Hardware

Processors, graphics cards, solid state drives and much more is all in this section of the site!

Graylog is a brilliant (and Open Source) tool to easily capture logs from a variety of systems including good old fashioned syslog.

In the screenshot guide below you will learn how to use a set of extractors I constructed to parse out useful information from PAN NGFW syslog.

The link to the source files mentioned is: https://github.com/jamesfed/PANOSGraylogExtractor

For some time there have been plenty of examples of backing up Palo Alto Firewalls with curl commands (extracting the files using the XML API) however that may not sit well with some Windows administrators who want to use PowerShell. As such I’ve put together the BackupPANNGFWConfig repo on GitHub which contains the scripts to get ahold of the API keys needed and then to perform the backups for a series of firewalls.

To get the scripts drop by the link below and for the configuration see the screenshot sequences in this post. You will need a basic understanding of Palo Alto Firewalls, PowerShell and Windows Server to work through these steps.

Super important note, this script is configured to use a TLS1.2 connection to the firewall as well as only allow connections to a firewall with a trusted security certificate – if you jump on the web management interface of the firewalls from the server that you are running the script from you should see the ‘secure’ padlock icon in the address bar.

https://github.com/jamesfed/BackupPANNGFWConfig

With the scripts all configured you will then want to configure a scheduled task on the server to take these backup files on a regular basis.

While iterating through an issue with our Ruckus SmartZone (with Ruckus R510 Access Points) controllers I was looking for a way to see when the Access Points had applied the new configuration; lone behold it’s quite easily done through both the CLI and the GUI.

Anyone who has used the new SmartZone controllers will know all too well that’s it’s not the fastest GUI to work with – thus if you have the option I’d suggest you go with the CLI method which is very responsive (and much more consistent!).

Via the CLI

Via the GUI

So over the last few hours I’ve been making some config changes to our Eaton UPS Network Management Cards that require the magical ‘Reset Communication’ button to be pushed in the web interface (one day I must get the management software!). To help speed up the process (or at least know when I should reload the page) I timed the process; so as more of a reference to myself than anything else the results are…

Web interface will respond and provide an authentication prompt: About 2 minutes 10 seconds after button push
Web interface will display all UPS data: About 2 minutes and 30 seconds after button push

After a great many years since Custom RemoteFX RDS Farm it’s time for something new! After much discussion and looking at the working practices at my current place of work we’ve decided to go all in with RDS and to support that we’ve got 3 new servers to run it on.

2x 1U rack mounts to go in our main server room with 1x tower for our DR room.

Photos below!

While provisioning some new Ruckus R510 WAPs onto our SmartZone 100 (5.0.0.0.675) we’ve had a number of cases where the WAPs will reboot for their firmware update but will not proceed beyond that point. In particular the PWR and CTL lights stay lit but the radio lights do not come on at all.

Looking in Access Points > Affected WAP > More > Tunnel Diagnostics (we’re using AP tunnelling) I note errors along the lines of

ifconfig: gre1: error fetching interface information: Device not found

cat: can’t open ‘/proc/rksgre/gre1/stats’: No such file or directory
cat: can’t open ‘/proc/rksgre/gre1/cache’: No such file or directory
cat: can’t open ‘/proc/rksgre/gre1/cfg’: No such file or directory
cat: can’t open ‘/sys/kernel/debug/qca-nss-drv/stats/*’: No such file or directory

The solution thus far has been pretty simple – factory reset the WAP by pressing and holding the RESET button in the back for 6+ seconds. It’ll go through a process of about 5-10 minutes and thus far have been coming back in a functional state.

Normally the little 8 (well 10 if you include the ‘uplink’ ports) port switches we buy end up under a desk or on a shelf but for a one off we’ve got one going in a comms cabinet. Quite luckily the HPE Aruba 2530-8G come with the ears in the box to do this (I recall seeing some models of switches with this being an additional item or needing a special shelf).

You’ll still need a place to keep the power supply but that’s nothing a few cable ties can’t sort!


Today I had the pleasure of presenting at the Oxford ICTF Conference on Multi-Factor Authentication and Password Stores with Smart Cards and YubiKeys, the video recording is online now here – https://youtu.be/WGtCxS2YFNA and the presentation can be downloaded through the link below.

A special shout out goes to the Yubico press office for providing a set of YubiKey 4s, YubiKey NEOs and Security Keys which helped fuel a very lively Q and A session!

  Presentation.pdf (5.5 MiB, 517 hits)