Clik here to view.
DHCPv6 Prefix Delegation
What is DHCPv6 Prefix Delegation? Coming from IPv4, you’re already familiar with DHCP (for IPv4) which hands out IPv4 addresses to clients. The same applies to (stateful) DHCPv6: it hands out IPv6...
View ArticleClik here to view.
DHCPv6 Prefix Delegation on Palo Alto’s NGFW
Finally! With PAN-OS 11.0 a long missing IPv6 feature was introduced: DHCPv6-PD aka prefix delegation. For the first time, we can now operate a PAN-OS firewall directly on the Internet (the...
View ArticleClik here to view.
Optimized NAT46 Config on a FortiGate
Johannes published a basic NAT46 configuration for a Fortigate firewall with FortiOS 7.0 some time ago. I run such a service (legacy IPv4 access to IPv6-only resources) since FortiOS 5.6, which means...
View ArticleClik here to view.
Palo’s Mgmt-Intf is not usable with IPv6 anymore
Wow, that was unexpected: With PAN-OS 11.1 the out-of-band management interface of Palo Alto Networks firewalls doesn’t accept an IPv6 default route pointing to one of its own data interfaces anymore....
View ArticleClik here to view.
Some more Mail Captures
Email is still the most common communication protocol on the Internet. And since I was missing some variants of the related protocols, IMAP, POP3, and SMTP in the Ultimate PCAP, I did some captures. ✅...
View ArticleClik here to view.
Dynamic DNS on a Palo
With PAN-OS 9.0 (quite some time ago), Palo Alto Networks has added Dynamic DNS for a firewall’s interfaces. That is: If your Internet-facing WAN interface gets a dynamic IP address via DHCP or PPPoE...
View ArticleClik here to view.
Misusing Palo’s Captive Portal as a Guest Wi-Fi Welcome Page
I was faced with an interesting customer requirement: An existing guest Wi-Fi should be prefaced with a welcome page for accepting the terms and conditions. Since there was already a Palo Alto Networks...
View ArticleClik here to view.
BGP Route Filtering with Palo’s Advanced Routing Engine (ARE)
With PAN-OS 10.2, Palo Alto Networks has introduced the “Advanced Routing Engine” (ARE) with its “Logical Routers” (LR) rather than the legacy “Virtual Routers” (VR). The Advanced Routing Engine...
View ArticleClik here to view.
PANW: Dynamic Routing between Logical Routers
How to route traffic between multiple logical routers aka Inter-LR Routing on a Palo Alto Networks Strata firewall? More precisely, inclusive route redistribution rather than a few static routes. –>...
View ArticleClik here to view.
iPad Ping: WLAN vs. LAN
Meine Kids spielen derzeit häufig Brawl Stars, ein Echtzeit Onlinespiel. Und sie schauen auch immer mal Videos dazu, bei denen ihnen jetzt der Floh ins Ohr gesetzt wurde, dass man ein iPad ja auch per...
View ArticleClik here to view.
Getting started with the APIs from Palo Alto Ntwks
You can talk to firewalls and Panorama from Palo Alto Networks in various ways. The well-known GUI (which I really love, by the way) and the CLI are quite common at first glance. Nearly everyone using...
View ArticleClik here to view.
Joining an Active Directory: A Packet Capture
What happens on the network if you’re joining a Microsoft Active Directory domain? Which protocols are used? As I suspected, it’s a bit more complex than just seeing a single known protocol like HTTPS....
View ArticleClik here to view.
It’s Always DNS – Poster
We all know the DNS, right? But when we need to troubleshoot it, it’s getting much more complicated than initially thought. DNS ≠ DNS ≠ DNS. And unfortunately: It’s Always DNS. To get a better...
View Article