How to replace blank/space with line break (Alt+Enter) in Excel

Ever wondered how to replace blank or spaces with a line break in Microsoft Excel? it is a lifesaver when dealing with firewall policy sheets 🙂

Push Ctrl + H (for replace) and find what:” “(just a space).
In the replace with field you enter 0010 while holding Alt key (so ALT + 0010). You will now notice the cursor jumping into a second line (hence, there is only a small piece visible – it is looking like a flashing dot). Now hit Replace or Replace all. Et voila!

Of course this also works the other way around.

before:

excel_before

after:

excel_after

Short n quick: DIY BayTech RPC serial adapter to use with standard ethernet cables (RJ45)

How to build a BachTech RPC serial console adapters which can be used with standard RJ45 (Cat5/Cat6/..) ethernet cables:

Serial RS-232 Pinout (DE-9 female):
______________
\ 5  4  3  2  1 /
\ 9  8  7  6 /

RS-232 to RJ45 (T-568A) Pins

RS-232 Pin# RS-232 Color RJ45 PIN# RJ45 Color
5 Orange 7 White Brown
4 White 1 White green
3 Green 4 Blue
2 Red 5 White blue
1 Black 6 Orange
9 None None None
8 Blue 8 Brown
7 Yellow 3 White orange
6 Brown 2 green

Accessing your modem from OpenWRT Router

Very useful if you want to check for errors on your Cable modem Accessing your modem from OpenWRT Router.

Unfortunately, you don’t have fulll access to your modem on AT&T, TWC or Comcast. Hence, you are not able to do SNMP monitoring 😦

Short n quick: Reset Alteon AD3 load balancer to factory default.

Case: Old load balancer, unknown IP, no serial/console access

Don’t even try to get the serial port up – it’s impossible.

  • Connect a computer with crossover cable to one of the ports.
  • Check ARP requests with Wireshark
  • Telnet into IP
  • Enter “boot” (boot menu)
  • Enter “conf” (config block to use next boot)
  • Enter “factory” (in order to boot factory defaults)
  • Power off
  • Power on

Good Luck!

Problem solved: Monitoring Kemp Loadbalancers with Check_MK (kemplb_real_servers, kemplb_rsvs and kemp_virtual_server)

About two weeks ago I found a plug-in for monitoring Kemp loadbalancers on Check_MK Exchange (go here: http://exchange.check-mk.org/index.php?option=com_remository&Itemid=59&func=fileinfo&id=135).  Until today it was working absolutely flawless on two loadbalancers and was a really big help on monitoring all the services (including connection and pool data).

Unfortunately, it would not recognize the services on a third Kemp loadbalancer. That´s when I went CLI and checked the snmp_scan_function. (Note: The plug-in consist of three different checks: kemplb_real_servers, kemplb_rsvs and kemp_virtual_server)

kemplb0

Turns out the script is checking for OID .1.3.6.1.4.1.12196.12.8.1.2.1 in order to inventory the servers. So I decided to compare the output from the working and faulty Kemp LBs when doing a snmpget for this OID:

kemplb1

Turns out that the working LB is giving back a value, while the other Loadbalancer does not. This is quite interesting since both LBs are on same firmware version and platform (virtual machines).

Then I used a MIB-Browser to investigate which values in this OID tree would be available.

kemplb3

As we can see from the screenshot there is no OID .1.3.6.1.4.1.12196.12.8.1.2.1. Instead there are a couple other OIDS like .1.3.6.1.4.1.12196.12.8.1.2.4. and .18 etc in the subtree.

While checking the Kemp LB MIBs (accessible here: http://kemptechnologies.com/files/downloads/documentation/7.0/LM_mibs.zip) I found out that OID .1.3.6.1.4.1.12196.12.8 is “a table containing Totals for Real Server (RS) specific information.”

So it seems that there is no Real Server “1” on the faulty LB. Thereforet Check_MK is not doing an inventory (even though it would find services on the LB).

So here is a solution that worked for me: I changed the last lines of the three check scripts as following:

kemplb4

So basically it is checking OID .1.3.6.1.2.1.1.2.0 (“The vendor’s authoritative identification of the network management subsystem contained in the entity”)  and validates if the returned value starts with .1.3.6.1.4.1.12196 (because in that case it is a Kemp LB and we want the plug-in to start the inventory).

Feedback appreciated.

Update: Check PAN Firewall´s Sessions Counters with SNMP

About a year ago I published my first ever developed plug-in for check_mk (https://sitweak.wordpress.com/2012/08/30/snmp-based-check_mk-plug-in-for-palo-alto-firewalls/). For all who missed out on that milestone in my programming carrer: It´s doing not more than fetching some sessions counters with the help of SNMP.

Even though I realized that there is not a high demand for such an plug-in (until now it has one rating on the check_mk Exchange – haha) I am still very proud that there is a piece of self-made code which is actually working. J That’s why I decided to give a small update.

Some hours ago I uploaded and version 1.0. Here´s a Changelog:

Plug-In

o   Two more SNMP values are being fetched
– 1.3.6.1.4.1.25461.2.1.2.3.7.0 Total number of active SSL proxy sessions
– 1.3.6.1.4.1.25461.2.1.2.3.8.0 Total number of active SSL proxy sessions.

o   Code updated
– Added a snmp_scan_function
– Added declaration according to new Check_MK API (https://mathias-kettner.de/checkmk_devel_newapi.html)

o   Added warning and critical levels (Service State is based on SNMP value of sessions utilization)
– Factory default: 80% warning level and 90% critical level. You can define your own values by editing ~/local/share/check_mk/checks/paloalto_sessions.

Perfdata
o Added value ‘proxied ssl sessions’ to perfdata

PNP-Template
o   Added graph for value ‘proxied ssl sessions’
o   Cleaned PNP-Template

Plug-In Output
o   Added value for proxied SSL sessions
o   Added value for utilization of SSL proxy

 

This is what it looks like:

ImageImage

Tested on Check_MK 1.2.4

 

I´m looking forward to any feedback here, on twitter or check_mk Exchange!

 

Importing Palo Alto Firewall´s Policies into Microsoft Excel

 

Last week I started my second approach on importing the Policies (Ruleset) from our PaloAlto firewall into Microsoft Excel. I really love the way PaloAlto designed the web-interface on their Pan-OS: It has a cross-browser compatibility and works flawless on any screen resolution. Unfortunately, it is missing an option to export the policies into any standardized form, which would give me the possibility to keep a record of the ruleset outside the web-interface.

However, this was something I wanted to do for quite a while. More and more often we have the problem that system administrators complain about a missing transparency of the ruleset. This problem usually comes up when they are deploying a new service, and there is exactly one policy missing in order to complete the deployment.

One solution for that problem is granting a read-only access on the firewall. Downside: They have to be taught on how to use the web-interface and how to correctly read the policies. More important the will have access to other areas of the configuration, which may be considered sensitive or conflict with the goal of protecting sensitive data.

Presenting the ruleset in an Excel sheet is a good solution in order to address these problems: Everyone is able to open and read an Excel-sheet (Freeware viewers are also available). As a plus you can hide or exclude any information that is not necessary and likely people will know how to find the information they are looking for. On the other hand you have endless options on how to add additional information with the help of texts or conditional formatting.

Anyhow, enough for now – let´s start with the solution.

A while ago I already found two articles in the PaloAlto forums on how to import the Policies into Microsoft Excel. One is here: https://live.paloaltonetworks.com/docs/DOC-1617, the other one you will find here: https://live.paloaltonetworks.com/docs/DOC-5754. Unfortunately, both solutions didn´t work for me.

In fact, I got the following result using the tutorials:

palo_xml_import

As you can see, there is a new column for every source and target address. The reason is, that the every address-object is enclosed by <member> tags, which leads to a misinterpretation in the structure of the XML-file.

The advice from my co-worker was to use formulas in order to fix the layout. This didn´t seem to be the perfect solution for me, since I wanted a procedure which could be eas

ily reproduced by any other firewall-administrator.

After checking a few of the comments under the above stated links I found a comment mentioning a solution based on a linux bash command. After analyzing the command line I could adopt the procedure to a windows environment. Here is what you have to do (tested on Pan-OS 5.X with PAN-5050 and Google Chrome browser):

1)      Export your current running configuration:  In the web-interface you go to Device -> Setup -> Operations -> Export named configuration snapshot.

Step_1

2)      Open the configuration snapshot with a compatible text-editor (as Notepad++ for example).

3)      Search for string <security> (press Strg+H in most ext-editors) and deleted everything before the tag.

4)      Search for string </security> (press Strg+H in most ext-editors) and deleted everything after the tag. You now should have everything between <security> and </security>. Save the file (for security ;))

5)      Delete all tags <member> and </member>: Press Strg+H again for search and replace. Search for string <member> and replace it with nothing (delete it!). Do the same for the string </member>.

6)      Save the file as an XML document.

7)      Open Excel and import the XML file by clicking: Data -> Import –> other Sources –> XML-Dataimport and choose the XML file.

8)      As a result you should see your complete ruleset, where every rule is in exactly one row. However, there were slight layout problems caused by blanks in front of the address objects:

Step_2

You can easily fix that by using the replace-function again, and replace the blanks with nothing:

Step_3

As a side-note:  You can use that procedure also for importing the address-objects of your PAN-Firewall. In that case you have to import everything between <address> and </address> tags.

Side-Note 2: For additional XML settings you may want to activate the developers tab in Excel. It offers you additional features when working with XML data.

%d bloggers like this: