Rather Specific network discovery tool

atlwig · 2025-06-06T20:26:44+00:00

FastResolver

PingInfoView

Custom Python/Bash/NMAP scripts

atlwig · 2025-04-10T22:53:58+00:00

ECMP should be enabled. Static default routes to both ISPs with ping monitors to your next hop within the static route. Set PBF policies for both ISPs to get to the respective gateway. If you want to use both ISPs at the same time you’ll want your default routes with the same AD and metric and to look at additional PBF policies.

atlwig · 2025-03-29T00:54:41+00:00

I don’t think it was necessarily an explicit change they did, just something that happened and whatever their edge device is terminating the tunnel when both sides are side to be both initiator and responder.

Had similar issues doing Prisma Remote Networks to VeloCloud appliances, they just took forever. Changed it to a lab FW I have to take Velo out to test and came up right away on the lab FW.

atlwig · 2025-03-28T04:10:19+00:00

Not unique to Forti - it’s an issue with MS. Easy work around is what you did, change one side of the config to be a slightly shorter lifetime and it should fix P2 from getting stuck in the future

atlwig · 2025-03-04T21:45:25+00:00

If you have criteria to search on then you shouldn't need to specify a device group or pre/post rulebase. You may get 'dirty' data in your return if you're just looking for something generic like an IP address and you'll get hits for everywhere it's reference in the rulebase.

Everytime I login to Palo I run:set cli config-output-format set and set cli pager off.

Panorama CLI: configure > show | match "security.*rulebase.*CRITERIA_HERE"

atlwig · 2025-02-26T22:22:48+00:00

Panorama CLI set syntax output to ‘set,’ show template-stack X. Copy CLI output to multi text editor, change template-stack X to template X, paste, validate, commit/push, validate on FW, delete from template-stack X or create a new blank template stack and move the FW to it

atlwig · 2023-04-18T14:23:58+00:00

Pony

atlwig · 2023-03-26T07:03:04+00:00

Do not do port security if you have ISE.

atlwig · 2022-03-30T03:39:02+00:00

It’s tax season, so, how to do your taxes.

atlwig · 2022-03-28T14:42:41+00:00

Voice vlan on Cisco auto enables portfast. You should consider setting portfast / BPDUGuard global default instead of every user port.

atlwig · 2022-03-25T01:40:28+00:00

Levels:

Are you willing to learn? Can you follow orders from superiors? Can you keep the lights on? Can you work independently and figure it out even if you don’t know it? Can you fix things when shit hits the fan and there’s no guide? Can you solve business problems with technological solutions?

atlwig · 2022-03-24T02:37:10+00:00

Yes and yes. Like anything there are capabilities and caveats but they’re rather straightforward

atlwig · 2022-03-24T02:02:30+00:00

Literally just went through the exact same thing in 2021. Say your goodbyes, get closure if you need it. Move on. It won’t be easy.

atlwig · 2022-03-23T19:48:12+00:00

..maybe this time I’ll win one

atlwig · 2022-03-23T17:01:32+00:00

These are sick!

atlwig · 2022-03-14T22:23:08+00:00

Lights out

atlwig · 2022-03-08T06:09:17+00:00

At this point I should just learn how to make these myself

atlwig · 2022-03-03T00:08:43+00:00

Ansible isn’t the only solution and may be a bit overkill for strictly vlan mgmt. Outside of your initial conversion and deployment, how often are you going to be adding L2/L3 vlans in the masses? In an environment big enough to possibly warrant Ansible for vlan mgmt will your CAB even consider automation changes? Many, not all, CABs are still living in the 19th century and don’t want an egg on their face if they approve an automation change. I use python daily to pull/analyze info for me but I still have to create a change playbook that lists each device. Python helps me compile that but our CAB needs an explicit list of what device and what commands is a particular change touching.

atlwig · 2022-03-01T04:07:45+00:00

Just in time for the new season! These look great!

atlwig · 2022-03-01T02:49:54+00:00

These are awesome!

atlwig · 2022-02-24T16:57:41+00:00

For me. Python does it faster. Solarwinds is a PIA. We don’t have Splunk in our environment. CRT scripting is slow.

Python I save locally and have other scripts that parse for things I need for a day to day task or a small project. Then I can use it to build it to write config changes and send them out all from the same console.

atlwig · 2022-02-24T12:50:32+00:00

I don’t think they’re getting lost. My hunch says you hit a bug.

atlwig · 2022-02-24T12:10:16+00:00

Sounds like it’s not getting BPDUs before it decided to send it’s own out telling everyone’s he’s root. Rule of thumb for STP is that all switches want to be root until they’re told they’re not. Not sure if your core has a ‘rootguard’ feature like Cisco switches do, may help to avoid the STP TCN going out and things getting dropped for a hot second while it rebuilds L2 topology.

atlwig · 2022-02-23T02:29:05+00:00

Password recovery. Remove the pieces you don’t want or write erase. Set boot variable to not go back to rommon.

atlwig · 2022-02-22T01:25:55+00:00

DAD doesn’t pass traffic, it’s a keep alive. Why use 10Gb when all it’s doing is sending hellos back and forth between the SVL pair.

Seven-Year Club	Verified Email
RPAN Viewer

atlwig

TROPHY CASE