Palo Alto Show Commands

Show interface management –> show management interface details
Show system info –> Display system’s management IP , serial number and code version
Show system-disk space –> show percentage use of disk partition
Show system software-status –>Show running processes
Show system resources –> Show processes running in management plan
Show session info –> Display session usage, rate etc.. information
Request restart system –> Restart the device
Request shutdown system –> Shutdown the device
Show running resource-monitor –> Show resource utilization in the data plane
Request license info –>Show the licenses installed on the device
Show jobs processed –> Show when commits are completed
Show session id < session id> –> Display information about a specific session
Show running security policy –> show the running security policy
Request system private-data-reset –> Default factory reset command
Show admins –> Show admins who are currently logged
Show admins all –> show admins who can access web interface or CLI
Ping host < destination ip> –> ping from management interface
Ping source < ip address on data plane> host < destination ip> –> ping from a data plane interface to a destination IP
Show running nat policy –> shows current NAT policy table
Show running ippool –> Shows NAT pool utilization
Show running global-ippool –> shows NAT pool utilization
Show routing root –> Shows routing table
Show running security-policy –> shows current policy set
Show vpn flow –> show encap/decap counters
Show vpn gateway –>shows list of IKE gateway configurations
Show vpn ike-sa –>Show IKE phase1 SA
Show vpn ipse-sa –>Show IPSE phase2 SA
Show vpn tunnel –>List of auto-key IPSEC tunnel configurations
Show high-availability state –> Shows HA state of the device
Show high-availability all –>shows settings configured on device and peer
Show high-availability state-synchronization –> Shows if the devices are synchronized
Request high-availability state-suspend –> Suspends active device and makes passive device active
Request high-availability state functional –>Changes the state from suspend to passive
Request license info –> Show the license installed on the device
find command –> it shows all available commands
find command keyword how –> to see only show commands

Installing Jenkins on Ubuntu:

Jenkins is an open-source automation tool which offers an easy way to set up a continuous integration and continuous delivery (CI/CD) pipeline.

OS: Ubuntu 18.04 Bionic Beaver LTS

CI/CD Tool: Jenkins

Java: OpenJDK8

First Step:

  1. Install Java–> since Jenkins is built on Java application, install Java JDK.

sudo apt update

sudo apt install openjdk-8-jdk

cloud_user@0d52cf7c051c:~$ sudo apt update
[sudo] password for cloud_user:
Hit:1 http://us-west-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://us-west-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://us-west-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
Reading package lists… Done
Building dependency tree
Reading state information… Done
1 package can be upgraded. Run ‘apt list –upgradable’ to see it.
cloud_user@0d52cf7c051c:~$

cloud_user@0d52cf7c051c:~$ sudo apt install openjdk-8-jdk
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
ca-certificates-java fonts-dejavu-extra java-common libatk-wrapper-java libatk-wrapper-java-jni libgif7 libice-dev libpcsclite1 libpthread-stubs0-dev libsm-dev
libx11-dev libx11-doc libxau-dev libxcb1-dev libxdmcp-dev libxt-dev openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless x11proto-core-dev x11proto-dev
xorg-sgml-doctools xtrans-dev
Suggested packages:
default-jre libice-doc pcscd libsm-doc libxcb-doc libxt-doc openjdk-8-demo openjdk-8-source visualvm icedtea-8-plugin libnss-mdns fonts-ipafont-gothic
fonts-ipafont-mincho fonts-wqy-microhei fonts-wqy-zenhei fonts-indic
The following NEW packages will be installed:
ca-certificates-java fonts-dejavu-extra java-common libatk-wrapper-java libatk-wrapper-java-jni libgif7 libice-dev libpcsclite1 libpthread-stubs0-dev libsm-dev
libx11-dev libx11-doc libxau-dev libxcb1-dev libxdmcp-dev libxt-dev openjdk-8-jdk openjdk-8-jdk-headless openjdk-8-jre openjdk-8-jre-headless x11proto-core-dev
x11proto-dev xorg-sgml-doctools xtrans-dev
0 upgraded, 24 newly installed, 0 to remove and 1 not upgraded.
Need to get 43.9 MB of archives.
After this operation, 170 MB of additional disk space will be used.
Do you want to continue? [Y/n] click Yes

Once Java is installed add repository as a second step

2nd Step: Add the Jenkins repository:

This step is required to trust the package

wget -q -O – https://pkg.jenkins.io/debian/jenkins.io.key | sudo apt-key add –

Then add Jenkins repository to the system

sudo sh -c ‘echo deb http://pkg.jenkins.io/debian-stable binary/ > /etc/apt/sources.list.d/jenkins.list’

3rd Step: Install Jenkins:

Once repository is enabled install Jenkins as mentioned below.

$ Sudo apt update

$ sudo apt install jenkins

cloud_user@0d52cf7c051c:~$ sudo apt update
Hit:1 http://us-west-1.ec2.archive.ubuntu.com/ubuntu bionic InRelease
Hit:2 http://us-west-1.ec2.archive.ubuntu.com/ubuntu bionic-updates InRelease
Hit:3 http://us-west-1.ec2.archive.ubuntu.com/ubuntu bionic-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu bionic-security InRelease
Reading package lists… Done
Building dependency tree
Reading state information… Done

cloud_user@0d52cf7c051c:~$ sudo apt install jenkins
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
daemon
The following NEW packages will be installed:
daemon jenkins
0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded.
Need to get 71.9 MB of archives.
After this operation, 72.6 MB of additional disk space will be used.
Do you want to continue? [Y/n] Click yes

After installing the Jenkins verify Jenkins service status.

systemctl status jenkins

cloud_user@0d52cf7c051c:~$ systemctl status jenkins
● jenkins.service – LSB: Start Jenkins at boot time
Loaded: loaded (/etc/init.d/jenkins; generated)
Active: active (exited) since Sat 2021-12-25 08:28:44 UTC; 1min 1s ago
Docs: man:systemd-sysv-generator(8)
Tasks: 0 (limit: 1114)
CGroup: /system.slice/jenkins.service

Allow port 8080 on Ubunutu inbuilt firewall

cloud_user@0d52cf7c051c:~$ sudo ufw allow 8080
Rules updated
Rules updated (v6)

Now browse server IP as with port 8080 and you will see below page

Get the password from Ubuntu server as mentioned below

cloud_user@0d52cf7c051c:~$ sudo cat /var/lib/jenkins/secrets/initialAdminPassword
41d068c541524bc194d7546e47b28458

Once you get the password in Administrator password window and click continue.

On next wizard you will see whether you want to install suggested plugins or custom plugins. Select suggested plugins and click the button.

It will start installing plugins as mentioned below.

Once plugins are installed, next wizard will ask to provide admin name and its credentials.

Provide all the required details and you are ready to use Jenkins.

CFT- Anatomy -Yaml

AWS Template Version:

The AWS cloud formation template version that the template confronts to.

Description:

Use the description to explain the purpose of template.

Metadata:

Objects that provides additional information about the templates.

Parameters:

Values to pass to template at runtime and refer to parameters from the resources and output section

Mappings:

A mapping of keys and associated values that you can use to specify conditions.

Conditions:

Conditions that control whether certain resources are created, modified or deleted.

Resources:

Specify the stack resources and their properies.

Outputs:

Describe the values that are returned whenever you view your stack’s properties.

Azure Devops Licensing Types

  1. User Licensing

A. Basic:

Access to all service offerings, except test plans.

Fist five users are free in Basic licensing type

B. Basic + Test

Same as basic plan but includes test planning too.

C. Stake holder

Stake holder will have access to Azure boards

They will not be having source control access

The will be having access to release and pipeline access

No access to test offerings

They will have Read only dashboard access

2. Private projects

1 Concurrent CI/CD hosted jobs with 1800 minutes per month

1 Concurrent CI/CD self hosted jobs with unlimited mintues

2GB storage for artificats

3. Public Projects

10 concurrent CI/CD hosted jobs with unlimited minutes included

Free access to boards, repositories and pipelines for anonymous users.

Azure Basic Commands:

1) Get-AzSubscription — To get existing azure subscription details.

PS /home/cloud> Get-AzSubscription

Name Id TenantId State


—- — ——– —–
P1-Real Hands-On Labs 4cedc5dd-e3ad-468d-bf66-32e31bdb9148 3617ef9b-98b4-40d9-ba43-e1ed6709cf0d Enabled

2) get-azvm –> To get existing virtual machine details

PS /home/cloud> get-azvm

ResourceGroupName Name Location VmSize OsType NIC ProvisioningState Zone
—————– —- ——– —— —— — —————– —-
1-345FB4F8-PLAYGROUND-SANDBOX newtestvm westus Standard_D2s_v3 Linux newtestvm498 Succeeded

3) stop-azvm -Name <vmname> –> Used to stop Azure VM

PS /home/cloud> stop-azvm -Name newtestvm

cmdlet Stop-AzVM at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
ResourceGroupName: 1-345FB4F8-PLAYGROUND-SANDBOX

Virtual machine stopping operation
This cmdlet will stop the specified virtual machine. Do you want to continue?
[Y] Yes [N] No [S] Suspend [?] Help (default is “Y”): Y

perationId : 26e1afe4-1937-49cd-93be-a2e40330b6a7
Status : Succeeded
StartTime : 6/5/2021 3:23:44 PM
EndTime : 6/5/2021 3:24:33 PM
Error :

4) start-azvm -Name <vmname> –> Used to start Azure VM

S /home/cloud> start-azvm -Name newtestvm

cmdlet Start-AzVM at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
ResourceGroupName: 1-345FB4F8-PLAYGROUND-SANDBOX

OperationId : 4d4c5058-9b3f-446f-888a-50380b21587b
Status : Succeeded
StartTime : 6/5/2021 3:27:12 PM
EndTime : 6/5/2021 3:27:31 PM

5) get-azureresources –> To list all azure resources

PS /home/cloud> get-azresource

Name : labraghav123
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Storage/storageAccounts
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Storage/storageAccounts/labraghav123
Tags :
Name Value
================= =================
ms-resource-usage azure-cloud-shell

Name : newtestvm_key
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Compute/sshPublicKeys
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Compute/sshPublicKeys/newtestvm_key
Tags :

Name : newtestvm-ip
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Network/publicIPAddresses
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/publicIPAddresses/newtestvm-ip
Tags :

Name : newtestvm-nsg
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Network/networkSecurityGroups
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/networkSecurityGroups/newtestvm-nsg
Tags :

Name : 1-345fb4f8-playground-sandbox-vnet
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Network/virtualNetworks
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/virtualNetworks/1-345fb4f8-playground-sandbox-vnet
Tags :

Name : newtestvm498
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Network/networkInterfaces
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/networkInterfaces/newtestvm498
Tags :

Name : newtestvm
ResourceGroupName : 1-345fb4f8-playground-sandbox
ResourceType : Microsoft.Compute/virtualMachines
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Compute/virtualMachines/newtestvm
Tags :

Name : newtestvm_disk1_7570567ed8dd4538aed49857dc7e7001
ResourceGroupName : 1-345FB4F8-PLAYGROUND-SANDBOX
ResourceType : Microsoft.Compute/disks
Location : westus
ResourceId : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345FB4F8-PLAYGROUND-SANDBOX/providers/Microsoft.Compute/disks/newtestvm_disk1_7570567ed8dd4538aed49857dc7e7001
Tags :

6) Get-Azvirtualnetwork –> Used to list Azure virtual network details.

PS /home/cloud> Get-Azvirtualnetwork

Name : 1-345fb4f8-playground-sandbox-vnet
ResourceGroupName : 1-345fb4f8-playground-sandbox
Location : westus
Id : /subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/virtualNetworks/1-345fb4f8-playground-sandbox-vnet
Etag : W/”f8b2ac50-4662-4370-bc05-50488008b680″
ResourceGuid : 02b62663-5a7b-4d87-9262-2b8cca70b042
ProvisioningState : Succeeded
Tags :
AddressSpace : {
“AddressPrefixes”: [
“10.0.0.0/16”
]
}
DhcpOptions : null
Subnets : [
{
“Delegations”: [],
“Name”: “default”,
“Etag”: “W/\”f8b2ac50-4662-4370-bc05-50488008b680\””,
“Id”:
“/subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/virtualNetworks/1-345fb4f8-playground-sandbox-vnet/subnets/default”,
“AddressPrefix”: [
“10.0.0.0/24”
],
“IpConfigurations”: [
{
“Id”:
“/subscriptions/4cedc5dd-e3ad-468d-bf66-32e31bdb9148/resourceGroups/1-345fb4f8-playground-sandbox/providers/Microsoft.Network/networkInterfaces/newtestvm498/ipConfigurations/ipconfig1”
}
],
“ServiceAssociationLinks”: [],
“ResourceNavigationLinks”: [],
“ServiceEndpoints”: [],
“ServiceEndpointPolicies”: [],
“PrivateEndpoints”: [],
“ProvisioningState”: “Succeeded”,
“PrivateEndpointNetworkPolicies”: “Enabled”,
“PrivateLinkServiceNetworkPolicies”: “Enabled”,
“IpAllocations”: []
}
]
VirtualNetworkPeerings : []
EnableDdosProtection : false
DdosProtectionPlan : null

CIDR Sheet

CIDR NotationTotal Number of AddressesNetwork MaskDescription
/04,29,49,67,2960.0.0.0All Addresses
/12,14,74,83,684128.0.0.0128 /8 networks
/21,07,37,41,824192.0.0.064 /8 networks
/353,68,70,912224.0.0.032 /8 neworks
/426,84,35,456240.0.0.016 /8 networks
/513,42,17,728248.0.0.08 /8 networks
/66,71,08,864252.0.0.04 /8 networks
/73,35,54,432254.0.0.02 /8 networks
/81,67,77,214255.0.0.01 /8 network
/983,88,608255.128.0.0128 /16 networks
/1041,94,304255.192.0.064 /16 networks
/1120,97,152255.224.0.032 /16 networks
/1210,48,576255.240.0.016 /16 networks
/135,24,288255.248.0.08 /16 networks
/142,62,144255.252.0.04 /16 networks
/151,31,072255.254.0.02 /16 networks
/1665536255.255.0.01 /16 network
/1732768255.255.128.0128 /24 networks
/1816384255.255.192.064 /24 networks
/198192255.255.224.032 /24 networks
/204096255.255.240.016 /24 networks
/212048255.255.248.08 /24 networks
/221024255.255.252.04 /24 networks
/23512255.255.254.02/24 networks
/24256255.255.255.01 /24/network
/25128255.255.255.128half of a /24
/2664255.255.255.192fourth of a /24
/2732255.255.255.224eighth of a /24
/2816255.255.255.2401/16th of a /24
/298255.255.255.2486 usable addresses
/304255.255.255.2522 usable addresses
/312255.255.255.254used in P2P links
/321255.255.255.255Single Host

Azure Resource Mover

Definition:

The Azure resource mover is used to move resources from one region to another region.

Advantages:

  • A single hub for moving resources across regions.
  • Reduced move time and complexity.
  • A simple and consistent experience moving different types of Azure resources.
  • An easy way to identify dependencies across resources you want to move. This helps you to move related resources together, so that everything works as expected in the target region, after the move.
  • Automatic cleanup of resources in the source region, if you want to delete them after the move.

Resources which we can move:

  • Azure VMs and associated disks
  • Encrypted Azure VMs and associated disks. This includes VMs with Azure disk encryption enabled, and Azure VMs using default server-side encryption (both with platform-managed keys and customer-managed keys)
  • NICs
  • Availability sets
  • Azure virtual networks
  • Public IP addresses
  • Network security groups (NSGs)
  • Internal and public load balancers
  • Azure SQL databases and elastic pools.