Subscribe:
RSS feed
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
I want to mention here not the XML or REST API usage now , but the theory in python how the Panorama works with device-groups for managed firewalls. This post is rather on how to parse a Panorama XML configuration to grab out data we are looking for or just audit the enterprise level configuration. […]
January 5, 2024
Ever seen that world “CDATA” in any error message when you worked with Palo Alto API? Let me help you if not, but want to be prepared. Use case: In an enterprise enviroment with a lot of security devices the password update of the emergency user or local user for the emergency cases can be […]
November 22, 2023
Hi there, that title sounds very funny right? :-P We heared about IaC already, but nothing about L2aC…?No worry I have not invented anything, I just call my network topology documentation tool as L2aC. The background story short:10 years before I had to support the network guys in their job and I hated typing multiple […]
October 29, 2023
I worked with Palo Alto Panorama at many enterprise companies and one of my struggle I had to face is the missing documentation or some kind of topology about the device-group hierarchy and the template-stacks with parent and child relationship. Where to put new config items, like identity provider settings in the hierarchy of templates for […]
September 7, 2023
Hi there. I just had a case within Prisma SASE as always and I thougth its good that we work with userid based rules for giving users the freedom for mobility, but the hard rule at the end of the rulebase where we just blindly block all unknown users is not so friendly. Or if […]
July 6, 2023
We all have the problem in large environments with many Palo Alto Firewalls that they just generate too many logs and it’s not manageable in the current state, at least it was not for me :-) I prefer the categorization the Palo Alto Firewall has, but it’s just too short (this list is from the […]
July 4, 2023
In the middle of 2021 I worked for the first time with SASE Service from Palo Alto and at that time there was no ADEM (Autonomous Digital Experience Management or Monitoring) so I had to invent something on my own for the same purpose.That was the first time I started to work with Microsoft Powershell […]
July 8, 2022
Palo Alto documentation is very good, but I dont like the Palo Alto web page when I am looking for a keyword in addressed issues or in the known issues, since its listed under each PANOS Release on different web pages. If you have to go through 10-20 PANOS Release notes its really boring every […]
July 8, 2022
As you know the Local Area Network Denial (LAND) attack is a type of Denial of Service (DOS) attack in which the attacker attacks the network by sending the same source and destination IPs and ports (like TCP SYN where the source IP and destination IP is from the destination device itself). if you check […]
March 31, 2021
Customers have to get the trust with NGN Firewalls, so we have to present it somehow without interfering the production traffic. We can do this during a POC (Proof of concept) by integrating it in the network just like we implemented an IDS in the past. The purpose is to present in reports what the […]
itsecworks 
January 17, 2025
0