La red de Angel

# GET HIT COUNTS FROM ALL SECURITY RULES # import requests params = { 'key': ' {INSERT XML API KEY HERE} ', 'type': 'op', } data = { 'cmd': "<show><rule-hit-count><vsys><vsys-name><entry name='vsys1'><rule-base><entry name='security'><rules><all></all></rules></entry></rule-base></entry></vsys-name></vsys></rule-hit-count></show>", } response = requests.post('https:// {FIREWALL MGMT IP} /api/', params=params, data=data, verify=False) print (response.text) # GET  HIT COUNT FROM SPECIFIC SECURITY RULE # import requests params = {     'key': ' {INSERT XML API KEY HERE} ',     'type': 'op', } data = {     'cmd': "<show><rule-hit-count><vsys><vsys-name><entry name='vsys1'><rule-base><entry name='security...

Cause -->   This issue is directly related to high-availability configuration in SDWAN device in local device. If you are adding an standalone firewall as SDWAN device in Panorama with locally enabled HA configuration it will cause this problem. Solution -> You can either remove local HA configuration in the firewall or tou can implement HA with 2 member and then you can setup SDWAN in both devices as an HA group in Panorama SDWAN settings.

 

In the example we will be using Google Chrome as our browser. Step 1 - Create .bat file in Notepad Open Notepad app in Windows and copy and paste the following text: start "" "c:\Program Files\Google\Chrome\Application\chrome.exe" --ignore-certificate-errors Save the file as a .bat file  in your preferred location (I choose Desktop usually).  Make sure you choose "ALL Files (*.*)" as the File type when saving the file. Step 2 - Execute the file Make sure you have any no open Chrome session otherwise this will not work. This is specially useful whenever you going to configure a new network device via HTTPS where normally it comes with a Self-Signed certificate which by default not Trusted by the browser. With this technique you should be able to connect to the device while ignoring any SSL certificate warnings from the browser and of course as part configuring a network device a proper SSL certificate  will need to be installed for a secured web access to...

@AZURE 1.1. Create SAML enteprise Applicarion. We will call it Fortigate SSL VPN 1.2.   Define AAD User groups that will have access to the Enterprise Application. Take note of the Object ID as it will use later in the Fortigate firewall. 1.3. Download Enterprise Application's SSL certificate. This will be imported in the Forigate firewall manually on later stage. @FORTIGATE FIREWALL NOTE: Forticlient SSLVPN settings are ignored in this step. 2.1. Import Azure's Enterprise Application SSL certificate on Fortigate Firewall (downloaded in Step 1.3) 2.2.   Create SAML Sign-Sign On group. We will call it ' ssl-azure-saml' 2.3. Create an User Group called 'AAD-SSL-VPN-USERS' pointing to the  Object Id of the and the AAD Group (this can be found in Azure in step 2). This User group will be used in the Firewall Policies in order to filter  2.4 .Create Firewall Policy to restrict traffic to VPN Users AAD group while using the AAD-SSL-VPN-USERS  object. If we wa...

 Requirements Palo Alto VM series firewall on KVM (in my case, hosted in EVE-NG) Terraform.exe file (Downloaded from Terraform official page) Visual Studio Code software Connectivity to Palo Alto machine from the host machine Step 0 - Create a folder to host all Terraform files C:\Users\angel\scripts\paloalto Step 1 - Download terraform.exe file from Official Terraform page  I am using Windows OS for this example but you can use Linux, MAC or other OS types as well Install | Terraform | HashiCorp Developer Extract terraform.exe in folder where all Terraform files are located --> C:\Users\angel\scripts\paloalto Step 2 - Open Visual Studio Code and download the following Terraform related extensions: Terraform Hashicorp Terraform Terraform advanced syntax higlighting Step 3 - Create main.tf on terraform files folder C:\Users\angel\scripts\paloalto\main.tf Step 4 - Edit main.tf with the following basic code. Make sure that indetation is well respected on file terraform { ...