paloalto Palo Alto FW can't download software with proper licensing applied We recently had a situation where firewall was complaining that it can't download software anymore with an error message An active license is required for this feature. Firewall was properly licensed and it was synced with the license server, but for some reason, it was still complaining about it.
Palo Alto FW IP-tagging IP-tag functionality on Palo Alto Firewalls allows administrators to apply custom labels or tags to IP addresses or ranges. These tags serve various purposes, such as simplifying policy creation and management by grouping similar IP addresses together under a single tag. Additionally, IP-tagging enables dynamic policy enforcement based on tags
paloalto Palo Alto SAML SSO with authentik Palo Alto network appliances natively support SAML and can leverage providing identity to a SAML Identity Provider. This can be very useful in multiple ways - granting access to admin GUI interface, authenticating users for GlobalProtect (remote access VPN) and Captive Portal user authentication are just some that come to
authentik How to configure Authentik IdP with docker compose In this post we will do an initial setup of Authentik IdP (Identity Provider), an excellent piece of software that provides user identification. On top of being an IdP, it also allows us to use it for SSO purposes, which we will utilise to grant access to our users to
paloalto Migrating Palo Alto Panorama from VMware/ESXi to Proxmox I recently started moving all of my VMs to Proxmox, and even though I already had one PA firewall running under Proxmox, I was not very keen on tackling the task of migrating Panorama. I have two Panorama nodes running in HA in mgmt-only mode, and in addition to those,
paloalto Palo Alto GP connection method 'On-demand' not working on some Windows clients I've noticed on some of the Windows (maybe this happens on macOS as well, but haven't tested it) that even though the App configurations setting for Connection Method was set to On-demand (Manual user initiated connection), it would still try to immediately connect to VPN when user logs into Windows.
letsencrypt Let'sEncrypt with Dynamic Updates to DNS - RFC2136 I've been using Cloudflare for a while now and I'm quite happy with their free plan. However, one thing that I'm missing there is the fact that you can't create subdomains - at least I don't think there is one. Since I have a subscription to Azure, I would simply
paloalto How to configure PA FW as NTP proxy There is a nice functionality on PA firewalls called DNS Proxy. It basically allows PA FW to act as an DNS proxy for hosts that will use its interface address for DNS queries. The way it works is that you configure it in the GUI by configuring primary and secondary
paloalto Palo Alto FW loopback interface routing Recently I started deploying loopbacks on all of my network devices that are somehow participating in routing and I hit a momentary roadblock when I realised that none of my loopbacks configured on firewalls are being advertised via iBGP. The reason for that is because all loopback interfaces are categorised
linux How to bind mouse keys to keyboard keys in Linux (Mint) Coming from macOS where I used swipes on my Magic Mouse, one of the things I missed when I started using Linux extensively, was the fact that I had to use either my keyboard or click on Workspaces in my panel to switch to another workspace. I'm using a simple
linux How to change space between icons in Cinnamon DE Grouped window list One thing that I really want to change is the space between icons in Cinnamon DE Grouped window list. This is basically the space between pinned icons that you set or if you're working with default install, it will only have a few of them there. This is actually defined
esxi Cloning VMs in ESXi - without a vCenter server Intro One of the issues you may encounter with ESXi is the fact that it doesn't offer an option to natively clone VMs. Of course, you can just copy necessary files and then just register the VM in ESXi, but that will still use file names that are in the
homelab Featured Starting a homelab - Part 05 - Virtualise Your Firewall Video of the whole process is available on Youtube: Today we will continue our journey with building a homelab. Unfortunately, I was too busy in the past year and there's been a lot of changes to my own homelab environment as well. One of the things that has changed is
linux How to change Login Screen resolution in Linux Mint I've been having fun with customising my Linux Mint installation, but one thing that bugged me was the fact that the login resolution wasn't the same as my VM resolution - similar issue that I had with Debian. Since Debian uses Gnome as its default DE, I couldn't apply the
linux How to change resolution of Debian-based OS GDM3 Login Screen I'm transitioning most of my VMs away from Windows (where possible) to Debian and one of the things that I noticed was that the default resolution of the GDM3 login screen was different from the resolution of the VM once you logged in. Mind you, this is a purely cosmetic
apache How to install Apache Guacamole with Docker and MySQL I've been using jwetzell/guacamole docker image for quite some time now and mostly been happy with it. But I would like to start using the official Guac image as I prefer to use official images in case development of a custom image gets dropped in the future. The reason
nextcloud How to manually upgrade Nextcloud For some reason, my Nextcloud instance doesn't like to be upgraded via integrated updater available in WebUI - I assume it has something to do with running NC behind a reverse proxy, as the error I'm getting is saying that it can't access the site. I may have some variable
debian Force Apt-Get to use IPv4 or IPv6 on Ubuntu or Debian Recently I transitioned my home network to dual-stack IPv4 / IPv6 and I noticed a strange issue on a number of my Debian-running servers: some of the apt updates were unable to complete. The issue seems to be lying in some of my (official) Debian sources being un-accessible via IPv6. To
docker Anatomy of a docker-compose file Docker is an excellent platform that uses OS-level virtualization to provide software packages that we call containers. Containers are basically everything you need to run an app - whether it's a database, web server, proxy, whatever's packaged in it, an app will have access to it. Docker can run on
nextcloud Install and configure Nextcloud in an LXC - Part 2 In this article we will do some fine tuning of our Nextcloud instance. First things first. We will work with the following setup: Let's check our DNS entries: host nc.networktechguy.com nc.networktechguy.com has address 10.5.0.70 host nc-01.networktechguy.com nc-01.networktechguy.com has address
nextcloud Install and configure Nextcloud in an LXC - Part 1 In this article we will explain how to install Nextcloud in an LXC (Linux Containers). Instead of deploying new VMs for every project, we can easily launch an LXC and gain almost all benefits of running a project in an isolated environment. Main reason why we decided not to run
homelab Featured Starting a homelab - Part 04 - First Linux Server In this blog post we will go through the Debian Linux installation and basic setup process. We will use this server later on for different services.
homelab Featured Starting a homelab - Part 03 - Creating your first VM Let's start with our new task - creating our first VM and setting it up for future use.
homelab Featured Starting a homelab - Part 02 - Installing ESXi First step in starting your own homelab is to install the hypervisor on your computer. In this post I will cover all the steps necessary to install ESXi on your computer
homelab Featured Starting a homelab - Part 01 So, you've decided to start a homelab. Good for you! :) But in all seriousness, if your plan is to learn about new IT technologies, starting a homelab is an excellent idea.