0

Palo Alto How to Configure SSL Decryption?

Most websites we access today use HTTPS, and to fully leverage a Next-Generation Firewall (NGFW) like Palo Alto, inspecting encrypted HTTPS sessions is crucial. Configuring SSL decryption isn't just a set-it-and-forget-it task. It requires careful consideration and ongoing improvements. In this blog post, we'll explore how to configure SSL decryption in Palo Alto firewalls and highlight some pitfalls to be aware of. So, let's get to it.

As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.

Palo Alto How to Block Specific URLs?

In this blog post, we’ll explore how to block specific sites using a Palo Alto firewall. There are two ways to achieve this, and we’ll cover both options.

PacketswitchSuresh Vina

SSL Decryption Considerations

As I mentioned earlier, configuring SSL decryption isn’t as simple as flipping a switch. Decryption allows your firewall to inspect the contents of encrypted sessions. Normally, HTTPS traffic is encrypted from your browser to the server, ensuring the sessions are private. However, with SSL decryption, the firewall acts as a man-in-the-middle, inspecting the traffic in plain text. It’s crucial Continue reading

0

Brad McCredie Is The Pedal To AMD’s Datacenter GPU Metal

Brad McCredie like engines, and more importantly, he likes to make them go fast. …

Brad McCredie Is The Pedal To AMD’s Datacenter GPU Metal was written by Timothy Prickett Morgan at The Next Platform.

0

HN765: Telecom In the Bahamas: Lessons In Resiliency

Many of us have had network design discussions relating to natural disasters. What if a fire comes through? Or a flood? For most of us, those discussions don’t feel overly worthy of our attention. Yes, we should think about it. Yes, we should plan for it. If we’re really serious, we’ll even dust off the... Read more »

0

Weekend Reads 012425

AI errors come at seemingly random times, without any clustering around particular topics. LLM mistakes tend to be more evenly distributed through the knowledge space. A model might be equally likely to make a mistake on a calculus question as it is to propose that cabbages eat goats.

In this post, we start by explaining the configuration of our switching infrastructure using common IETF protocols to implement redundancy, full usage of resources, and seamless adaptivity in case of failures or maintenance. We then continue presenting the configuration of our route servers with a special focus on isolating different LANs and dynamically excluding invalid routes.

LLMs are undeniably astonishingly good at using the text they trained on (aided by human fine tuners) to generate convincing prose. But they are really bad at distinguishing between truth and falsehoods and responding to prompts that are unlike or even slightly different from what they trained on.

I wonder how many of you have noticed a subtle change in the way that you navigate the web? We’re in the midst of a transition to the zero click Internet, meaning users no longer have to click on links to reach web sites to find content.

Time Continue reading

0

Hedge 256: The Impact of Your First Language

Richard Wexelblat published an article in 1980 titled: “The consequences of one’s first programming language.” We’ve all seen C code written like Python, or Python code written like C, so it’s obvious a coder’s first language has a long lasting effect on their style. What about network engineers? Are there times and places where the first of anything a network engineers encounters has a long lasting impact on the way they think and work? In this roundtable, Tom, Eyvonne, and Russ consider different ways this might apply to network engineering.

download

0

TNO013: How Do We Apply DevOps to Traditional Networking?

Can we map DevOps principles and practices to network operations? Should we? On today’s show, we talk with Williams Collins and Eyvonne Sharp to understand DevOps both culturally and practically. We also discuss the challenges of applying DevOps to network operations. We look at lightweight options such as starting small, having a centralized source of... Read more »

0

Use BGP Outbound Route Filters (ORF) for IP Prefixes

When a BGP router cannot fit the whole BGP table into its forwarding table (FIB), we often use inbound filters to limit the amount of information the device keeps in its BGP table. That’s usually a waste of resources:

• The BGP neighbor has to send information about all prefixes in its BGP table
• The device with an inbound filter wastes additional CPU cycles to drop many incoming updates.

Wouldn’t it be better for the device with an inbound filter to push that filter to its BGP neighbors?

0

GenAI Boom: Datacenter Spending Forecast Raised Again

Economic and technical forces have a kind of momentum that keeps them growing even as any new technology goes through its inevitable hype cycle from innovation to inflated expectations to disillusionment to deployment into productivity. …

GenAI Boom: Datacenter Spending Forecast Raised Again was written by Timothy Prickett Morgan at The Next Platform.

0

IPB167: Crossing the 50% IPv6 Adoption Threshold

IPv6 adoption should cross 50% in 2025. In today’s podcast, we discuss the implications and significance of IPv6 adoption reaching this milestone. While this transition might not be visible to average users, it does impact IT professionals. We explore varying adoption rates across industries, and talk about compliance requirements will soon necessitate IPv6. We also... Read more »

0

How Enterprise AI Can Ease The Data Gravity Burden

COMMISSIONED:  Among the many tough decisions IT leaders face is where to best host AI workloads. …

How Enterprise AI Can Ease The Data Gravity Burden was written by Timothy Prickett Morgan at The Next Platform.

0

N4N010: Why Was the Colon Chosen as a Delimiter in IPv6?

It’s history day on N Is For Networking! We learn about the development of IPv6 directly from Bob Hinden, one of the pioneers who made it happen. Bob discusses his journey from early work on ARPANET to his significant contributions to IPv6. We also cover the transition from IPv4, the challenges faced during IPv6’s creation,... Read more »

0

Sturgeon’s Law, VRRPv3 Edition

I just wasted several days trying to figure out how to make the dozen (or so) platforms for which we implemented VRRPv3 in netlab work together. This is the first in a series of blog posts describing the ridiculous stuff we discovered during that journey

The idea was pretty simple:

• Create a lab with the tested device and a well-known probe connected to the same subnet.
• Disable VRRP (or interface) on the probe and check IPv4 and IPv6 connectivity through the tested device (verifying it takes over ownership of VRRP MAC and IP addresses).
• Reenable VRRP on the probe and change its VRRP priority several times to check the state transitions through INIT/BACKUP(lower priority)/MASTER(change in priority)/BACKUP(preempting after a change in priority).

0

OpenAI Declares Its Hardware Independence (Sort Of) With Stargate Project

The dependency dance between AI pioneer OpenAI and the Microsoft Azure cloud and the application software divisions of its parent company are fascinating to watch. …

OpenAI Declares Its Hardware Independence (Sort Of) With Stargate Project was written by Timothy Prickett Morgan at The Next Platform.

0

NAN083: Cox Gets Network Automation Right, and Proves It at DEF CON (Sponsored)

Today’s Network Automation Nerds episode discusses Cox Communications’ journey to getting network automation right. We also talk about how they used network automation to support operating the network at the DEF CON hacker convention. Our guests are David Ezell, Joshua Watkins and Eric Hansen from Cox Communications. We dive into initial steps and challenges in... Read more »

0

D2DO263: An Anthropologist’s Advice for Improving IT Cultures

It’s tempting to run IT organizations the same way we run infrastructure: as resource units to be applied to various jobs. But people aren’t infrastructure. They have opinions. They form teams. They operate on different incentives, which sometimes clash within an organization (i.e. sales vs. product managers, or infosec vs. everybody). Today’s guest, Lianne Potter,... Read more »

0

The Ethernet/802.1 Protocol Stack

The believers in the There Be Four Layers religion think everything below IP is just a blob of stuff dealing with physical things:

People steeped in a slightly more nuanced view of the world in which IP is not the centerpiece of the universe might tell you that the blob of stuff we need is two things:

0

HLRS Takes First Steps To Exascale

The University of Stuttgart’s High Performance Computing Center (HLRS) in Germany tapped Hewlett Packard Enterprise back in December 2023 to build a prototype hybrid CPU-GPU supercomputer nicknamed “Hunter” to pave the way towards an exascale-class machine it is budgeting to have installed in 2027 called “Herder.” …

HLRS Takes First Steps To Exascale was written by Timothy Prickett Morgan at The Next Platform.

0

Running EVE-NG in Proxmox

If you follow my blogs, you might know that I recently switched to Proxmox from VMware Workstation Pro for my home lab. I’ve already migrated most of my VMs, including Cisco CML, to Proxmox, and the last piece left was EVE-NG. In this blog post, we’ll go through the steps to install EVE-NG in Proxmox. Let’s get started!

As always, if you find this post helpful, press the ‘clap’ button on the left. It means a lot to me and helps me know you enjoy this type of content.

Running Cisco CML in Proxmox

In this blog post, we’ll go through how to install Cisco CML (specifically CML 2.8 Free Tier) on Proxmox.

PacketswitchSuresh Vina

Overview

EVE-NG doesn’t have official documentation for Proxmox, but it works perfectly fine, and I haven’t faced any issues so far. For this example, I’m using

• Proxmox version 8.3.0
• EVE-NG Community Edition 6.2.0

Most of the VM’s settings can be left at their default values, but there are a couple of changes I had to make. Before diving in, let's have a quick look at Nested Virtualization.

Nested Virtualization

Nested virtualization allows you to run virtual machines Continue reading

0

PP046: IPv6 Security, Migration, and Adoption

You asked for more IPv6 and we listened. In today’s episode, we talk with Ed Horley, co-host of the IPv6 Buzz podcast about IPv6 security, migration, and adoption. We talk about how your general security strategy doesn’t change with v4 or v6, but the trouble starts with a lack of v6 knowledge. We talk about... Read more »

0

Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4

Welcome to the 20th edition of the Cloudflare DDoS Threat Report, marking five years since our first report in 2020.

Published quarterly, this report offers a comprehensive analysis of the evolving threat landscape of Distributed Denial of Service (DDoS) attacks based on data from the Cloudflare network. In this edition, we focus on the fourth quarter of 2024 and look back at the year as a whole.

When we published our first report, Cloudflare’s global network capacity was 35 Terabits per second (Tbps). Since then, our network’s capacity has grown by 817% to 321 Tbps. We also significantly expanded our global presence by 65% from 200 cities in the beginning of 2020 to 330 cities by the end of 2024.

Using this massive network, we now serve and protect nearly 20% of all websites and close to 18,000 unique Cloudflare customer IP networks. This extensive infrastructure and customer base uniquely positions us to provide key insights and trends that benefit the wider Internet community.

• In 2024, Cloudflare’s autonomous DDoS defense systems blocked around 21.3 million DDoS attacks, representing a 53% increase compared to 2023. On average, in 2024, Cloudflare blocked 4,870 Continue reading