Networking 101

What is the OSI model?

The Open Systems Interconnection model is a reference model that describes how applications interact with each other over a computer network. The OSI model has seven layers seen below. Physical Layer This is the lowest layer of the OSI model. This layer provides mechanical, and electrical functions by transmitting bits

Panorama Templates and Template Stacks

Templates and Template Stacks are used to configure firewalls using Panorama so that they can function on the network.  If we look at the Panorama tabs, you can see that Templates encompass both the Network and Device tabs. The network tab is where we can define interfaces, Zones, Virtual Routers

How To Install Graylog On Ubuntu 20.04

Graylog [https://www.graylog.org/] is an open-source log management tool that helps you store and analyse machine logs centrally. Graylog set-up consists of three components Graylog server, Elasticsearch, and MongoDB. This is a fresh install of Ubuntu 20.04, as I'm installing Graylog in a demo lab

PAN-OS

Migrate a HA Pair of PAN-OS firewalls into Panorama

When I deploy Panorama first time into the network, I always aim to have the least amount of local configuration on the firewalls as possible and allow Panorama to manage 99% of the configuration. However, in my lab, the firewalls do have some Security Policies and IPSec configuration which I

Panorama Best Practices Assessment.

The Palo Alto Networks Best Practice Assessment (BPA) [https://www.paloaltonetworks.com/services/bpa] tool can be used to check the security posture of both Panorama and firewall deployments, by comparing the current configuration of the devices against the Palo Alto Network best practices.  The BPA can be re-run at

The Lab

My unexpected TrueNAS Build

Over the last few weeks, I've been doing some spring cleaning in my home network. Whilst poking around in my datastores of my two ESXi hosts it was evident I had a case of virtual machine sprawl. It was time to be a bit ruthless and delete the

PAN-OS

Upgrading Panorama PAN-OS Software

Time to upgrade Panorama to a newer PAN-OS version! My EVE-NG lab Panorama has an internet connection that allows me to download software and content updates. And since I'm running in Panorama mode with an integrated log collector, I don't need to upgrade the log collector

Virtual Panorama Log Collector Setup

At the heart of my EVE-NG lab, I have two virtual Panorama appliances deployed using a KVM image which I wrote about in my previous two blogs [https://www.mbtechtalker.com/tag/pan-os/]. I'm using the default Panorama mode, which operates as a management server with local log

PAN-OS

Panorama Baseline Configuration

Now that I have successfully deployed a Panorama KVM image in EVE-NG, I can now boot up the two Panorama virtual appliances and configure IP connectivity through the console so that each Panorama can be managed via the WebUI and SSH. The aim of this lab task is to have

The Lab

A very flexible lab switch

Due to the fact that my Cisco UCS M4 [https://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-c220-m4-rack-server/index.html] is such a beast of a server, it's mega loud! So I had no choice but to tuck it away in my workshop. I needed to come

The Lab

How to enable VM Autostart on VMware ESXi 7.0

Now that my Cisco UCS labs server is purring away, I have been exploring ways to automate certain tasks, for instance, being able to power the server using Tapo P110 Wifi enabled power sockets [https://www.amazon.co.uk/TP-Link-Tapo-Monitoring-Required-P110/dp/B097YBXHTW/ref=sr_1_1?adgrpid=126376539782&gclid=

The Lab

How I remotely power on my lab server.

My Cisco UCS lab server is nicely tucked away in my workshop as it's super loud! I didn't want to have to keep going outside to power the server on and off, especially when it's cold and wet. I did some research on a

PAN-OS

Deploying a Panorama KVM image to use with EVE-NG

1. SSH to the EVE-NG server, create a new folder for the KVM image, mkdir /opt/unetlab/addons/qemu/panorama-10.1.3 2. Copy the Panorama .qcow2 image to the /opt/unetlab/addons/qemu/panorama-10.1.3 folder using FileZilla or WinSCP as an example. The folder must be named

PAN-OS

IPSec VPN between a Palo Alto Networks Firewall and a Cisco Router

In my EVE-NG lab, I've configured static IPSec Site-to-Site VPN between a Palo Alto Networks VM-Series firewall running PAN-OS 9.1.12 and a Cisco IOSv router running the VIOS-ADVENTERPRISEK9-M 15.9 image. The PAN firewall has connectivity through the lab internet backbone to the Cisco router. Both

The Lab

Deploying EVE-NG Pro on my Cisco UCS C240 lab server

Now that I have VMware ESXi installed on my Cisco UCS C240 [/cisco-ucs-esxi-usb/] lab server, I'm moving on to the fun stuff! So the first job I needed to do was install EVE-NG pro within ESXi 7.0, buy a license and fire it up and start building

The Lab

Cisco UCS C240 M4 ESXi vSphere 7 USB Installation

Yesterday I bought a VMUG advantage membership [https://www.vmug.com/membership/vmug-advantage-membership/] so that I can use the 365 day evaluation licenses. Next stop ESXi vSphere 7 USB Installation on my new UCS C240 M4 lab server. I downloaded the iso and fired up Rufus [https://rufus.ie/en/

The Lab

Cisco UCS C240 M4 home lab server

Over the last few weeks, I've been having a few frustrating technical problems with my home lab setup. I decided to bite the bullet and pulled the trigger on a used Cisco UCS C240 M4 [https://www.cisco.com/c/en/us/products/servers-unified-computing/ucs-c240-m4-rack-server/index.html] server

PAN-OS

How Generate Self-Signed Certificates on a PAN-OS Firewall

So you don't have a Windows Server with Active Directory and Certificate Services ready to go, but wait you need to test GlobalProtect client certificate authentication now! What's the answer? Easy, generate a self-signed root certificate on the Palo Alto Networks firewall and create a client

The Lab

Under the Hood of My VMware Workstation PAN-OS Firewall Lab

For 12 years I owned my own business, I was a self-employed Network Security Consultant, it was evident that owning a lab environment to design solutions, perform proof of concepts, and replicate customer environments was really important to me. I didn't have the luxury to attend regular technical

PAN-OS

How To Configure A Certificate For Secure PAN-OS Web-GUI Access

When using the WebUI to access a Palo Alto Networks firewall, you can use a certificate for all web-based management sessions, which will in turn get rid of those really annoying  " Your connection is not private"  warning pages. If you are familiar with my YouTube channel [https://www.

PAN-OS

How to automatically bulk import address objects into Palo Alto Firewall.

I couldn't possibly count the number of times I've needed to import a huge long list of objects into a firewalls configuration for some sort of IT project. These days the thought of manually adding each object one by one using Web-UI button clicks fills me

The Lab

How to move a VMware Workstation Virtual machine to another hard drive.

Just recently I had the need to move my Palo Alto Networks lab Virtual machines to another hard drive on my Windows 10 PC,  The disk was slowly but surely  running out of space. To be honest It's a pretty straight forward task, never the less I thought

CyberSecurity Featured

Who is Palo Alto Networks?

Palo Alto Networks is a leading cybersecurity company that provides network security solutions to enterprises, service providers and government agencies around the globe. The company headquarters is located in Santa Clara California.