Publish Service Through Paloalto FW

Yes, I know, it’s there everywhere on the net, but I still need to put it in shortest format as a reference for myself and “maybe” others.

The scenario is a Paloalto NGFW with two interfaces, one connected to public and one connected to DMZ or internal.

Under the “Security” policies, source zone is always the external one, and source addresses are either wildcard/country/specific; on destination, however, the zone will be DMZ but the address will be the external IP address on which you’re expecting to receive the traffic. Services running on the firewall itself are exceptions as the destination zone would be external as well.

Under the “NAT” policies it is simple. Both source and destination zones would be the external one. As for the address, it will be same as in security policy, with proper destination translation.


Paloalto BAD MAC Address

Having fun with BYOL model on cloud service provider while trying to run your own copy of Paloalto VM NGFW? And get all interfaces (except the management showing down state?

Login to the console and have a look at the “show interface all” command’s output, if you see the MAC address of one or more of the NICs as BA:DB:AD:BA:DB:AD most likely you’re having an issue with DPDK and you need to turn it off by running the command “set system setting dpdk-pkt-io off“.


Allow Multiple OpenVPN Connections

In order to establish connections on the same client to multiple servers, there should be multiple adapters.
As this is not an issue for Linux users, it’s not possible by default for Windows users.
For Windows machines, you’ll need to run the following command in elevated CMD:

C:\Program Files\OpenVPN\bin>tapctl.exe create

If you run it once, you’ll have two adapters = two concurrent VPN connections, if you run it twice, you’ll have three adapters = connections, and so on and so forth.


Keycloak Returns null username Error

When your application is using keycloak to authenticate to Microsoft Active Directory LDAP service, You may receive the error “keycloak.models.ModelException: User returned from LDAP has null username!” in the logs and the login fails.

You may want to look at this article ( for configuration and initial troubleshooting.

There are so many reasons for that, and you probably searched a lot and tried many of it already before you reach this page.
So, here is one more thing for you to try:
Set proper naming values for the account you’re testing with.

Yes, I know, it is silly indeed; but it’s true. The account must have First and Last names, as well as display name properly configured.

HTH some1 😉