error: put-file failed on Junos

I have got the following error while I was trying to copy a file via SCP on Junos. As per the error, I thought it is something
to do with my local permissions but I could read the source backup.conf file. I searched online, numerous entries showed up.

In the end, error turns out to be so funny. It is the “~” character which is causing this issue. As soon as I changed the destination
path as follows;

it just went through. Apparently this isn’t interpreted as “HOME” directory in Junos the way it works in Linux.
Another lesson learned!

deleting all addresses in Palo Alto Networks firewall

if you somehow end up having hundreds of address objects in a PAN firewall and you would like to delete all of them, good luck!
probably to prevent accidental removal there is no way on GUI as of now on 7.1.x releases (or I don’t know yet)
but if you want to you can use the following CLI option.

copy the output you get on the previous “show address” command and paste into a file e.g “address.txt” in a Linux host then do
grab the first 3 lines

for example our file may contain the followings;

by doing this you create the delete statements of address objects. Your output should be like this

now you need to paste this on PAN cli. Depending on the number of objects you may need to enable scripting mode

and then paste the delete commands and commit. That should be it!

Panorama address object mismatch with firewall

Panorama is a nice management tool. It is nice compared to NSM and Security Director:) On the other hand, I had to deal with an issue which is address group content on panorama was different than the firewall. Here is an example;

Panorama had AddGroup1 = Addr1 , Addr2, Addr3
Firewall had AddGroup1 = Addr1, Addr2, Addr3, Addr4

Security rule (Block_IPs) referencing AddGroup1 address group object had the action block but we needed to delete this Addr4. I don’t even want to think how this sync issue happened. The problem is that panorama pushed objects are read-only, you can’t delete them. What did I do?
Continue reading

SSH client preference

There are various SSH clients for Windows platforms and up until couple of months ago I was thinking that the best SSH client for me was SecureCRT but I discovered another one called Mobaxterm. This product really took my attention, primary reason of which is the richness of the feature set. Fist look at what protocols it supports;

In my daily job,  I no longer have to use Filezilla and Rdesktop as it supports RDP and SFTP, The beauty of this is that each connection stays in its own tab so you only use one window for all connections.

Continue reading

Slow file transfer and TCP Zero Window Probe

Slow file transfers must be really bothering everyone. I have a ZyXEL NSA325 NAS device which has a gigabit interface but I am getting extremely low throughput. Unfortunately this has been a problem I think since I bought this device. Now I could finally get hold of time to troubleshoot the issue. Here is my topology I used in testing this scenario.

nas-tcp-window-zero

As per the topology above, my laptop and this NAS device are connected to two ports of this Juniper EX2200 switch. I have enabled jumbo frame on the ports, laptop and NAS device.

Continue reading

Palo Alto Networks #1: Initial Configuration (for beginners)

This post aims to give an introduction to configuring Palo Alto Networks firewall for initial deployment as it is for beginners, I would like to cover the following topics;

  • Configure management interface settings (i.e IP Address, default gateway) via console
  • Assign IP addresses to ethernet interfaces and default gateway
  • Configure NAT and Security Policies to allow Internet access to internal clients

For this purpose, we will be using the following simple topology;

palo-alto-networks-initial-configuration-for-beginners

Continue reading

Differences between Juniper SRX and Palo Alto Networks firewalls

Once you are familiar with one firewall, sometimes it is difficult to be comfortable on another firewall. Here I will list 2 things that you do differently on these firewalls. At least these were the first things I noticed.

1) PING

On an SRX firewall, if you ping a remote address, command will be accepted.

However if you run the same command on a Palo Alto firewall, you get an invalid syntax.

However this isn’t really the difference I would like to tell. The correct syntax on Palo Alto is like this

Continue reading