Palo Alto – Find and Remove Unused Objects

Palo Alto - Find and Remove Unused Objects

If you work with Palo Alto firewalls, you might know there's no straightforward way to find and remove unused address objects. When I googled for solutions, I found that others suggested using Expedition or some kind of automation. In this blog post, I'll show you a very simple script to find these objects and remove them if needed.

Expedition or Automation

I tried using Expedition a few years back, but it required a dedicated VM, and I struggled to wrap my head around how to use it. I just needed a simple solution. While I could also use Palo Alto's REST API or even the Python SDK, setting everything up takes a bit more time.

Palo Alto 'Set' Commands

Then it occurred to me that Palo Alto provides 'set' commands, and you can use the 'delete' version of those commands to remove something. With that in mind, I thought, "Hmm, what if I get the whole config from either the firewall or Panorama in the 'set' format, run it through a regex, and extract all the object names?" Once I have the object names, I can go through the configuration line by line to check if the objects are Continue reading

The Increasing Impatience Of The Speed Of The PCI-Express Roadmap

Richard Solomon has heard the rumblings over the years. As vice president of PCI-SIG, the organization that controls the development of the PCI-Express specification, he has listened to questions about how long it takes the group to bring the latest spec to the industry.

The Increasing Impatience Of The Speed Of The PCI-Express Roadmap was written by Jeffrey Burt at The Next Platform.

HN738: Reducing Complexity With Fortinet’s Unified SASE (Sponsored)

Fortinet’s Unified SASE provides consistent security controls and policies both for traditional campuses and the hybrid workforce.. Nirav Shah joins us to explain how Fortinet is positioned to do this: a foundational software developed for 20 years, a network of over 140 POPs, a security lab with over 1,000 researchers, continuous ZTNA verification proxies, and... Read more »

Hedge 230: Preparing for Layoffs

You will probably be laid off at least once in your career–we no longer live a world of “permanent positions,” or even a world where people are in complete control of their “work destiny.” It’s important, then, to prepare to be laid off, made redundant, or impacted by a RIF, today. Mike Bushong joins Eyvonne Sharp, Tom Ammon, and Russ White in a wide-ranging discussion about preparing to be laid off.




Celebrating 10 years of Project Galileo

One of the great benefits of the Internet has been its ability to empower activists and journalists in repressive societies to organize, communicate, and simply find each other. Ten years ago today, Cloudflare launched Project Galileo, a program which today provides security services, at no cost, to more than 2,600 independent journalists and nonprofit organizations around the world supporting human rights, democracy, and local communities. You can read last week’s blog and Radar dashboard that provide a snapshot of what public interest organizations experience on a daily basis when it comes to keeping their websites online.

Origins of Project Galileo

We’ve admitted before that Project Galileo was born out of a mistake, but it's worth reminding ourselves. In 2014, when Cloudflare was a much smaller company with a smaller network, our free service did not include DDoS mitigation. If a free customer came under a withering attack, we would stop proxying traffic to protect our own network. It just made sense.

One evening, a site that was using us came under a significant DDoS attack, exhausting Cloudflare resources. After pulling up the site and seeing Cyrillic writing and pictures of men with guns, the young engineer on call followed the Continue reading

HW029: COWs, COLTs, and WOWs

Natural disaster responders, large event planners, and rural kids trying to do their homework all have something in common: they need a little extra help to get connected. COWs, COLTs, and WOWs can do just that. Mark Houtz joins Keith Parsons to explain how and why COW operators do what they do. First, he explains... Read more »

VyOS – A Great Open-Source Router and Firewall

VyOS - A Great Open-Source Router and Firewall

As a Network Engineer or someone working in IT, I always needed a firewall for my home network. Whether it's for learning purposes or using a VPN to connect back home while working remotely, having a reliable firewall is essential. If you are a small company, you might also need a free or cost-effective firewall for various experiments. The use cases can be anything.

There are numerous paid and free options out there, but VyOS stands out with its powerful enterprise-level features. In this blog post, I'll show you how easy it is to get started with the VyOS router/firewall. We'll cover how to download it, installation options, and some basic configurations. So, let's get started.

Disclaimer - Please note that VyOS sponsors my blog, but the content and opinions are my own. I used their product long before they sponsored me. Everything you see here reflects my own views, and VyOS has no control over the content.

Why VyOS?

There are numerous free and paid firewalls out there. Of course, I would love to have the latest and greatest firewalls like Palo Alto or FortiGate, but they are way over my budget. Even if I could afford the Continue reading

How to Address Kubernetes Risks and Vulnerabilities Head-on

Misconfigurations and container image vulnerabilities are major causes of Kubernetes threats and risks. According to Gartner, more than 90% of global organizations will be running containerized applications in production by 2027. This is a significant increase from fewer than 40% in 2021. As container adoption soars, Kubernetes remains the dominant container orchestration platform.

Realizing the full benefits of Kubernetes requires implementing processes and solutions to fight vulnerabilities, threats and risks, including issues stemming from human error such as misconfigurations, and inherent vulnerabilities like those from container images. DevOps and security teams need the right solutions to mitigate the risks and enjoy the full benefits of Kubernetes.

Mitigating the Impact of Misconfigurations

While container adoption has taken off, the industry still lacks skilled Kubernetes experts. Kubernetes is a complex platform, and personnel without the right skillset inadvertently — and frequently—make mistakes that create misconfigurations.

In the Red Hat State of Kubernetes Security Report 2023, more than 50% of respondents said they were concerned about misconfigurations and vulnerabilities. And with good reason: The simplest way for attackers to get to a company’s data, applications or code is through a misconfigured Kubernetes cluster. A bad actor needs just one small misconfiguration Continue reading

The Mythical Use Cases: Traffic Engineering for Data Center Backups

Vendor product managers love discussing mythical use cases to warrant complex functionality in their gear. Long-distance VM mobility was one of those (using it for disaster avoidance was Mission Impossible under any real-world assumptions), and high-volume network-based backups seems to be another. Here’s what someone had to say about that particular unicorn in a LinkedIn comment when discussing whether we need traffic engineering in a data center fabric.

When you’re dealing with a large cluster on a fabric, you will see things like inband backup. The most common one I’ve seen is VEEAM. Those inband backups can flood a single link, and no amount of link scheduling really solves that; depending on the source, they can saturate 100G. There are a couple of solutions; IPv6 or eBGP SID has been used to avoid these links or schedule avoidance for other traffic.

It is true that (A) in-band backups can be bandwidth intensive and that (B) well-written applications can saturate 100G server links. However:

Cisco Live 2024 Wrap-Up

Last week, I attended my 11th Cisco Live in person, in the fabulous Las Vegas. This post is my Cisco Live 2024 Wrap-up. I can already tell you that the next edition of Cisco Live US will be held June 8-12, 2025 in San Diego, California. If my company agrees to send me there, I’m already looking forward to it, because San Diego is a wonderful city. If you’d like to be notified when the registration opens, you can subscribe here: But that’s not the main purpose of this…

The post Cisco Live 2024 Wrap-Up appeared first on

Heeding the call to support Australia’s most at-risk entities

When Australia unveiled its 2023-2030 Australian Cyber Security Strategy in November 2023, we enthusiastically announced Cloudflare’s support, especially for the call for the private sector to work together to protect Australia’s smaller, at-risk entities. Today, we are extremely pleased to announce that Cloudflare and the Critical Infrastructure - Information Sharing and Analysis Centre (CI-ISAC), a member-driven organization helping to defend Australia's critical infrastructure from cyber attacks, are teaming up to protect some of Australia’s most at-risk organizations – General Practitioner (GP) clinics.

Cloudflare helps a broad range of organizations -– from multinational organizations, to entrepreneurs and small businesses, to nonprofits, humanitarian groups, and governments across the globe — to secure their employees, applications and networks. We support a multitude of organizations in Australia, including some of Australia’s largest banks and digital natives, with our world-leading security products and services.

When it comes to protecting entities at high risk of cyber attack who might not have significant resources, we at Cloudflare believe we have a lot to offer. Our mission is to help build a better Internet. A key part of that mission is democratizing cybersecurity – making a range of tools readily available for all, including small and medium enterprises Continue reading

1 2 3 3,623