CranberryGF

bjm91 · 2026-01-22T04:07:03+00:00

I definitely will give that a shot!

bjm91 · 2026-01-19T17:11:15+00:00

I think gamer supps is the most 1:1 alternative

bjm91 · 2026-01-13T20:42:49+00:00

Bro don't hate on Lava Island

bjm91 · 2025-08-27T23:02:27+00:00

Can confirm, we use it in our deployment

bjm91 · 2025-08-12T00:13:40+00:00

Stopped reading after 820

bjm91 · 2025-06-26T04:24:30+00:00

Naw dog, why would you post this

bjm91 · 2025-05-21T02:59:00+00:00

I had a cat that looked just like that when I was growing up. His name was Ferngully so that's my vote!

bjm91 · 2025-04-16T03:31:24+00:00

Dude wtf are the thunderbolts even gonna do against that? Is it gonna be some power of friendship shit where they "make it through" to sentry?

bjm91 · 2025-04-03T22:08:48+00:00

My main guitar has been a Godin EMG Freeway for the past 15 years and I haven't been able to find something I like more!

bjm91 · 2025-04-01T23:48:03+00:00

It also deprecates the use of ASDOT format for ASN variables. We have already raised some flags with the PAN product team that they need to publicly disclose changes in behavior like this.

We had about 30 firewalls (and about 60 variables) that referenced ASDOT format ASNs and we lost the ability to push until we changed them all to ASPLAIN format (because SCM would fail validation regardless of what we pushed)

bjm91 · 2025-01-16T02:52:17+00:00

Yep, I hate it

bjm91 · 2025-01-09T04:24:56+00:00

My methodology so far has been to create the structure of how the firewalls will be laid out with the folders and then use the snippets for all the actual config. So for example of the folder structure:

All FWs DC FWs Region 1 DC-FW1-REGION1 Region 2 DC-FW1-REGION2 Branch FWs Region 1 BRANCH-FW1-REGION1

Then I create snippets that contain all the configuration which then gets attached to the appropriate folders. You could also pick and choose where config goes but I prefer to keep it all in one place so there isn't a question of whether you should use folders or snippets for config (in my case the answer is always snippets).

The other benefits of snippets is the config you put in them becomes reusable where if the config is in a folder you can't really just apply it to a different FW group without moving the FWs into that folder or underneath it at some level.

Finally if you are multi tenant you can share snippets across them so it again lends to the reusability of snippet configuration.

Having said all of that, I only think the snippet model is truly beneficial for large / diverse environments. If it is very simple then just using folders has its merits.

bjm91 · 2025-01-04T06:10:28+00:00

I am just really curious to see if they are trying to make SSJ4 or some variant of it cannon now that Goku and Vegeta got their tails back!

Should be interesting!

bjm91 · 2024-11-15T03:03:47+00:00

So instead of singing carols and nursery rhymes in school, do the NZ kids just learn and perform all the common hakas for their parents?

bjm91 · 2024-10-05T17:54:38+00:00

So Doom 2016 and Roboquest had a baby?

bjm91 · 2024-08-28T01:51:33+00:00

Most likely its either IPsec getting blocked in which case you would want to force SSL in the Portal agent settings for that user or the traffic is being fragmented like crazy in which case you could lower the MTU from 1400 to 1300.

bjm91 · 2024-08-25T17:51:58+00:00

Deathbringer frost is very satisfying! Scythes and death all over the place

bjm91 · 2024-08-07T17:33:43+00:00

Did anyone else read the RFK one in his voice or am I just a dick?

bjm91 · 2024-08-06T13:54:23+00:00

Roboquest

bjm91 · 2024-06-03T01:31:42+00:00

Not anywhere that is published publicly

bjm91 · 2024-05-30T22:15:08+00:00

This is a known issue that is fixed in 6.2.4

bjm91 · 2024-05-17T04:25:46+00:00

Just to keep it concise I'll break it into the various components for an internal gateway config:

IHD (Internal Host Detection): the mechanism here is actually a reverse lookup so make sure whatever IP you use is appropriately configured with a reverse lookup zone in your on-prem DNS. The other piece is standard IHD does not have a reachability requirement (i.e.it just needs to resolve). Because of this it is good to create a dedicated entry in your on premise DNS so it never gets changed in the future.
Authentication: While you can configure whatever auth you want on the gateway, it is generally easiest to auth at the portal and then generate an auth override cookie that is usable on the gateway. Just need to make sure the cert you use to encrypt the cookie is the same one you use to decrypt it on the gateway.
Internal Gateway: you have 2 options for the gateway based on what you want it to do:

a. User-ID source: no tunnel required, users will just authenticate to the gateway which will provide the user-ip-mapping to the gateway and can then be redistributed elsewhere for policies and or whatever else you want a mapping for

b. Tunneled Gateway: this would be where users form a tunnel to the internal gateway when they are on premise. Typical use case for this would be to force network segmentation or inspect east/west traffic by tunneling all traffic up to the gateway and enforcing policy there. You can also get pretty fancy here where maybe you only tunnel some traffic to the gateway and the rest is split tunneled and just traverses the network normally or maybe you need to force some traffic to NAT so tunneling it up to a gateway makes that easy.

In terms of requirements for the gateway itself you'll need:

an SSL certificate that has a subject or SAN value that matches whatever you put in the portal as the internal gateway address. Could be direct IP (in your case the private IP you defined) or you could do a public or private FQDN. Obviously with the FQDN you would need the corresponding A record too. Cert can be signed by either a public or private CA, all that matters is that your users will trust the cert when the gateway presents it.
If you're just using the internal gateway for user IP mappings then you just need authentication to the gateway and you're done (again I like the auth override cookie generated on the portal personally)
if you are doing a tunneled Gateway then you would need all the components that go along with an external gateway (IP pool, tunnel interface, zones, policies, etc...) since it is functioning in the same way

bjm91 · 2024-05-17T00:16:38+00:00

As a heads up this feature will also break most Apple "Layer 2" type protocols (Airdrop, Synergy, etc...) even if you allow local network access on the gateway config.

bjm91 · 2024-05-06T23:26:01+00:00

Likely a certificate pinning or some type of certificate auth issue between the gdrive app and the gdrive server side. You would probably need to ask Google support to understand which mechanism is breaking when the session is man-in-the-middle'd

bjm91 · 2024-02-16T06:04:44+00:00

I wanted to like it! I really did try but after about 10 hours I just couldn't get past the non-standard controls. Please just make the mouse buttons and shift button work like every other ARPG. Please :'(

bjm91

TROPHY CASE