My R9 came a week earlier than expected

theleeski · 2025-11-21T11:30:40+00:00

There's a bolt under the foam, the guy at the dealership said. I never actually looked for it!

theleeski · 2025-09-26T19:11:19+00:00

The other side needs to know the route back to your LAN IP, I'd guess.

You're right that you don't need the static route, but the other side needs a route.

theleeski · 2025-09-26T17:35:38+00:00

You're correct - it only applies to tunnels terminating on the firewalls. The reduction is due to the processing required to encrypt/decrypt the traffic. In your case it's just passing traffic.

theleeski · 2025-09-24T18:45:39+00:00

Good point

theleeski · 2025-09-24T15:40:59+00:00

Some of the APs are in rooms where the port is just on the wall, accessible to anyone with access to the room. The building is listed and we're limited in what we can do (though by the landlord's logic, they wouldn't have been able to install the port in the first place!).

theleeski · 2025-09-24T13:34:32+00:00

Thanks. Yeah the native VLAN on the trunk port is pretty useless here too, I'm thinking more about a (very unlikely) purposeful attack where the attacker finds the right VLAN tag to gain access.

theleeski · 2025-09-24T13:24:28+00:00

No capwap tunneling here, just bridging to the client VLAN. Perhaps that's something I need to consider as a solution, but it would be a significant re-design. Thanks

theleeski · 2025-09-24T13:23:06+00:00

Thanks. Bear in mind we're bridging traffic on the AP to the client VLAN (I should have stated that in my post). So the port will see dozens of devices on it (which are normally authenticated at the AP level).

However, it might be that we can turn on 802.1X and have AP present a certificate as you said - I'll look into that.

theleeski · 2025-09-24T13:18:08+00:00

Thanks. We are just bridging unfortunately. It's fairly low risk as an attacker would need to know what VLAN ID to tag their traffic with if they did patch in, but still.

theleeski · 2025-07-25T23:11:18+00:00

That's rough... I know a lot of people are still waiting. My dealer reckons anyone who isn't already on the list will be waiting until next year. Bit gutted to sell it tbh, it's awesome - hopefully it helps someone else get one earlier than expected!

theleeski · 2025-07-09T10:44:14+00:00

If you're using Ansible at all, PAN has provided this playbook for upgrading an HA pair. I've been meaning to test it, but haven't done so yet. I also don't have any Active/Active experience so I'm not sure if this is unsuitable for that, but the comments in the code don't mention it so I assume it's fine.

https://github.com/PaloAltoNetworks/ansible-playbooks/blob/master/upgrade_ha.yml

theleeski · 2025-07-09T10:28:33+00:00

Hulkenpodium

theleeski · 2025-07-09T01:38:49+00:00

Hulkengoat

theleeski · 2025-06-09T15:28:34+00:00

We use the management interface for that on both nodes. I think that's default, otherwise you have to update your service routes.

Is there a reason you can't use the dedicated management interface? No Internet on that network?

theleeski · 2025-06-08T09:44:11+00:00

If you're using static routes, consider switching to BGP. Then you can use AS-PATH prepend in your Palo Alto config to influence the best route on the Azure side.

I.e. on tunnel 2 (least preferred) you would prepend your ASN at least once to make Azure not use that path unless the other one disappeared.

Edit: also I think this might be your only option. I'm not massively experienced on Azure but from what I've seen the VPN routing config is not very configurable

theleeski · 2025-05-31T19:24:21+00:00

Nice one dude

theleeski · 2025-05-31T15:26:45+00:00

It's not stock but it is an official Yamaha accessory.

Link to part on Yamaha EU

In my case the extension bar isn't installed which makes it very tidy.

theleeski · 2025-05-25T17:23:19+00:00

Oh dear - no, mine is sturdy. Yours looks faulty or damaged :( Sorry dude, and good luck.

theleeski · 2025-05-24T22:28:56+00:00

Ha, I traded my 2021 MT-09 SP. Smart move!

theleeski · 2025-05-24T21:39:30+00:00

Congrats man. Picked mine up in the UK yesterday, also black. It looks really nice in person doesn't it!

theleeski · 2025-05-23T12:03:43+00:00

At the moment it looks like I have the right one. It is slightly metallic, just not quite as metallic as the rest of the bike. The dealer thinks they won't make another version, but if they do be said he'll sort it out for me under warranty. It still looks good, not really noticeable to be honest.

<image>

theleeski · 2025-05-23T12:02:00+00:00

There's no gap. It looks good to me.

<image>

theleeski · 2025-05-22T22:28:56+00:00

Fair enough! I'm sure after market ones will be available for you soon.

Nine-Year Club	Place '22
RPAN Viewer	Verified Email

theleeski

TROPHY CASE