One of the challenges with managing any zone based firewall on a large
scale is knowing which zone everything is in. We all know that the
network should be well documented, but we also know that routing tables
get unwieldy, and it's not uncommon when adding a firewall rule to be
wondering exactly which zone that source or destination is in.
There are three ways … Read whole post...
A few days ago I stumbled upon the python interpreter on the Nexus
platform. It got me to tinkering.
In the past, I have had a requirement to grab a list of all of the
interfaces on a box, the IP's, and the masks. The interfaces and IP's
can easily be obtained from a show ip int br, and using column select to
grab the … Read whole post...
Recently we deployed a Palo Alto VM-200 firewall. It was a stand-alone
deployment on a remote site. We were going to deploy a pair, but we
didn't see how much value it added as the VM-series firewalls do support
HA but not stateful HA.
As it was stand-alone, it wasn't managed by Panorama. And without
Panorama management, it is seemingly not very straightforward to enable … Read whole post...