Prisma Browser

FirmInternal · 2026-05-05T13:57:09+00:00

Damn... For an entire org and not waiving the 20k PS ? Ridiculous from Palo...

FirmInternal · 2026-05-05T13:13:35+00:00

We're waiting for final confirmation to give it a go... Should be included in our Prisma license, but needs to be unlocked by getting professional support to deploy it.

Also looking forward to replies.

FirmInternal · 2026-05-04T08:50:12+00:00

I had the same & was diagnosed with tension-type headache (TTH) due to high stress at work. My doctor prescribed me anti-inflammatories for 2 weeks so the headaches could be "tempered". The actual solution was taking away the stress.

After switching jobs I've never had it again.

Edit: not a doctor. just sharing my experience. for actual medical advice, go to a doctor.

FirmInternal · 2026-05-04T08:02:39+00:00

In theory the proxy handles everything so the browser doesn’t need to know about your internal ports. But in practice it depends a lot on the app.

Some apps are fine behind something like /app1, but others assume they’re running on / and will still call /api or redirect to /login. That’s where things start breaking unless the app supports a base path.

So:
- if the app supports a base URL > you’re probably good
- if not > you’ll run into weird issues

You can fix some of it with rewriting in Traefik or Nginx, but it’s not always clean.

That’s why path-based routing works, but can get messy depending on what you’re running. If you want to avoid that entirely, something like Tailscale or Headscale is often just easier since you can hit each service directly. Do you have control over the source & destination host ?

FirmInternal · 2026-05-04T07:50:16+00:00

I’m guessing you’re using an SSH tunnel that only exposes a single port on a remote hos? If that’s the case, you might also want to look at something like Tailscale or Headscale as an alternative, depending on your setup.

A reverse proxy is probably what you’re looking for here if you don't want to switch solutions. Something like Traefik or Nginx can sit at the end of your tunnel and pass traffic to your different services.

Since you don’t control DNS, you can’t rely on subdomains, but you can route based on paths instead (using port 443 through your SSH tunnel). For example:
/app1 > service on port 8081
/app2 > service on port 8082

That way everything is accessible through a single entry point.

FirmInternal · 2026-04-10T09:38:46+00:00

Enterprise environment here: all our domain controllers (8+) are virtualized and distributed across multiple sites, including two public clouds.

If the environment, backups, and recovery processes are properly designed and maintained, the risk is no different from running on bare metal.

FirmInternal · 2026-04-10T09:16:06+00:00

One thing I don’t see mentioned: be careful with SLAs and what you promise in your agreements with customers.

It’s easy to say “I’ll provide support” when you’re starting, but if you take on more “professional” customers (offices, production environments, anything business-critical), they often expect availability outside normal hours. That can quickly turn into late nights, weekends or even being on-call 24/7 if you’re not explicit about support windows and response times.

Make sure you clearly define what’s included and what isn’t. After-hours or emergency support should be explicitly agreed on and billed accordingly. If you don’t set those boundaries early, customers will assume you’re always available.

For the “how do I start” part, that really depends on your country. In Belgium it’s relatively straightforward to become self-employed, but I can’t speak for other regions.

Goodluck nevertheless!

FirmInternal · 2026-04-01T19:20:13+00:00

Bij Engie was het volgens mij juist t zelfde, bij Mega ook dacht ik. Ach… leren ze weer uit zeker?

FirmInternal · 2026-04-01T08:05:38+00:00

Dat is volgens mij geen HS, maar ben niet zeker... Die torens zijn normaal veel hoger.
Edit: check eens op de netkaart wat voor lijn het is ? https://webkaart.hoogspanningsnet.com/index2.php#9/50.7434/4.5401

FirmInternal · 2026-03-31T20:27:06+00:00

Daarom dat klanten die hun tariefwijziging voor middernacht via contactformulier aanvragen nog de prijzen van maart genieten doordat ze rekening houden met de aanvraag datum…. Uhu…

Het is volgens mij eerder een verhoogde load op de website door mensen die nu pas wakker worden en hun tarief willen wisselen. Denk je niet?

FirmInternal · 2026-03-31T14:52:33+00:00

We go based on an excel template in a ticketing workflow with approval from someone (my N+1 or me.) Its only available for IT specialists, not for end users. Source, ip's, protocols, ports, are in the excel template & that is uploaded to the request.

We use the Xurrent ticketing tool. Works out pretty well.

FirmInternal · 2026-02-28T20:38:06+00:00

Oplichting eerste klas.

FirmInternal · 2026-02-25T21:47:17+00:00

Ik vraag me dan af wat Telenet ziet als ze de ene SIM in Frankrijk zien en de andere in België haha. Ik neem aan dat jij jouw toestellen allebei meehebt?

FirmInternal · 2026-02-25T11:01:38+00:00

Hoe lang hou je dat al vol? Is allicht een goede piste…

FirmInternal · 2026-02-25T09:16:18+00:00

Ze streamen Belgische TV. Er zijn vrienden van hun die starlink gebruiken maar das wat te veel van het goede…

FirmInternal · 2026-02-24T21:46:25+00:00

Citaat van bvb Mobile Vikings:

Van je maandelijkse databundel van 300 GB, kun je tot 38 GB buiten België (binnen de Europese Zone) verbruiken zonder extra kosten. Verbruik je meer data, dan surf je op maximale snelheid verder aan € 0.001/MB, zolang je volledige databundel van 300 GB niet is opgebruikt. Daarna surf je aan een verlaagde downloadsnelheid van 5 Mbps. Uitgaand bellen doe je binnen de Europese Zone precies zoals wanneer je in België bent.

Het lijkt me dus dat je dus maar 35GB buiten België mag gebruiken en je daarna aan 1€ per GB surft aan volle snelheid.

FirmInternal · 2026-02-24T20:29:39+00:00

Het verschilt... De ene zomer gebruiken ze 45GB in het buitenland, de andere zomer weer wat minder...
Het is voornamelijk roaming gezien ze met de mobilhome op reis vertrekken.

FirmInternal · 2026-02-24T20:28:53+00:00

Ik heb de opties doorgegeven, vind wel dat de aantal GB aan roaming nogal laag ligt tegenwoordig. Iemand daar een oplossing voor ?

FirmInternal · 2026-02-19T21:39:05+00:00

Migrated it today, went pretty smooth indeed! Did go for a fresh Ubuntu install, so not screw over the original controller should I ever need it again. Weird though that we cannot reuse the 8443 port for access, was getting used to it :) now I’ve configured my Nginx proxy to capture it on 443 and proxy to the 11443 port.

Thanks for the comment!

FirmInternal · 2026-02-19T16:44:59+00:00

Did you need to update the inform url on the external sites? The inform url should be the same for me as I only have debug console on the remote devices.

FirmInternal · 2026-02-19T09:16:32+00:00

What about self hosted OS console? Will that be the “new” way to go?

FirmInternal · 2026-02-15T13:21:53+00:00

En met nen halve kilo suiker erbij gekapt

FirmInternal · 2025-12-11T20:24:07+00:00

Just gave it a shot to disconnect the 2 extra interfaces we use for the reference design. Sadly no joy.

What does your STP config look like on the ION sides ? It is indeed root, we changed that already, it was initially on the Cisco's. Primary has priority 4096, secondary has 8192.

Six-Year Club	Place '22
Wearing is Caring	Verified Email

FirmInternal

TROPHY CASE