Palo Alto Clientless VPN Configuration
As the title suggests, Palo Alto's clientless VPN allows users to access internal resources (HTTPS-based) without installing the GlobalProtect client. This is useful when you have an internal application that external contractors need to use, but they may not want to install a VPN client. All they need to do is open a browser, log in to your GlobalProtect portal, and access the applications directly. In this blog post, we'll go through the steps to configure Palo Alto Clientless VPN.
As always, if you find this post helpful, press the ‘clap’ button. It means a lot to me and helps me know you enjoy this type of content.
Overview
GlobalProtect Clientless VPN lets users securely access internal web applications from a browser without installing the GlobalProtect client. This is helpful for providing partners or contractors with access to specific internal applications. You can set up the GlobalProtect portal landing page to give users direct access to these applications.
0:00
/0:21
Clientless VPN acts as a reverse proxy, intercepting and modifying web pages from internal applications before presenting them to remote users. When users access these URLs, their requests pass through the GlobalProtect portal.
💡
Before proceeding, Continue reading
From Python to Go 014. Basic SSH Interaction With Network Devices.
Hello my friend,
As mentioned in the previous blogpost, we started talking about practical usage of Python and Go (Golang) for network and IT infrastructure automation. Today we’ll take a look how we can interact with any SSH-speaking device, whether it is a network device, server, or anything else.
You Put So Much Content For Free Online, Why To Join Trainings Then?
Our ultimate goal is to make you successful with software developing for IT infrastructure management. Out blogs are the first step so that you can get up to speed if you already well equipped with fundamentals as protocols, data formats, etc. We believe that sharing is caring, hence we share back our knowledge with you, so that your path could be a little bit easier and quicker, so that you have more time to focus on what matters. If that’s enough for you to move forward, that’s great.
At the same time, if you feel you need more, you want to have finely-curated labs, slack support and deep dive not just in coding, but really in fundamentals, our training programs are here for you:
We offer the following training programs in network automation for you:
HN769: CI/CD Pipelines and Network Automation
Continuous Integration / Continuous Deployment (CI/CD) is a framework that developers use to help them manage and integrate frequent code changes. As network automation evolves, should network engineers adopt CI/CD? Guest Tony Bourke joins us to talk about CI/CD pipelines: what they are, how they’re used, and how they can support network automation efforts. We... Read more »TNO017: Lead People, Manage Machines and Processes
Lead people. Manage machines and processes. That’s the the advice from Bill Hunter, today’s guest on Total Network Operations. Bill shares lessons of resilience and adaptability he learned early in his career, including the power of good habits. Bill and Scott discuss how to identify processes that can be automated and when and where to... Read more »Hedge 260: The State of the DFZ
Trends in the global BGP table–the Default Free Zone (DFZ) table–can tell us a lot about the state of the global Internet. Is the Internet growing? Is IPv6 growing, or are we still in a world of “all things IPv4?” Geoff Huston joins Tom Ammon and Russ White to review the state of the routing table from 2024.
download
Run BGP Across a Firewall
When I asked my readers what they would consider a good use case for EBGP multihop (thanks again to everyone who answered!), many suggested running BGP across a layer-3 firewall (Running BGP across a “transparent” (bump-in-the-wire) firewall is trivial). I turned that suggestion into a lab exercise in which you have to establish an EBGP multihop session across a “firewall” simulated by a Linux host.
If you haven’t set up your own lab infrastructure, click here to start the lab in your browser using GitHub Codespaces. After starting your codespace, change the directory to basic/e-ebgp-multihop and execute netlab up.
IPB169: 10 Years of the UK IPv6 Council
IPv6 Buzz welcomes back Veronika McKillop, the founder and President of the UK IPv6 Council, to talk about the council’s formation and achievements in the past ten years. We look at IPv6 adoption in the UK and its challenges, and what the future holds for IPv6. Veronika highlights the need for improved IPv6 education in... Read more »N4N014: Spanning Tree Part 2 – Root Bridge, Edge Port, Forwarding and Blocking
Welcome to part 2 of our spanning tree series. We start with a quick review and then discuss root bridges, root ports, designated ports, and forwarding and blocked ports. We explain the impact of topology changes on spanning tree and network performance, and discuss how topology changes and convergence events are communicated. Last but not... Read more »High-Performance Kubernetes Networking with Calico eBPF
Kubernetes has revolutionized cloud-native applications, but networking remains a crucial aspect of ensuring scalability, security, and performance. Default networking approaches, such as iptables-based packet filtering, often introduce performance bottlenecks due to inefficient packet processing and complex rule evaluations. This is where Calico eBPF comes into play, offering a powerful alternative that enhances networking efficiency and security at scale.
Understanding Kubernetes Networking
Kubernetes networking consists of two primary components:
- Physical Network Infrastructure – Connects cloud resources to external networks, ensuring communication between nodes and the broader internet.
- Cluster Network Infrastructure – Manages internal workload communication within the Kubernetes cluster, including service-to-service traffic and pod-to-pod interactions.
Choosing the right data plane is critical for optimal performance. Factors such as cluster size, throughput, and security requirements should guide this choice. Poor networking choices can lead to congestion, excessive latency, and resource starvation.
Data Plane Options in Kubernetes Networking
Networking in Kubernetes is an abstract idea. While Kubernetes lays the foundation, your Container Networking Interface (CNI) is in charge of the actual networking. To better understand networking, we usually divide it into two sections: a control plane and a data plane.
- Control Plane – Control plane is the part that manages how Continue reading
Worth Reading: Using SDN Controller with RSVP/TE
Dmytro Shypovalov published another article well worth reading: why should you use an SDN controller for RSVP-TE. It covers:
- The reasons people might still prefer RSVP-TE over SR-MPLS and the current state of RSVP-TE
- What an SDN controller might bring to the RSVP-TE world
- SR/RSVP coexistence and interworking
Have fun!
Python Getters, Setters and @property Decorator
When I first started working with Python classes, some of the most confusing topics were getters, setters, and @property. There are plenty of tutorials on how to use them, but very few actually explain why do we need them or what problem do they solve. So, I thought I’d write a dedicated post covering what they are and the problems they solve. Let’s get to it.
As always, if you find this post helpful, press the ‘clap’ button. It means a lot to me and helps me know you enjoy this type of content.
Python OOP - Method vs Function and the Mystery of ‘self’
I just realized how much I didn’t understand about Python Object-Oriented Programming. I thought I knew the basics, but a few days ago, while going through a Python course, I found out I was wrong.
Suresh Vina
Python Classes
Before diving in, let's have a quick look at a Python class. Here’s a simple example of a Person class with two attributes name and age.
class Person:
def __init__(self, name, age):
self.name = name
self.age = age
I'm going to create an instance of the class called p1, passing Continue reading
D2DO265: How Do We Measure Developer Experience?
Developer experience is a hard metric to measure qualitatively. On today’s show, we talk with Kristen Foster-Marks about Developer Experience, or DevEx. We start with the controversial concept of “ghost engineering,” which claims many software engineers do not contribute meaningfully to their work. We delve into the validity of this claim, and discuss the scientific... Read more »Do You Need To Answer That Question?
Photo by Pixabay on Pexels.com
We’ve all been in a situation where we’re listening to a presentation or in a class where someone is sharing knowledge. The presenter or expert finishes a point and stops to take a breath or move on to the next point when you hear a voice.
“What they meant to say was…”
You can already picture the person doing it. I don’t need to describe the kind of person that does this. We all know who it is and, if you’re like me, it drives you crazy. I know it because I’ve found myself being that person several times and it’s something I’m working hard to fix.
Info to Share
People that want to chime in feel like they have important things to share. Maybe they know something deeper about the subject. Perhaps they’ve worked on a technology and have additional information to add to the discussion. They mean well. They’re eager to add to the discussion. They mean well. Most of the time.
What about the other times? Maybe it’s someone that thinks they’re smarter than the presenter. I know I’ve had to deal with that plenty of times. It could be an Continue reading
Goodbye, Cumulus Community Vagrant Boxes
Last Monday, I decided to review and merge the “VXLAN on Cumulus Linux 5.x with NVUE” pull request. I usually run integration tests on the modified code to catch any remaining gremlins, but this time, all the integration tests started failing during the VM creation phase. I was completely weirded out, considering everything worked a week ago.
Fortunately, Vagrant debugging is pretty good1 and I was quickly able to pinpoint the issue (full printout):