Palo Alto firewall - How to Push and Install GlobalProtect from the Panorama CLI

I recently encountered a problem when I upgraded Panorama from 10.2.4 to 11.0.2. The ‘Download’ link in Device Deployment -> GlobalProtect Client on Panorama disappeared! After some research, I found out that this is a bug that affects this version of Panorama. Unfortunately, there is no official fix for this issue yet as of July 17, 2023.

If you need to push GlobalProtect client from Panorama before Palo Alto Networks fixes this bug, you can use a workaround via CLI commands.

• Issue/Symptom

You don’t see the ‘Download’ link on PANORAMA → Device Deployment → GlobalProtect Client.

• Workaround

Step 1. Check available GlobalProtect client packages from PaloAlto Networks server

admin@panorama> request batch global-protect-client check

Step 2. Download GlobalProtect client packages to Panorama

admin@panorama> request batch global-protect-client download file PanGP-6.0.7 

 Download job enqueued with jobid 257320 257320

Step 3. Activate the version on Panorama GUI

Go to PANORAMA → Device Deployment → GlobalProtect Client and click 'Activate' and select the firewalls you want to push the new GP Client.

References

How to use Device Deployment in Panorama - Knowledge Base - Palo Alto Networks

Links

_Index_2_Firewall

A10 SLB - How to configure a Layer 4 Virtual Server

Here is a step-by-step guide on how to configure a Layer 4 virtual server on an A10 Server Load Balancing (SLB) appliance using the CLI command and GUI.

Configure a Layer 4 Virtual Server

Step 1. Enter Configuration Mode

Enter configuration mode by typing the following command:
configure

Step 2. Define Real Servers (nodes/pool members)

Must include object name, IP address or DNS name & port.
A Layer 3 default Health Check will be applied to the Real Server IP addresses.
A Layer 4 default Health Check will be applied to match the ‘port 80 tcp’ command.

• CLI

slb server realserver1 10.1.20.11
 port 80 tcp
slb server realserver2 10.1.20.12
 port 80 tcp
slb server realserver3 10.1.20.13
 port 80 tcp
 exit
 exit

• GUI
  

Step 3. Create a Service Group (pool/server farm)

Group of servers that fulfill a service.
Load balancing algorithm applied here. Round Robin is used by default.

• CLI

slb service-group webapp1_80 tcp
   member realserver1 80
   member realserver2 80
   member realserver3 80
   exit
   exit

• GUI
  

Step 3-A (Optional). Change the Load Balancing algorithm

Change the Load Balancing algorithm method if needed.

• CLI
  Here are some of the common load balancing methods available on the A10:

1. Round Robin: This method distributes incoming traffic equally among all available real servers in a sequential order. It is a simple and straightforward method and is commonly used as the default method.
2. Least Connections: This method distributes incoming traffic to the real server with the fewest number of active connections. It is useful in scenarios where the real servers have different processing capacities.
3. Weighted Round Robin: This method distributes incoming traffic to the real servers based on their weight. You can assign a weight value to each real server, and the traffic will be distributed based on the ratio of their weights. This method is useful when you want to control the proportion of traffic sent to each real server.
4. Source IP Hash: This method distributes incoming traffic based on the source IP address of the incoming request. It ensures that the same source IP address is always sent to the same real server. This method is useful in scenarios where the client needs to maintain persistent connections to the same real server.
5. Destination IP Hash: This method distributes incoming traffic based on the destination IP address of the incoming request. It ensures that requests for the same destination IP address are always sent to the same real server. This method is useful in scenarios where you want to balance the load based on the destination of the incoming request.

You can specify the load balancing method by using the method or lb-method command followed by the method name. For example, to set the load balancing method to least-connection or least-connections, you would use the following command:

method round-robin
method least-connection
method weighted-rr
method dst-ip-hash
method fastest-response

slb service-group webapp1_80 tcp
	method least-connection

---
lb-method round-robin
lb-method least-connections
lb-method weighted-round-robin
lb-method source-ip-hash
lb-method destination-ip-hash

slb service-group webapp1_80 tcp
	lb-method least-connections

※ Note: The method command is typically found in newer software versions of the A10 Thunder series of load balancers, such as the TH3030S.

The lb-method command, on the other hand, is typically found in older software versions of A10 load balancers.

• GUI

Step 4. Create Source NAT Pool

• CLI

ip nat pool webapp_srcnat 10.1.20.240 10.1.20.241 netmask /24

• GUI
  

Step 5. Create Virtual Server (vserver/vip/virtual address)

Must include object name, IP address and port (vport).
A virtual server is the combination of the real servers and ACOS device, which together appear as a single server to the client.

• CLI

slb virtual-server webapp1 10.1.10.11
 port 80 tcp
  source-nat pool webapp_srcnat
  service-group webapp1_80
  exit
  exit
  exit

• GUI
  

Step 6. Exit Configuration Mode and Save Configuration

To exit configuration mode, use the following command:
end

To save the configuration, use the following command:
write memory

Step 7. Check the Virtual Server status

To check the status of the virtual server, use the following command:
show slb virtual-server bind

Step 8. Test service access on a web browser

To test service access, open a web browser and enter the virtual IP address ‘10.1.10.11’ in the address bar. You should be able to access the service hosted on the real servers.

※ Note: The commands and syntax used in this guide may vary depending on the version and model of your A10 Server Load Balancer. It is recommended to consult the official documentation for the exact commands and syntax for your specific device.

References

(240) A10- Configure a Layer 4 Virtual Server in 4 Steps - YouTube

Links

_Index_2_Network

Procrastination No More - Proven Techniques to Boost Productivity and Get Things Done

If you’re struggling with procrastination, you’re not alone. Many of us have trouble getting started on tasks, despite knowing we need to do them. To help you overcome this common challenge, here are 10 tips for avoiding procrastination:

1. Setting clear and specific goals:

   Break your tasks into smaller, more manageable chunks and set clear deadlines for yourself.

2. Prioritizing tasks:

   Identify the Most Important Tasks (MIT) and focus on them first.

3. Eliminating distractions:

   Remove anything that might distract you while you work, such as your phone or social media.

4. Using a timer:

   Set a timer for a specific amount of time and work on a task until the timer goes off.

5. Using the Pomodoro Technique:

   Break your work into 25-minute intervals, with short breaks in between.

6. Using the Eisenhower matrix:

   Prioritize your tasks by urgency and importance.

7. Using positive self-talk:

   Encourage yourself with positive affirmations and remind yourself of the benefits of completing the task.

8. Using rewards:

   Reward yourself for completing tasks to motivate yourself.

9. Using accountability:

   Share your goals and progress with others to hold yourself accountable.

10. Taking care of yourself:

    Make sure to get enough sleep, exercise, and eat well to help keep your energy levels up.
    
    

Procrastination can be a tough habit to break, but by implementing these strategies, you’ll be on your way to becoming more productive and achieving your goals. Remember, the key is to stay focused and motivated, and to not let yourself get bogged down by distractions.

References

Pomodoro Technique - Wikipedia
Eisenhower Matrix | Prioritization Framework | Definition and Examples

Links

_Index_3_Habit