PALO ALTO reset to default

In this post I will show you how to reset a PaloAlto firewall back to  factory settings. You 1st need to acquire the unit SN#

You now login via ssh by using the username maint and with  the password of the unit SN#. The main window will have a ncurse like menu that will allow you to select the factory_reset operation

Select it and sit back and wait. It can take approx 3-7mins for the unit to redo it's self back to factory.

After the unit has reconfigured and has reboot, you can login back in via username/password  admin/admin

You will to re-license/activate the unit and dynamic updates all license keys and updates are reverted

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

Merry Christmas

Will it's the end of the year...will almost. Merry Christmas here's a few tips and info.

1st

PAN-OS 7.0.4 came out a few days ago.

I'm in  the process of reviewing the fixes.

https://downloads.paloaltonetworks.com/software/PAN-OS-7.0.4-RN.pdf

2nd

In a dual-stacked fortigate how do you know exactly how many session per-vdom or ipv4 or ipv6 in one glance. The following dianose command can provide these details.

 diag sys vd list | grep ses_num

Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

HOWTO determine what files are modify FortiOS

Have you ever been interested as to what files changes when you modify the cfg in a Fortigate? We have a simple cmd that will list the changed file(s).

diag sys list-modified-files



Here's the command executed before we make any change;










And now our change, we will add a host in the firewall address.

And now we re-execute the file listing command;

The hidden fnsysctl command can also list the files in  the /data/config  directory also.





Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

fortiOS v5.4.0 is out

With the bad taste left from 5.2.x I wonder what's tobe expect on v5.4 for FortiOS. I didn't even bother to participate in  beta 5.4 testing.

https://en.wikipedia.org/wiki/Fortinet


Read the release notes whenever they post them for the general pubic ( http://docs.fortinet.com/fortigate/release-information ) , this is the wild wild west ;)


You might want to do a execute reboot and interrupted the boot process and run the new image from memory before committing the image into the onboard flash.


Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

hidden vdom fortiOS multi-vdom mode

FortiOS has a few hidden vdoms that can be strange to see from the basic eye. Here's my local vdoms on a fgt unit

Simple right?

No so fast , we really have  2x more vdoms that are  define but are not directly accessible as demo'd below;

What's you need to know the dmgmt-vdom  has support for configurable interfaces.

This vdom is part of the  dedicate management;

http://docs-legacy.fortinet.com/fgt/handbook/cli52_html/index.html#page/FortiOS%205.2%20CLI/config_system.23.017.html

You can't  delete it per-se


Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

SSLVPN diag commands fortiOS

All Fortigates allows for you to monitor ssl vpn sessions,  and you have a simple means for showing what client has established and by what means.

Take the following cli cmd  .



This will list all sslvpn web session, changing the web to tunnel will list all tunnel sessions. Specifying neither will list both types.


Alternative, you can use the following diag command and grep the user of interest.









note: the  grep does not work with the execute command outputs

To destroy a session you must know the index ID and use the del commands




Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \

Vlan considerations NX-OS

In this post, I want to bring forward a few items that should be taken under consideration in  Nexus OS when it pertains to vlans an design vlan-id details.

In cisco IOS and NX-OS , you have certain  internal vlan usage. So the full range of  vlan-IDs 1 thru 4094 are NOT always available. Outside of the vlans that are hardcoded for specific functions  ( i.e vlan IDs ; 1 1002-1005, 4095, etc...) you have to take in considerations of these vlan-ids.

So in NX-OS you need to know the default reserved vlan id ranges. The cmd cli show system vlan  reserved will provide this detail.







 The config mode will allow you to adjust this range but keep in mind you still will have  128 reserved vlan-ids.






Next, cisco has always had a 32 character or less naming convention for vlan names.

In NX-OS we can use cmd   system vlan long-name to allow for names longer than 32 character but most show commands will still limited the displayed output to 32characters.

 







 



If you define a vlan name longer than 32 characters, the switch will complain if you try to no out the command.












Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 
        /  \