Clik here to view.
DHCPv6 Prefix Delegation
What is DHCPv6 Prefix Delegation? Coming from IPv4, you’re already familiar with DHCP (for IPv4) which hands out IPv4 addresses to clients. The same applies to (stateful) DHCPv6: it hands out IPv6...
View ArticleClik here to view.
DHCPv6 Prefix Delegation on Palo Alto’s NGFW
Finally! With PAN-OS 11.0 a long missing IPv6 feature was introduced: DHCPv6-PD aka prefix delegation. For the first time, we can now operate a PAN-OS firewall directly on the Internet (the...
View ArticleClik here to view.
How to install Palo Alto’s PAN-OS on a FortiGate
It happens occasionally that a customer has to choose between a Palo and a Forti. While I would always favour the Palo for good reasons, I can understand that the Forti is chosen for cost savings, for...
View ArticleClik here to view.
Palo’s Mgmt-Intf is not usable with IPv6 anymore
Wow, that was unexpected: With PAN-OS 11.1 the out-of-band management interface of Palo Alto Networks firewalls doesn’t accept an IPv6 default route pointing to one of its own data interfaces anymore....
View ArticleClik here to view.
Akustikdämmung im Büro
Als Consultant im Homeoffice mache ich vor allem eins: Telefonieren und an Videokonferenzen teilnehmen, neudeutsch: Calls. Und es nervt mich total, wenn mein Gegenüber einen schlechten Ton hat. Also...
View ArticleClik here to view.
Some more Mail Captures
Email is still the most common communication protocol on the Internet. And since I was missing some variants of the related protocols, IMAP, POP3, and SMTP in the Ultimate PCAP, I did some captures. ✅...
View ArticleClik here to view.
Dynamic DNS on a Palo
With PAN-OS 9.0 (quite some time ago), Palo Alto Networks has added Dynamic DNS for a firewall’s interfaces. That is: If your Internet-facing WAN interface gets a dynamic IP address via DHCP or PPPoE...
View ArticleClik here to view.
Misusing Palo’s Captive Portal as a Guest Wi-Fi Welcome Page
I was faced with an interesting customer requirement: An existing guest Wi-Fi should be prefaced with a welcome page for accepting the terms and conditions. Since there was already a Palo Alto Networks...
View ArticleClik here to view.
BGP Route Filtering with Palo’s Advanced Routing Engine (ARE)
With PAN-OS 10.2, Palo Alto Networks has introduced the “Advanced Routing Engine” (ARE) with its “Logical Routers” (LR) rather than the legacy “Virtual Routers” (VR). The Advanced Routing Engine...
View ArticleClik here to view.
PANW: Dynamic Routing between Logical Routers
How to route traffic between multiple logical routers aka Inter-LR Routing on a Palo Alto Networks Strata firewall? More precisely, inclusive route redistribution rather than a few static routes. –>...
View ArticleClik here to view.
iPad Ping: WLAN vs. LAN
Meine Kids spielen derzeit häufig Brawl Stars, ein Echtzeit Onlinespiel. Und sie schauen auch immer mal Videos dazu, bei denen ihnen jetzt der Floh ins Ohr gesetzt wurde, dass man ein iPad ja auch per...
View ArticleClik here to view.
Getting started with the APIs from Palo Alto Ntwks
You can talk to firewalls and Panorama from Palo Alto Networks in various ways. The well-known GUI (which I really love, by the way) and the CLI are quite common at first glance. Nearly everyone using...
View ArticleClik here to view.
Joining an Active Directory: A Packet Capture
What happens on the network if you’re joining a Microsoft Active Directory domain? Which protocols are used? As I suspected, it’s a bit more complex than just seeing a single known protocol like HTTPS....
View ArticleClik here to view.
Laden an öffentlichen Säulen: Ein Trauerspiel!
Seit einem Monat fahre ich erstmalig ein E-Auto. Und ebenso positiv euphorisch bin ich an das Laden an öffentlichen Säulen herangegangen. Dazu gab es auch allen Grund: Überall sieht man solche...
View ArticleClik here to view.
Wallbox: Die Qual der Wahl
Die Aufgabenstellung war klar: Eine Wallbox fürs Eigenheim muss her, schließlich ist das Laden an öffentlichen Säulen ein Trauerspiel. Aber die Entscheidung, welche Wallbox es sein soll, war dann alles...
View Article