Since I’m still a big fan of the Palo Alto firewall family, there are some things, which really feel strangely disturbing. Nothing functional, otherwise I won”t be as convinced but in terms of administration. The most advanced network security device is better managed by webinterface – something every network guru feels goosebumps in his neck.
The worse it is, if the webinterface hangs and you need to use the unfamiliar command line interface. Whereas many vendors simply follow SNMP logic and somehow end up with something similar to the industry standard context setup, PanOs CLI feels strangely different.
Here are your survival commands to make login on the web interface work again:
Have you rebooted the System? request restart system
Did you restart the management service? debug software restart process management-server
Did you check the file system and free space? show system disk-space
In case you need to delete crash dumps or free space anyway: delete debug-log mp-log file *
And finally if the system still does not respond due to hanging commits: commit force
This list is far from being complete, but after experiencing one software version which filled up the root file system after failed content updates and locking out the admins from the web interface, combinations of these commands helped to make the firewall accessible again.
To be fair, this was a one time error in three years running twelve of these boxes, nevertheless it felt quite uncomfortable.
Als ein Mensch der seit Jahren oft, zuweilen viel und mit einer fairen Menge an elektrischen Kleinteilen unterwegs ist bin ich seit gefühlt zwanzig Jahren auf der Suche nach dem idealen Reisebegleiter, der zum einen meine elektronischen Helferlein artgerecht beherbergt, meine Unterlagen und Reise Dokumente im Flughafengerechten Schnellzugriff und am besten auch noch die Dinge des persönlichen Bedarfs für drei bis vier Tage wie Kleidung oder Hygieneartikel.
Vor einiger Zeit auf dem Weg zum Arbeit ist mir mal wieder ein Bürgerbus aufgefallen. Grundsätzlich ein Indiz mitbürgerlichen Engagements, also gesellschaftlich und ehrenamtlich eine großartige Errungenschaft getragen von sozialen Mitmenschen und unterstützt von den Gemeinden, letztenendes der “kleinen” öffentlichen Hand und dem lokalen Stuerzahler.
So weit so positiv.
Denkt man nur einen Moment drüber nach, geht einem einmal mehr das sprichwörtliche Messer im Sack auf … Continue reading →
Neuzugang im Hunsrücker Livemusik Angebot: Pocket Rock!
Das Debüt gab es dann am 28.10.2017 nach wohl nicht ganz so kurzer Findungsphase auf der Kirmes in Mengerschied. Alles in allem ist das Team kein unbeschriebenes Blatt in der hiesigen Live Musik Szene. Jedoch getragen …. Continue reading →
Some times you may need perhaps more than one network at home connected to your Synology NAS. You are a geek and want to do srange VMWare things or you simply want your kids friends not to find the private family pictures.
Accessrights are one thing, hard network separation probably something entirely different. Even id you don’t want to separate traffic but want to support storage in different subnets probably you don’t want your homeuse- router do handle storage traffic. At least it is very smart to avoid that.
Conceptional this may be solved by interface overloading on the network interface of the storage device. You may have different network cards, to separatre traffic, but why would Continue reading →
Every serious consultant and technichian walks through this phase of having his private test environment and wants to bring whatever environment to live. In the former days this was occasionally heavy iron, piling up to some extend and everybody had somehow to handle the hardware.
Today virtualisation and the meltdown in memory pricing helps. Entire companies may be simulated virtually in little more than an PC. What doesn’t change is communications and given the fact that nice replication or virtulisation technologies sometimes shall work over a far stretched wide area connection. So the today home lab looks first compressed in a Continue reading →
Last weekend, bether from thursday to saturday, my employer held his 25th anniversary. now you may consider myself as an overachiver, blogging on my private website about that. But the enourmous feeback we got and the two remarkable key notes I heared, made me reconsider this, and I want to share some of these impressions.
Besides the keynotes of course there had been speeches and buffets and polititians speaking … you name it. On the other hand we partnered with some of our suppliers to give some state of the art impression on robotics, such as Festo with the Butterflies or Schunk with the bionic hand.
Approaching a certain quality level of switching and routing, high availability evolves to be an obligation. In these terms, according to the different OSI service layers, there are many high availability protocols, securing the according network services. The Spanning Tree family as STP, RSTP, MSTP, PVST, protocols for link aggregation as LACP and layer three routing redundancy services like VRRP.
These protocols have the advantage, being vendor independent standards and presume to be interoperable. But either design gets complex, interoperability keeps its caveats or ressources are simply disabled and take over in failiure. Thats not exactly performance driving.
So vendors created stacks – which failed otherwise, or they started to create systems of higher complexity which proprietary created load sharing high availability clusters in the Continue reading →