Palo Alto Networks : Firewall Loopback interfaces

In a dual-homed network infrastructure, loopback interfaces are a very valuable configuration option on Palo Alto firewalls. Cisco folk may be more familiar with the use of loopback interfaces, so this article gives a very quick look at some of the uses of a loopback interface in a Palo Alto firewall deployment. The most usedul … Continue reading Palo Alto Networks : Firewall Loopback interfaces

Lessons Learned : Accessing citrix storefront through citrix netscaler

I hope these couple of points will save somebody out there a lot of pain: Its much easier to use the latest build (v 10.1 build 118.7) since on first login it will ask for the "type of deployment", where you can choose the "Access Gateway" deployment to launch an easy wizard. That said, using … Continue reading Lessons Learned : Accessing citrix storefront through citrix netscaler

Lessons learned : Global Protect + User ID w/ Palo Alto Networks firewall

Scenario : A palo alto firewall has been successfully setup to use global protect, along with LDAP authentication. Also, USER-ID has been setup internally,with firewall policies written to include username / groups. This allows the firewall administrator to deploy consistent firewall policies to both internal and VPN users, based on active directory groups Problem: After a … Continue reading Lessons learned : Global Protect + User ID w/ Palo Alto Networks firewall

Nugget Post : Quick USER ID tip for palo alto admins

Quick Tip... You're a Palo Alto firewall administrator, and you've setup USER ID to identify all your users and write user-based firewall policies. Problem: some users have linux laptops and do not login to the domain, others are windows users that the USER ID system simply does not pick up. Solution: 1. Create a read … Continue reading Nugget Post : Quick USER ID tip for palo alto admins

Palo Alto Networks : Implementing Conditional Advertising in BGP

Palo Alto networks have an interesting feature in their BGP module called "Conditional Adv" - this is found in the Network > Virtual Routers > default > BGP > Conditional Adv tab of the GUI. There are no concrete examples in their KB of how to implement this, so here is a rundown of why and … Continue reading Palo Alto Networks : Implementing Conditional Advertising in BGP

Lessons Learned: Overriding routing in Cisco ASA

While at a client this week, I ran across a fundamental change in post 8.3 cisco ASA routing logic which blindsided me for a while. The scenario was that after changing some VPN tunnel endpoints and hence changing subnet locations, we started seeing errors in syslog along the lines of TCP session torn down, "no … Continue reading Lessons Learned: Overriding routing in Cisco ASA

Lessons Learned: Cisco Catalyst Q-in-Q

Today I had the chance to work on a scenario where cisco Q-in-Q was needed. Basically, Q-in-Q is a method wherein a vlan (normally that of a customer) is left intact, and encapsulated within another vlan (normally that of a provider). So it's vlan-within-a-vlan. There are plenty of guides on the internet that explain it, … Continue reading Lessons Learned: Cisco Catalyst Q-in-Q