PANOS SSH Issue, No Matching Host Key Type Found. Their Offer ssh-rsa

After upgrading PANOS on my firewall from 10.1 from 10.2, I was no longer able to SSH into the firewall. Trying to SSH into management interface resulted in the following SSH error: ❯ ssh [email protected] Unable to negotiate with 192.168.1.1 port 22: no matching host key type found. Their offer: ssh-rsa The issue is related to weak host key algorithms from the firewall and updated SSH clients (I’m not sure why this has changed from 10.
Read more →

Managing Old PANOS Downloaded Versions

It can be a pain managing previously downloaded PANOS software images. Especially on the smaller firewalls with limited storage, the old versions just take up valuable space. Rather than using the API to do this at scale, one option is to limit the number to versions each firewall will keep at download time: set max-num-images count 2 Now at download time only two active images will be kept, where the number is the amount you want to keep.
Read more →

How to get the Underlying Physical Network Interface Used by a VPN Client Connection in macOS

When connected to a SSL VPN on macOS sometimes you want to find which physical network interface the VPN is using. Listing network interfaces using ifconfig doesn’t help as it is just a list of adapters and if they are linked or not. Looking up the default route with route get 1.1.1.1 only shows you the tun adapter the VPN is using: ❯ route get 1.1.1.1 route to: one.one.one.one destination: default mask: default gateway: my-mac interface: utun0 flags: <UP,GATEWAY,DONE,STATIC,PRCLONING,GLOBAL> recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 1400 0 In this case the VPN is using “utun0” which is the virtual adapter.
Read more →

Removing the GlobalProtect Cookies and Configuration Files on macOS Linux and Windows Clients

Sometimes removing the .dat files from the GlobalProtect application folder is a good first troubleshooting step when looking into GlobalProtect client issues. The .dat files hold the authentication cookie (pre-auth and user auth) and portal configuration file. Folder locations can depend on if the portal is using pre-auth or not as pre-auth is not user specific. Windows The main user specific folder location to remove the .dat files can be found at the following folder path:
Read more →

How to Remove Built-in Teams from Microsoft Windows 11

Windows 11 seems to come with a built-in instance of Microsoft Teams. If you are using Office 365 then you end with two versions. Use the following to check you have the default instance of Teams: Get-AppxPackage -Name teams If you have the default Teams installed you will get something like: To uninstall this package you can use Remove-AppxPackage, just pipe the output from the previous command: Get-AppxPackage -Name MicrosoftTeams | Remove-AppxPackage -ErrorAction stop If successful then running the original command should have no output:
Read more →

VMware Esxi Upgrade Not Detecting Previous Installation

I really would think before trying this in any form of production environment. It did however work for a VMware lab I was building today (05/04/2022). The issue occurred when upgrading esxi from 6.0 to 6.5 by booting to the install media. One machine worked as expected, the other for some unknown reason would only allow a new install, not an upgrade. After a very small amount of research I found this.
Read more →

Find Processor Architecture in Windows

I was trying to install some software remotely today and was it wasn’t going well. All the others had worked fine, after some investigation I found: It has been a while since I have seen error code 1633. From distant memory 1633 is a 32 bit OS and a 64 bit installer? For the life of me I could not remember how to check that. After going through my random txt files I found:
Read more →

Cortex XDR Live Terminal Session not Working with Prisma Access Decryption

After onboarding into Prisma Access, Cortex XDR live terminal connections were no longer working. There is an existing support document relating to these sort of issues: Enable Access to Cortex XDR There is a section for decryption issues (step 2); what is not clear on this page is that to allow live terminal to work you also need to exclude the following URL: lrc-eu.paloaltonetworks.com It is referred to in Step 3 but only from a point of view of access.
Read more →

How to Install Graphics Tools in Windows 10 and 11

The Windows Graphics Tools are used for Direct3D application development. To install you need to open an elevated command prompt, then use the following to check if it is currently installed: dism /online /Get-Capabilities This will output the currently available options/packages and see if they are currently installed (state): To install the windows graphics tools use the following to download and install: dism /online /add-capability /capabilityname:Tools.Graphics.DirectX~~~~0.0.1.0 Which if successful should look like:
Read more →

Listing PANOS Upgrade history

Due to a firewall issue, I needed to see if an update to PANOS was related to a change in behaviour. I wasn’t sure exactly when the firewall had been upgraded. Searching through the system logs did not seem to show PANOS version changes. Finally I found a mention in a support forum of debug swm history. In short: debug swm history | match 'install panos' Will give you the history of upgrades.
Read more →