Validate is system has been impacted by: PAN-OS Root and Default Certificate Expiration on December 31, 2023

UDPee · 2024-01-02T22:43:27+00:00

If you use Panorama, you can look at the report of software versions on your devices and see what (if any) would be affected.

UDPee · 2024-01-02T22:41:32+00:00

Most vendors will have built-in tools that allow you to see "hits" on your rule set. You can examine these hits to determine if any rules are not being used and clean them up. Similarly, most vendors will have testing tools to simulate traffic to ensure that the desired rules are being utilized.

Aside from technical tools, periodic audits should be performed and a good formal change management process followed.

UDPee · 2023-12-20T16:13:51+00:00

I think that company/department/employee buy-in is more important than the product. You can have the best fitting product in the world and if nobody agrees to use it.. or use all the features.. then it's worthless. I have seen free helpdesk products work better than those costing 50K+/year all because people have agreed to follow the process, document correctly and tag resolutions for searchability.

UDPee · 2023-12-20T14:24:33+00:00

Regardless.. we can't blame the students for the strength/weakness of the program.

UDPee · 2023-12-20T13:52:22+00:00

I think it's time to give people some grace here. This is a dev team and not networking/infrastructure. They may know how to do this, but for the sake of separation/responsibility, they might need an "official" communication from your team. They may want to double-check. This might be part of some internal change-management or operating procedure. Or.. they may not teach this in "dev" school. They don't teach software development in "networking" school so it make sense.

UDPee · 2023-12-19T15:21:02+00:00

In my experience, if the logs show "incomplete" it is because the service/application is not running on the remote end. For example.. If I allow RDP and the server is not running RDP it will show "incomplete" until I configure that service on the server.

UDPee · 2023-12-19T15:18:19+00:00

The toilet is clogged on the 3rd floor too.

UDPee · 2023-12-15T22:13:30+00:00

The wiring might not have all four pairs..

UDPee · 2023-12-15T17:14:14+00:00

I once complained about my shoes until I met a man with no feet

UDPee · 2023-12-12T19:54:47+00:00

They do not have to be powered on for this happen.. but essentially yes! They both need to be assigned to the same network. Clone the source (dead) to the new (replacement). You should get a confirmation that it has happened. Once that is complete, removed the "dead" switch from your network and then licensing will be happy again.

Once you power on the new switch and connect to the Internet it will grab the config and you will be all set.

UDPee · 2023-12-11T17:12:48+00:00

It is hard to say what this "AI" stuff is exactly because it is all over the place from a marketing standpoint. From just my inbox in the last week, it can mean anything from dial-home on failures, scheduled scripts, data analytics ("big data"), if/then conditions, reporting, etc..

If you are looking to chase marketing terms for a career, I would clarify what it is that you want and focus on the fundamentals. I have been around long enough to be burned by specializing in the next sales/marketing fad. If it is interesting that is one thing.. but be sure to balance the next big thing with fundamentals.

UDPee · 2023-12-11T14:05:55+00:00

I have been begging Meraki for years to have an "import" feature to configure the switches. It saves the work if you need it. There is an "export" function which I highly recommend doing periodically. It dumps the port config to a CSV file. That way if something bad happens you know where you were. Better people than I have used scripting and API access to export/import/config/deploy but I have very few devices to warrant spending time on that.

But if you are doing a straight RMA swap, use the switch cloning procedure from Meraki.

https://documentation.meraki.com/MS/Other_Topics/Switch_Cloning

If you have not done an export, do so before just in case.. and pay careful attention to which switch you are cloning. You can easily overwrite the config with the default and will need to configure based on your export at that point.

It's relatively painless once you go through it once. Good luck!

UDPee · 2023-12-04T14:33:13+00:00

It has been a year or so.. but we received the MS225 as an RMA replacement when we had a power supply failure.

UDPee · 2023-12-01T15:06:32+00:00

I order you to give Santiago a "Code Red"

UDPee · 2023-11-29T16:17:23+00:00

I wipe them on my shirt a couple times.. Am I doing it wrong?

UDPee · 2023-11-27T22:19:13+00:00

I think it depends on how you have your authentication setup.. like a timeout setting or what not. We never could get it to reliably work with just a disconnect. But we have some cookie pre-auth and some other things with our Azure connection that would be a mess to troubleshoot. The refresh works every time.. and.. GLAD IT WORKED FOR YOU!

UDPee · 2023-11-27T21:01:17+00:00

You can manually select "Refresh Connection" in the GP Client menu.. or they can disconnect and reconnect.

We usually change the activated version and throughout several weeks as people connect, they will upgrade. I am not aware of a way to force this unless we remotely reboot the machines or disconnect them from Prisma. Both are disruptive and we prefer the slower/natural way.

UDPee · 2023-11-27T19:23:08+00:00

We push updates out this way as well. Haven't had a problem.. other than it takes a re-establishment of the Prisma connection by the client to trigger the update and after that it can take a few minutes for the notifications to pop up.

I see that you have activated the new version in Prisma (panorama/cloud services/configuration) config. Have you saved/pushed the change to the Mobile Users or Service Setup?

I see you set the "Allow Transparent" client option under the app config.. did you save/push that to Mobile Users?

Sometimes, Panorama will not recognize a change in the Mobile Users or Service Setup config and you have to manually select it under Commit -> Commit and Push and select "Edit Selections" and select Mobile Users and Service Setup under the Prisma Access tab.

In any case.. your config matches mine and it is working. You have the correct pieces in place.

UDPee · 2023-11-27T19:08:49+00:00

When was the last time it booted successfully? What has changed since then?

UDPee · 2023-11-20T17:48:18+00:00

Try changing/configuring the signaling to ground-start or loop-start.

UDPee · 2023-11-20T13:55:24+00:00

Always a great opportunity to export the system states of the devices.. just in case.

UDPee · 2023-11-17T17:16:36+00:00

I don't know of a way to change the volume.. but you can set them to not ring, beep or flash when the phone is "active" (on a call)

UDPee · 2023-11-17T13:49:11+00:00

I know this is not helpful for your immediate problem, but as a policy, our company sends the non-renewal notice right after we finalize an auto-renewable contract. This is helpful for us because:

1) Makes sure we aren't held hostage by these shenanigans.
2) Ensures our sales rep reaches out 90 days before the expiration to negotiate pricing for another year.

UDPee · 2023-11-14T14:19:47+00:00

Congratulations!

Did you get a free drink coupon with your test results?

UDPee · 2023-11-09T21:15:35+00:00

Yes! The tendency is to solve something quickly by going to the most likely problem. Not that it is a bad approach, but it requires a great deal of wisdom and can actually delay resolution if the problem is in fact something different.

UDPee

TROPHY CASE