1. Make sure the telnet in Administration > System tab > Telnet is enabled. Or SSH enabled if you prefer SSH.
2. Telnet to your router using Putty tool, login. Make sure putty is tick Telnet. If SSH then SSH ticked.

3. Type in command “nvram show | grep asus_device_list
You will see something similar to this, below AC68U is my wifi SSID, same goes to MAC and router IP.
Make sure you copy yours, not mine. lol

Sample result:
asus_device_list=<3>TENDA>192.168.1.1>D8:65:63:D4:3D:40>0>AC68U>255.255.255.0>1

4. Copy the entire string above except “asus_device_list=” and also replace “TENDA” to “RT-AC68U

Command: nvram set asus_device_list=”< paste the string starting from <3> until 255.255.255.0>1 >”

Sample:
nvram set asus_device_list=”<3>TENDA>192.168.1.1>D8:65:63:D4:3D:40>0>AC68U>255.255.255.0>1″

5. Type in command “nvram show | grep asus_device_list” again to check whether it has the latest changes you made.

6. Next, type in “nvram show | grep odmpid”
You will see it’s showing TENDA

7. Type in nvram set odmpid=RT-AC68U (For this part, after commit & reboot, if you issue “nvram show | grep odmpid” again it will be empty, but it still works. Need other sifu to comment on this part)

8. Type in “nvram show | grep odmpid” to check again.

9. Check your setting with this command, nvram show | grep RT-AC68U
computer_name=RT-AC68U

odmpid=RT-AC68U
asus_device_list=<3>RT-AC68U>192.168.1.1>D8:65:63:D4:3D:40>0>AC68U>255.255.255.0>1

10. Type in nvram commit to to apply.

11. Type in “reboot” and router will reboot. 

12. Download ASUS router app to try

source: https://forum.lowyat.net/index.php?showtopic=4504268&view=findpost&p=90503295

Most of the time in a small network, we will be using the Layer 3 device as a default gateway and a DHCP server. And most of the time also, we will be excluding the gateway’s ip address from the dhcp pool. Just to save 1 more configuration line and for the sake of knowledge, the IP address configured on the router interface is automatically excluded from the DHCP address pool :). You need to exclude addresses from the pool if the DHCP server should not allocate those IP addresses.

Documentation

Incoming search terms:

  • additionalgph

Objectives

We are going to achieve 2 things here.
1. Install the OpenVZ OS
2. Install Ruby 1.8
3. Install the OpenVZ Web Panel

Install the OpenVZ OS

1. Get the ISO from https://download.openvz.org/virtuozzo/releases/7.0/x86_64/iso/
2. Install it as usual

Install Ruby 1.8

[[email protected]]#command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
[[email protected]]#\curl -sSL https://get.rvm.io | bash -s stable

Logout or restart ssh session

[[email protected]]#rvm install 1.8.7

Install the OpenVZ Web Panel

1. SSH to OpenVZ
2. Download OpenVZ Web Panel from github then unzip it

[[email protected] ~]# wget https://github.com/sibprogrammer/owp/archive/master.zip
[[email protected] ~]# unzip master.zip

3. Install the script and ruby dependencies

[[email protected] ~]# cd owp-master/installer/
[[email protected] installer]# chmod 777 ai.sh
[[email protected] installer]# ./ai.sh

4. Access the Web Panel
http://ip:3000
login with admin/admin

Incoming search terms:

  • HTTP/1 1 404 NOT FOUND! Check flash:/s3p01_00 web please

Objectives:
1. To build white box for running ESXi
2. Support up to 64GB DDR4
3. Total power consumption below 30 watt on idle
4. Expandable, with PCI expansion slots and multiple SATA ports
5. Cheap as possible

Part lists (as of October 2017)
Intel – Pentium G4560 3.5GHz Dual-Core Processor RM 320.00 (Lazada)
-poor-man’s Core i7 CPU, price vs performance, when it introduced it cannibalized the i3 sales. Intel realized this and slow down the production. Low TDP.

Asus – PRIME B250M-A Micro ATX LGA1151 Motherboard RM 415.00 (Lazada)
-4 DIMM slots and support up to 64GB DDR4. Alternatively, you may consider Gigabyte GA-B250M-D3H.

Avexir Core Series DDR4/2400Mhz/16GB/LED RAM RM 569.00 (Lazada)
Avexir Core Series DDR4/2400Mhz/16GB/LED RAM RM 519.00 (Lazada)
-simply because it is the cheapest. 2x16GB is cheaper than 4X8GB RAM. Furthermore, I have 2 more free DIMMs slots with this configuration.

Corsair – VS 450W ATX Power Supply RM 148.00 (Lelong)
-better than stock PSU

Tecware Quad Mini Cube ATX Case RM 180.00 (Lazada)
-cheap and affordable, importantly it perfectly fit my IKEA rack for space-saving purpose. The size and dimension are resemble the infamous HP Microserver Gen8 (bought it for a year ago then sold it because underutilized, now feeling regretted :P)

Western Digital – Caviar Blue 1TB 3.5″ 7200RPM Internal Hard Drive (Re-Use)

I bought mostly from Lazada due to stock availability and abusing their 10% voucher (price listed above before 10% discount). Price for CPU and RAM is higher due to scarcity and exchange rate.

Power Consumption
Average on 29 watts!!

ESXi running VMs

Step 1: Install ESXi PowerShell Module
Run PowerShell with elevated privilege (run as administrator)

PS D:\> Install-Module -Name PowerShellGet -Force
PS D:\> Install-Module -Name VMware.PowerCLI

Step 2: Changing the Windows PowerShell Script Execution Policy

PS D:\Set-ExecutionPolicy Unrestricted

Step 3: Download ESXi-Customizer-PS
Go to https://www.v-front.de/p/esxi-customizer-ps.html and download ESXi-Customizer-PS-v2.5.1.ps1 and move the script to D:\ (to ease our job)

Step 4: Run PowerShell script

PS D:\> .\ESXi-Customizer-PS-v2.5.1.ps1 -vft -load net55-r8168

Notes:
net55-r8168 is the package name from https://vibsdepot.v-front.de/wiki/index.php/List_of_currently_available_ESXi_packages containing Realtek NICs driver.
PS D:>.\ESXi-Customizer-PS-v2.5.1.ps1 -help for more customization

Incoming search terms:

  • realtek rtl8111e vib esxi 6 5 download
  • 8111 for ESXi
  • advanxer
  • ESXI 6 7 8168
  • [error] cannot find vib named net-tulip !
  • realtek nic r8168 esxi 6 5
  • install Net55-r8168 on esxi 6 5
  • esxi realtek 8168
  • adding realtek 8168/8111/8411/8118 based nics to esxi 6 5
  • Load additional VIBs from Online depots [ERROR] Cannot find VIB named net55-r8168 !
  • https://advanxer com/blog/2017/10/adding-realtek-8168811184118118-based-nics-to-esxi-6-5/
  • esxi 6 7 realtek 8168
  • esxi 6 5 realtek
  • 7BLV
  • beed41

Basics of Active Directory
With LDAP syntax the Bind DN, or the user authenticating to the LDAP Directory, is derived by using LDAP syntax and going up the tree starting at the user component.

For example, the user user1 is contained in the Users container, under the example.com domain. The corresponding Bind DN will look like the following:

CN=user1,CN=Users,DC=example,DC=com, but this will be discussed in more detail in the following steps.

In the following example, the domain example.com is used to find the Distinguished Name (Bind DN field for the Symantec Encryption Management Server) for user1. After obtaining the correct Distinguished Name, Softerra can be utilized to find users, attributes, and values. The query is detailed below and can be used with Active Directory 2003 and above.

Type the following command and press Enter

dsquery user dc=example,dc=com -name username-here*

If your user has a long name, the * will do a wildcard match for that user.  For the example below, we’ll use a username of “user1”

Or

dsquery user dc=example,dc=com -name user1

These commands will return the correct Bind DN:
“CN=user1,CN=Users,DC=example,DC=com”

Live example:
dsquery user dc=advanxer,dc=com -name palo*
“CN=Palo Alto User ID,OU=Service Accounts,OU=Users,DC=Advanxer,DC=com”

Incoming search terms:

  • active directory bind dn
  • active dicetory bind dn
  • bind distinguished name and base distinguished name in ldap
  • how to get rid of the DN in the LDAP
  • how to find a bind dn with dsquery
  • get base and bind dn
  • bind dn active directory
  • bind dn ad conto
  • bind dn base dn
  • where do I find the Bind DN
  • bind dn username
  • Bind DN: ad domian
  • example bind dn
  • example bind dn/username
  • examples of bind dn

Configure the following on the Active Directory (AD) Server and the Palo Alto Networks device:

  1. Create the service account in AD, which is utilized on the device. Be sure the user is part of thethe following Groups:
    – Distributed COM Users
    – Event Log Readers
    – Server Operators
    Note: Domain Admin privileges are not required for the User-ID service account to function properly, see Best Practices for Securing User-ID Deploymentsfor more information.

    In Windows 2003, the service account must be given the “Audit and manage security log” user right through a group policy. Making the account a member of the Domain Administrators group provides rights for all operations. The built-in group named “Event Log Readers” is not available in Windows 2003.
    2016-08-10_08-13-20.jpg

  2. The device uses WMI Authentication and the user must modify the CIMV2 security properties on the AD server that connects to the device.
  3. Run ‘wmimgmt.msc’ on the command prompt to open the console and select these properties:2016-07-13_09-50-02.jpg
  4. From the Security tab on WMI Control Properties:
    1.) Select the CIMV2 folder.
    2.) Click Security,
    3.) Click Add and then select the service account from Step 1.
    4.) In this case, it is [email protected].
    5.) For this account, check both Allow for Enable Account and Remote Enable:
    6.) Click Apply,
    7.) Then click OK.
    2016-08-09_userid1.png
  5. Back in the Palo Alto WebGUI, Select Device > User Identification > User Mapping, then click the edit sproket in the upper right corner to complete the Palo Alto Networks User-ID Agent Setup.2016-08-09_userid2.png
  6. Be sure to configure with the domain\username format for username under WMI Authentication tab along with valid credentials for that user.
  7. Enable the Server Monitor options and enable the security log/enable session accordingly.
    Client probing is enabled by default, so disable if desired.
  8. If the domain is configured during Setup in the General Settings/Domain field, the user can elect to discover servers with which to connect. If not, manually add a server to the device:2016-07-13_10-02-16.jpg
  9. Confirm connectivity through the WebGUI or the CLI:
    > show user server-monitor statistics 
    
    Directory Servers:  
    Name                           TYPE     Host            Vsys    Status           
    -----------------------------------------------------------------------------   
    pantacad2003.pantac.lab        AD       pantacad2003.pantac.lab vsys1   Connected

    2016-07-13_10-02-17.jpg

  10. Confirm that ip-user-mapping is working.
    > show user ip-user-mapping all
    
    IP              Vsys  From    User                            IdleTimeout(s) MaxTimeout(s)
    --------------- ------ ------- -------------------------------- -------------- ----------
    192.168.28.15    vsys1  AD      pantac\tom                      2576          2541
    192.168.29.106   vsys1  AD      pantac\userid                   2660          2624
    192.168.29.110   vsys1  AD      pantac\userid                   2675          2638
    Total: 3 users
  11. Ensure Enable User Identification is enabled on the zones where identifiable traffic will be initiated. Select the zone in Network > Zone.
    2016-08-09_userid3.png

Incoming search terms:

  • palo alto user identification agent
  • Domain Credential Filter agentless paloalto
  • how to configure agentless user-ID in the AD
  • setup userid on palo alto
  • https://advanxer com/blog/2017/08/palo-alto-configure-agentless-user-id/
  • palo alto user id
  • palo alto userid
  • Common name use in Palo Alto userid
  • configure user id palo alto
  • https://yandex ru/clck/jsredir?from=yandex ru;search;web;;&text=&etext=1882 DeyrPIm20Rl28oMs3xfFHk-r_k5k0lgPRePJtBV8bUQUDi52DiaGTxpfqE0BdvHd d5ce69119c83e198c1e18815483e6330c109c1ff&uuid=&state=_BLhILn4SxNIvvL0W45KSic66uCIg23qh8iRG98qeIXme
  • palo alto direct access windows agent id
  • palo alto user id agent not connected
  • palo alto user-id agent less

Situation:
You have HTTP service running on non-standard port and Palo Alto is blocking it

Steps:
1. Define new application
2. Apply policy

Define new application
1. Go to Object→Applications→Add
2. From the Application window, fill up necessary info as per below example.

Apply policy
1. Go to Policy→Application Override→Add
2. Create new policy and select custom application, set to allow

Situation:
1. You need to do hardware swap (POC unit to actual unit)
2. You don’t have Panorama, and you need to do hardware swap due to RMA

Steps:
1. Ensure components are in the same version
2. Export and Import config
3. Commit configuration

Ensure components are in the same version
1. Make sure all components (PAN-OS, PAN-DB, Threat Prevention, Wildfire, GlobalProtect) are in the same version, license too.
1. To do PAN-OS software update, navigate to Device→Software
2. To do components update, navigate to Device→Dynamic Updates
3. To do PAN-DB update, navigate to Device→Licenses→PAN-DB Url Filtering

Export and Import config
1. From the old unit, navigate to Device→Setup→Operations

2. Click “Save named configuration snapshot” and give it a name. Example: ABC123.xml

3. Click “Export named configuration snapshot” and select ABC123.xml.

4. From the new unit, navigate to Device→Setup→Operations
5. Click “Import named configuration snapshot” and select ABC123.xml (config file from old unit)
6. Once imported, click “Load named configuration snapshot” and select ABC123.xml

Commit configuration
1. When you click commit, the firewall will start applying the configuration, meaning there’s a possibility that the ip will be duplicated in the network.
2. Normally I only connect Management port in the new unit, and leave other interfaces unplugged.
3. Click commit, and immediately unplug Management interface in the old unit. You will no longer have access to the old unit. New unit will be taking over the Management ip.

Incoming search terms:

  • migration configuraitons from one Palo alto firewall to another
  • how to update baseline configuration in palo alto with xml file
  • palo alto configyuration export
  • palo alto migrate to new device
  • palo alto migration hardware