Wednesday, November 18, 2015

PHP configuration for use with Palo Alto Networks Configurator

Palo Alto Networks has a tool that allows you to gather configuration information from a firewalls and Panorama systems.
The PHP scripts can be found here.

Download and extract the files to your system. I chose to extract them to c:\pan-configurator-master

Example scripts for how to use are found at the links below (they do require a Palo Alto Networks customer account)

If you don't have PHP already installed on your Windows system, here is how I configured my system.
Download and install PHP to your machine from I used version and installed to c:\php
Once the PHP has been installed, copy the php.ini-production to php.ini, and edit the following lines by removinig the semicolons:
include_path = ".;c:\php\includes"
; On windows:
extension_dir = "ext"
;  Enable cURL extension in PHP

Copy the following dll’s to the c:\windows\system32 directory

If you want to be able to run the scripts from directories other than c:\php update your path at the command line with the following command: set path=%path%;"c:\php"

When you connect to a device the first time it will ask for either a username and password or an API key
You can generate an API key via your browser - https:///api/?type=keygen&user=&password=
Replace the data in between < > with the appropriate date for your system

I used php C:\pan-configurator-master\utils\rules-edit.php in=api:// actions=exportToExcel:my-home-rules.xls location=vsys1 ruletype=all to pull the security, decryption and nat policies from my home firewalls.
Take your time with this tool and test all of you commands in a lab before using them in production

Friday, August 21, 2015

A little networking advice

A former co-worker of mine reached out to me asking what to do to get better at networking and how not to put yourself in a position where you may have cast yourself in the wrong light.

This was my response

Congrats for getting out there and networking
How many drinks are you having? If you answer more than 2, cut back. If you answer 2 or less, don't go beyond that. Alcohol should be a relaxer and facilitator of calm, not a lubricant to discuss things you are not feeling confident about.
Read a couple of networking articles (person to person not router to router)
Stay current
Find RSS feeds to know what is going on
Read sites other than CNN/FoxNews/MSNBC
Find local meet ups of security folks (my former co-worker lives in the Bay Area and I targeted my responses for there - search for local events - my home town has an awesome group ) - San Francisco - South Bay - San Francisco hacker space
Volunteer - There is one that runs the same time as RSA and volunteering will allow you to meet the people who are presenting and organizing
(look for events in your area that need volunteers)
As I tell my daughter, the more you listen then more people are willing to talk around you. The more you hear the more you learn.
A career is a lifetime thing, for some it happens in an instant, but for most of us it is something we will build over a long period of time.
Know your goals and set achievable increments to meet those. Create a leap from success to success and learning to learning. Knowing where you want to go is the first part of getting there.