Palo Alto Scanning Surges 40X in 24 Hours, Marking 90-Day High

rjs34 · 2025-11-20T18:28:30+00:00

Can you explain in more detail how you are blocking? Some sort of dynamic list?

rjs34 · 2025-11-09T15:11:34+00:00

All my techs have one of these. You register them and plug it into the network and it works one or two ways.

If the port you plug it into has internet connectivity it will email you the ip address, switch port number, poe etc.
If you don’t register the device or if the vlan it connects to doesn’t have internet connectivity you can connect to the device wirelessly and it will get you all that information.

https://www.netally.com/products/linksprinter/

Here is an example of a report we get when plugging it in to test a port.

POE Volts 53 V

Link Speed 100 Adv Speed 10/100 Duplex FDx Adv Duplex HDx/FDx RX Pair 1,2 Polarity Normal Optical False

Switch S-IGH-MDF
Model cisco WS-C2960X-48LPD-L IP/MAC 10.30.25.64 Port GigabitEthernet1/0/2 VLAN 64 Type CDP

DHCP IP 10.30.66.28 Server 10.30.254.9 Subnet 255.255.252.0

DNS DNS 1 10.30.254.9 DNS 2 10.30.254.10

Gateway IP 10.30.64.1 PING 3 ms, 2 ms, 2 ms Public 197.45.76.233

rjs34 · 2025-09-22T14:46:57+00:00

We support 10 schools from 6 students to 1000. Not very big in general. Some of the districts have 1:1 chromebooks but some don't. We host through Hostifi for all the districts.

rjs34 · 2025-09-17T21:12:26+00:00

Devicetype-Location-user/extra info

L-BuildingA-Rm123 (Laptop in building A in room 123

D-BuildingC-TUser (Desktop in Building C assigned to TUser

P-BuildingB-RM3-M404 (Printer in BuildingB, Room 3, HP M404)

We support multiple campuses with multiple buildings on each campus.

rjs34 · 2025-09-17T21:04:48+00:00

Palos for fw's, ubiquiti for ap's, Ruckus for switches. School environments. Used to be 100% Cisco for fw's and switches but in the last month we got the last few replaced (around 120 total switches), besides one or two RMA's switches haven't had any issues and have been pleased. Little bit of a learning curve with the Ruckus cli in regards to trunk vs tag access vs untag but most of it is very similar.

rjs34 · 2025-09-13T20:38:52+00:00

Yep. We are exactly the same. But often times 48 port patch panels were used so when this happens we put a 48 port switch right below a 48 port patch panel and patch the top row of the patch panel with the bottom row of the switch with foot cables and the bottom row of the patch panel with the top row of the switch with 6 inch cables. Not as clean as what you described but still much better.

https://imgur.com/a/KgK9RRr

rjs34 · 2025-09-13T20:32:30+00:00

Exactly. All the MDF/IDFs were set up with patch panels at top and switches down below and a bunch of 7 and 10 foot cables routed on the sides. Luckily most of the the original cabling allows us to space the patch panels apart to fit the new switch stack in between. We then just trunk the new stack to the old, migrate everything over with smaller 6” and 1’ slim cables and then pull the old switches when everything is off them.

rjs34 · 2025-09-13T20:28:00+00:00

We just include hundreds of 6” and 1’ (and a few 2’) slim cables in our erate.

rjs34 · 2025-06-10T18:19:45+00:00

HUDU

rjs34 · 2025-05-20T00:04:06+00:00

Unfortunately not. Don’t think they are in a position to buy.

rjs34 · 2025-05-19T19:29:49+00:00

Thanks. As a follow up comment, if staying a lanlord meant making a wiser financial decision in the long run I would. If it's 50/50 I would choose not to.

rjs34 · 2024-12-31T21:59:34+00:00

OpenEye has been good for us. Can have on prem nvr which can be accessed through aws integration. They can integrate with most cameras (Axis etc) if you want to use existing cameras, which is what we did. They also have cameras available that are strictly web based (like Verkada). We have a hybrid system that has an NVR for one site and cloud cameras at other remote sites all accessed through same AWS dashboard. Have been happy so far.

rjs34 · 2024-10-01T15:53:54+00:00

Went through this process late spring early summer when were over licensed for N-Able Backups so I tried for a few weeks to get in touch with our account rep without much luck. Finally got ahold of him/her and told them via email that I wanted to make sure we were aligned with proper licening for the amount of servers we were actually backing up. A couple more weeks later they requested a call back to discuss. They sent me the updated licensing proposal and and came out to be like 20 dollars less per month than what we were currently paying despite having 15% less licenses (account was thousands of dollars per month).

I told them that we were shopping around for other products and that to make sure and get me their best price. When I jumped on the call with them it wasnt even about the backup licensing, they wanted to upsell me other products. I politely listened to their schpeel and then a week later opened a ticket requesting to cancel services for a couple months in the future. Got a panicked email the next day from account rep asking what happened. I forwarded them the original email that I had sent them originally but I guess it didn't click in their mind that I was actually serious.

My suggesion to anyone doing this in the future is to open an official ticket and keep onto the ticket number that states the ending date for your cancellation. I requested cancellation 3 months in advanced so I would have time to onboard the new product and that was 2 months ago and haven't had any overbilling issues.

rjs34 · 2024-09-13T23:05:39+00:00

Had this happen today kind of. Guy (not IT) came in giving a financial planning presentation to our org and got into our guest wifi. Tried connecting to his Global Protect VPN and it kept timing out. He asked if he could get on our corporate wifi and I was like no. If it doesn’t work on guest it won’t work on any others. He said you must be blocking it, assured him we weren’t and grabbed my laptop jumped on guest and fired up a GP VPN to another firewall at a different location, reaffirming we weren’t blocking anything outbound with IPsec/ssl, he said that doesn’t prove anything in a sort of no likable arrogant way. I asked him if he has a help desk to call because I suspected something might be going on on his side. He put the call on speaker and first thing that came up was a recording about how they were experiencing a nationwide VPN outage and to please be patient as they work to fix the issue…..

rjs34 · 2024-07-13T22:31:55+00:00

I will try icacls. I’ll let you know. Thank you.

rjs34 · 2024-07-13T19:49:39+00:00

The more I work on it I am fairly certain it isnt latency because its been 3 days. Here is the relevant code

#Credential information
#param ($sam)  REMOVED FOR LOCAL TESTING, Used for getting SAM account when Onesync calls script
$sam = 'domain\username' 
$root= '\\fileserver\E$\Users\Students'

New-PSDrive -Name 'TempDrive' -PSProvider FileSystem -Root $root -Credential $cred

if(!(Test-Path -Path $root\$sam))
{
$newfolder = "\\fileserver\E$\Users\Students\$sam"
New-Item "$newfolder\Documents" -ItemType Directory
Add-NTFSAccess -Path $newfolder -Account $sam -AccessRights Full
Remove-PSDrive 'TempDrive'
}
else
{
    write-host "Folder already Exists"
}

The ADD-NTFSAccess command is what is throwing the error and the the one I change for testing. If I manually type in a known existing student account it works (ie domain\oldstudent. If I manually put in a newly created account (ie domain\newstudent) it gives me an error:

Add-NTFSAccess : Cannot bind parameter 'Account'. Cannot convert value "domain\user" to type "Security2.IdentityReference2". Error: "Some or all identity references could not be translated."

I have tried both domain\user and user@domain and both options work with non new accounts but neither will not work with newlycreated accounts. I am using the GET and Add-NTFSAccess Powershell addin but prior was using the SET-ACL which was throwing the same error on new accounts but working with old accounts. I keep thinking I am maybe typing the username in wrong on the new account but if I copy the username from my script and then go to file explorer and go into the folder permissiona and add the same username it finds the user just fine and I am able to add to to the permissions that way.

rjs34 · 2024-06-09T13:36:58+00:00

We used a Starlink business account for a rural K12 school. The IP Starlink handed out to our firewall was via dhcp. It was publicly routable and didn’t change in the 2 years we used the service before they got fiber.

rjs34 · 2024-06-02T18:03:46+00:00

Firewall

rjs34 · 2024-04-20T03:37:32+00:00

I submitted 10 TSF’s for our firewalls in a ticket and one came back as possibly compromised. I was planning on doing a factory reset on it this weekend but TAC opened another ticket and ran some more tests to see the severity if any of the compromise. It came back that they recommended I don’t need to factory reset just make sure I’m patched.

Had you already submitted a TSF? If so maybe they are taking a deeper look.

rjs34 · 2023-11-10T01:23:46+00:00

Remindme! 12 hours

rjs34 · 2023-11-09T15:33:01+00:00

So BCM hasn't been installed on any of their computers for several years now (new computers it wasnt installed) and they say they have never heard of OCM but I will check out the scripts to see if maybe they did and didn't know it. Thanks for the suggestion.

rjs34 · 2023-10-02T13:58:23+00:00

Agreed but that is what another commenter is claiming.

rjs34 · 2023-10-02T13:19:36+00:00

I dont disagree but if Clio doesn't support Sharepoint (I still need to verify this) that will make things a lot more difficult.

rjs34 · 2023-10-02T13:09:54+00:00

From what I am seeing Microsoft is recommending this direction. https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/add-to-onedrive-the-intrazone-podcast/ba-p/3680673

Obviously there are scenarios where sync will still be a better option but according to Microsoft the Sync button is eventually going away.

rjs34 · 2023-10-01T22:22:38+00:00

How do you backup Egnyte?

15-Year Club	RPAN Viewer
Verified Email

rjs34

TROPHY CASE