We have been working to migrate off the old Cisco ASA Firewalls for 3 months, we swung over the final VLAN today and turned off the 1st of 3 Cisco ASA’s. Huge Achievement!!! Two more to go. Here is a video of my colleague Tom doing the honor of turning it off.
Cisco : Serial Numbers
Today I have spent some time trying to find serial numbers on multiple Cisco devices, some Routers, Switches, Firewalls and Wireless LAN Controllers. Here is 7 ways I have found:
- Locate the serial number tag on the device chassis.
- The serial number is displayed in the banner during boot.
- “show version” command. (Look for Processor board ID or S/N)
- “show inventory” command. (Look for Hw Serial# or SN:)(Also works on WLC’s)
- “show diag” command. (Look for Chassis Serial Number)
- “show hardware” command. (Look for Processor board ID or S/N)
- “show tech-support” command.
Palo Alto : Initial Configutation
I have recently started a new job and they use Palo Alto’s Firewalls, which I have never used, so I am learning from the beginning.
There are 2 modes in Palo Alto Firewalls
Initial mode – >
Configure – #
PA> request system private-data-reset – this wipes out the log and the configs
Default Login: admin/admin
Run the following commands via the CLI to change the terminal height and width since by default it overwrites itself on the terminal after 40 lines which is annoying.
PA> set cli terminal height 500
PA> set cli terminal width 500
Or
PA# run set cli terminal height 500
PA# run set cli terminal width 500
Setup Management IP
PA>set deviceconfig system ip-address 192.168.1.2 netmask 255.255.255.0 default-gateway 192.168.1.1
Setup SSH is enabled by default and GUI will be available on https://192.168.1.2
Add to Panorama – this is the name of the centralized management server for Palo Alto
PA#set deviceconfig system panorama-server 192.168.1.254
When adding to Panorama you will need to get serial number
PA>show system info
Save your work
PA>Commit
** Best Practice to add device to Panorama at the start otherwise its super tedious to remove everything. Manage only HA locally.**