BEGIN CERTIFICATE tag.
Don't hesitate just use another browser, problem resolved
Environment
1. PANOS 10.2
2. Panorama
3. Firefox
4. Trying to upload certificate
5. Panicking when migration
6.Engineer ego suspect bug issue
Is a sad TAC case and wasted my company case token is due to silly browser issue.
Yes, you cant find any solution on public KB about this error, according to TAC is from their internal KB.
And, I tried to reproduce next day but miracle happen it success upload.
So conclude, just switch to another browser or using ultimate weapon RESTART YOUR PC.
Wednesday, June 6, 2018
Palo Alto PPPoE with vlan tag, it's stupid setup but it's working !!
at 2018, update from reaper
So I come out this setup. Yes, it is stupid but it work !
Basically, ethernet1/3 setup as Layer 3 with PPPoE
ethernet 1/4
p/s by missing VLAN profile at ethernet1/4 and ethernet1/5.500 the packet unable unable reach to modem (laptop as my testing environment)
Tadahhh..................................................
My laptop receive PPPoE discovery broadcast packet with VLAN ID 500 tagged
Although is stupid setup but it work, LOL
alternative setup if with extra switch with VLAN feature
Summary, well Palo Alto is very common implementation via L3 sub-interface PPPoE, okay !
Monday, March 5, 2018
Note for myself (ignore it)
TROUBLESHOOTING.EncryptionOffPeriod
30
test
ProxySG
Enable full coredump
https://support.symantec.com/en_US/article.TECH244735.html
Force Coredump
https://support.symantec.com/en_US/article.TECH241718.html
SSLVPN - timestamp formula
(((A1/60)/60)/24)+DATE(1970,1,1),
Friday, May 12, 2017
Note - Fortianlyzer generate top sent byte
Dataset to generate report which top user
select srcip, dstip, dstport, action, service, sum(sentbyte/1048576) as sent_MBps,sum(rcvdbyte/1048576) as receive_MBps, count(*) as sessions from $log where logid_to_int(logid) not in (4, 7, 14) GROUP BY srcip, dstip, dstport, action, service ORDER BY sent_MBps DESC