Closing the gaps in User-ID (Episode 1) Learning Happy Hour

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this is learning happy hour with your host Mitch densely and Jason Yates it's time to learn laugh and chat cybersecurity BYOB bring your own brain Cheers welcome everybody now we call Sammy happy hour because we are here to share Mitch and I and we're here to learn learn from each other learn from you and hopefully you guys will get something on it as well so we're out of the classroom out of the stuffy conference room so we're here this is learning happy hour right so any good happy hour has snacks and good food right yes so so I did today different different so I have some tortilla chips but this isn't the special thing I made some homemade salsa with green chilies from Mexico so I mean what else goes with a light beer and then you know chips and salsa and roasted green chilies they were doing this outside the back of them a truck in the grocery store that I like to frequent and the capacitor and I thought hey it'd be great learning happy hour you need just hot wings and a sports game yeah yeah so we want to say cheers cups up to user ID today we're going to be talking about user ID and we've got some great things in store for you guys today so as always this is really tied to some of the content you may have seen in the 210 course right so many of you have tended in fact let's see a show of hands how many of you guys have seen 210 or attended 210 and how many of you done that we just raised your hand could see few of you attended 210 so hopefully several of you are familiar with user ID so one of the things that we want to talk about today is mitch has brewed up something special once again something I've always wanted to do haven't quite done it yet so he walked through the steps this is really cool you're gonna want to stay tuned for that and then the other thing we're going to do today is we've got a guest speaker with us yeah he's a colleague of ours a fellow trainer but in his previous life he's implemented user ID well we're gonna find out what that is coming up so we've got this great guest he's gonna come in and talk to us about that so but first things first right niche we want folks to bring their brain and it's good time awesome so the Kahoot is a way for us to kind of check your you're learning see what you remember from the 210 class and hopefully you remember taking the cahoots in the 210 class and so what we're gonna do here is put up a game pin Jason's loading that for us now so all we're on the session open up the webpage Kahoot IT and then once the game pin flashes there we go [Music] [Music] you may want to turn the vice they go true/false user ID improves visibility into application now is that music coming through pretty strong no it's it's a little too strong okay what I'm going to do is I'm going to stop sharing for just a half a second and kill the sound okay and then nothing's oh yeah it's just loud now we'll figure that out there all right can you guys seen the quiz again all right yeah yeah here we go next question most everybody's got the right answer house was right what are the two main functions of user ID do we have to pick all of them or just one well this one has more than one answer right because this has two main functions so you only have to pick one can't pick more than one there you mapping groups to users and mapping IPS to users right so a lot of people think when they think of user ID and this might be something that you thought and often times when I'm teaching the class I mentioned this question even before we talk about it and inevitably people mention authentication user ID is related to authentication but it's not authentication we'll talk more about that in a bit okay here we go what is the true statement about user ID there's so many good state so many good statements people are still thinking yep three seconds hurry oh all right there's a delay between the Kahoot on your screen and when I get to answer oh really nice yeah and well maybe that's because I'm sharing the screen and then you've got the yep yes all right cool well done everybody and then final question oh no we got two more course sex a lot true or false you can use a script to send user IP mappings to the firewall can you do that I don't know foreshadowing maybe foreshadowing and which version panelists introduced the using panorama for user ID redistribution hmm seven seven one eight eight points one I don't see six up there did six support user ID you know I did have that it's a possible answer so before before yeah so six did support user ID but it did not support user ID redistribution right and use your ID redistribution is an important feature and you can see was introduced in point eight and of course is still supporting a point one and we're gonna talk more about that right mention this is part of what I'm just gonna show us to talk to us about all right now shadowing for shopping so star Lord Lord of the podium here Lord of cahoots I wonder whose star Lord is we'll never know all right all right so the next thing we want to do is let me just talk a little bit about what we were looking at there in regards to user ID so I just want to review just a couple of those key concepts and be sure we're all on the same page what we like to call sometimes a level set and then and I love the chats these are great chats and and then what we're going to do is is mitch is going to kind of launch this and elaborate a little bit here so so as we mentioned today were spotlighting of course user ID so let's talk a little bit about what that means so the two main functions right we added one of these questions about what the purpose of user ID is and as I said earlier it's not about authentication per se but it's really about identifying the user behind those IP addresses so those IP s right so packet comes in and into the firewall and so the firewall wants to wants to do what it wants to apply rules to that traffic and so to do that we can do that with user information if user ID is able to map that IP to a username so one of the key functions is mapping IP to usernames but we can also build policy rules around groups so that's another benefit of user ID so the second function is group mapping so these are the two functions and of course the the end result the outcome is that we can create rules around users and groups and we can also look at reporting right so we can look at the traffic on our firewall from a user point of view that's what that first Kahoot question was about is about looking at app usage from a user standpoint now how does user ID work you might remember this from 210 course or from ignite or maybe you've implemented user ID in fact let me ask you guys a question out there how many you guys have implemented user ID in your organization go chat in and let Mitch and I know how many of you have actually done that you can raise your hand of course when we say raise your hand some somebody out there right now is raising their hand Mitch with their camera off nice I once did that in class actually so and I was teaching an office class and I had a blue bar up and and I mentioned that if they reach up to the screen they could actually feel the edge of the tool bar and I turned around about half the class was touching the screen I was not expecting that that was pretty funny all right that's okay we get a few of you guys who've actually implemented this in a few a few of you who have not so we're going to talk a little bit more about this and how to actually implement it and of course this is also a big topic on the PC and se exam if you're pursuing that so here are the components it's a we've got agents write and get the user ID service running in the firewall and then the firewall has what's called your ID API which pulls those mappings in and then you can deploy an agent onto a Windows Server which is again one of the questions mentioned that you've got two basic agents out yeah we have this other agent called Terminal Service agent and has some unique aspects to it but but primarily we have these two agents that we can deploy to scrape security information so that when a user authenticates they leave an artifact on the network basically saying hey I logged into the network and then if we can feed that information into the firewall we can discover what the users are behind the IP addresses that they're authenticating from and so we're able to kind of pull that information in so when the user sends traffic to the firewall we have that information now this is an important slide you may have seen this before and this has to do with the way we can pull that information and so the agents are pulling that information in whether it's a Windows agent whether it's the agent built into the firewall we're pulling that information in the question is what methods are going to be ideal for you and there is a difference between some of these methods so before we dive into this Mitch I'm just kind of curious looking at this slide for those of you who have filled who have implemented user ID which of these have you actually implemented so for those of you who said yes are you doing syslog polling or pulling in syslog information after authentication are you using global protect are you using Active Directory which one of those methods are you using so again global protect patrick is mentioning that people are typing Jason if I may so I love this slide I call this the rainbow of resolution because it's all of the different methods that that are supported and it also illustrates the ones we recommend the ones on the left are the fastest most reliable and then it kind of drops off as you go further down to the right and and global protect was the first one I ever implemented and it's awesome because it's SuperDuper accurate but it doesn't work for everything there are some systems that maybe you want to know the system that generated the traffic but that doesn't active we have a user logged into it I got a story about this a little bit later Oh some of these folks have you done a TSH and IC yeah that's bright that's great that's great now one of the other components of this remember in the Kahoot question we had a question about redistribution which pan OS introduced that so Impala's 8 we're also able to actually create basically a user ID infrastructure it allows us to read your redistribute and I'm having a hard time with that word apparently learned I B's with the other firewall so that timestamps are accurate and basically we're able to keep our networking sync have another light beer yes you know if I may on this Jason just for a second so when user ID was first introduced we talked a lot about the best way of grabbing user mappings and often we'd say go to Active Directory the difficulty there is if you've got let's say 700 firewalls in your infrastructure all of them then have to pull the singular agent talking to Active Directory and it creates you know timing problems and then you've just got all this excess traffic going at the central point the potential failure right that people didn't love and so in padua 7.1 we introduced this feature called user ID redistribution from firewall to firewall and as you said earlier we added a support for panorama as well and now you can build almost like a mesh of mappings and polling and all this other stuff so that if you lose one component all of your user ID infrastructure doesn't just crap out on you you've got some redundancy and reliability baked in so I'm really excited about if you couldn't tell [Music] so magic okay Mitch once you show us a little bit away your Dharma alright alright fair enough and I was not trying to steal the show from you there because that was no no that's great that's perfect all right let me just figure out that exit full-screen so that I can share all right can you guys see my screen yes looks good awesome all right now I don't have to chat up so I'll let you there okay I looked displeased okay so what I want to talk to you guys about first is something that some of the folks online have have expressed an interest in learning about how to use the XML API to feed mappings into the firewall now what I got here is just a little recording earlier that I took which shows you how to install so what I did is I installed this this program here this Python application called pan - Python so just going to show you downloaded from github and then create an API role or you don't have to be called API that's what I called it but just a rule that only has access to the XML API because heaven forbid somehow that credential should get harvested or whatever you don't want someone to be able to log into your firewall management interface and do nasty stuff so create a special role create a special user account and then go through and install pan python on any Linux system so here I'm a gooey person so you can see I'm not doing this all with a CLI but once you've got the folder extracted come in to the CLI so you got my two windows here one is on the fire while the other one is on the local Linux system and so I'm going to install pan Python just by issuing this setup py space install right and then this just puts the directories in place and makes it so that you can actually interact with it so then you call this pan X API Python script and you can see I got the version so that's a good way to know that it's actually running then you can do a quick connect to your firewall and the - T is for the hostname of the firewall if you don't know it or if it's just complicated just do a single quote single quote and it will just go from there so that you can see this is the human aspect fat-fingered tilde slash pan RC but what this did I'm gonna pause this really quick someone explain what just happened so when you issue this command right so panics a PID y dash T and then the - host for the firewalls management interface - L so that's the login so that's my username I supplied and then the - K I forget - K I think that's gonna create my API key yes that's what it is and this is gonna redirect the output to a file that now my user has access to and I'm gonna kind of tighten up that file a little bit so that other users can use it but that's where my API key will be stored and the nice thing about that is Penn Python can now rely upon that API key being locally stored so that I can use it in other commands without having to specify it so here you can see just a quick test you can do is pen X API and then you know you're specifying you want to supply some CLI command and then in single quotes I said show me the clock from my firewall which you can see came back as yesterday at 5:49 so then we keep going and now what I want to do now that I've got the communication to the firewall setup I want to create a file and this is going to be a user name to IP address mapping file and you can see I just pasted one from earlier getting rid of the extra line breaks but you can see here that I just go back for just two seconds there so what I've got these are systems that don't have users usually logged into them so you can see this first one is the firewall interface then my chalet that's this Linux system it could be a server it could be a printer so I was working with a company and they had all their secret information showing up on Wikileaks and they couldn't figure out why so they did like this interrogation with all the employees they all passed they they remit all the laptops no problems and the sorry the problem kept happening and they did everything they could think of to figure out why this data kept showing up on Wikileaks turns out they had a printer that they'd sent for RMA that came back to repair with wonderful malware installed in the little controller card now who's logged into a printer at any given time usually not many people unless you're like us where you have to badge into the printer in order to print anything but that's just a user for a short period of time why should a printer have internet access or do you have printers generating network traffic that you're not aware of the great thing about this approach is I can now have every IP address for every single printer mapped back to a username of printer yeah the great thing about that is now I can run reports that say show me all the network traffic of all my printers or I can create policy rules that say do not allow printer access to the Internet but doom allow printer access to the print server or the patching server or whatever so you have a lot of fun with this and the great thing about the API is it's the only way to create a mapping that never expires ok so here you can see I'm going to call that user ID register XML command or that file all right it says it's succeeded so now let's go check it so we'll just issue show user IP mapping off and all my mappings came back so let's do that really quickly what I've got here is firewall a right and firewall a I'm gonna go ahead to my Linux system here alright and it's a little bigger so you guys can see it so this is that same Linux system I was on two seconds ago and what I've got is I'm gonna issue my panics API dot py command and I'm gonna just pass so see it came back a success so on firewall a let's just see my mappings awesome and you can see that they're they're counting down there's a little bit of word rep going on but so there's my mappings right so that's all and that was so easy and I can recall that script as often as I want I can write new mappings into that file however I want but what we want to do next is talk about how to do redistribution so as soon as I find my mouse cursor there we go let me just show you guys this one thing alright so in the scenario we've got two firewalls and panorama at the top now what we're going to talk about is how to turn on a listener on each of the firewalls and panoramas so that a user ID agent can reach out to that listener and ask basically what are your mappings or that the firewall can forward mappings as they happen to redistribute them up through panoramas so in order for panoramas a firewall to send mappings to panoramas you've got to turn this listener on on an interface and I'm going to use the management interface today and then you go configure a user ID agent on the firewall to send these mappings up to sorry you configure it redistribution to send these mappings up but then you add the firewall as a user ID agent to panorama so then I would do this for my two firewalls such that both firewalls are feeding their mappings up and that's great but what firewall a or the guy on the Left sends up to panorama firewall B on the right would not know about unless I do the opposite as well so what I'm gonna do is can configure listeners on both firewalls configure agents in panorama to forward what the panorama has learned about down to the respective firewalls so let's look at that really quick so the first thing I'm going to do on firewall a that's this guy here I'm gonna go to interfaces management all right and all I have to do is check this box to enable user ID and this is just a listener component then I'm gonna come down here to user identification and I'm gonna open up this user ID agent settings just by hitting the gear go to redistribution and this is where I define a collector name like a username and a password that then Panorama will use to talk to this firewall and to keep things simple I'm just gonna use a very very strong username and password as you just saw me do there next I'm gonna come over to use their ID agents and I'm gonna add panorama as an agent so that the firewall can grab mappings from panorama if you look in panorama I've already done that for both firewall a and B and on fire will be I've done everything I'm showing you on fire while a it's not good so far this is great awesome okay so let's add this one last agent for panorama now the great thing if your firewall is added to panorama you don't have to specify a hostname and port or any of this other business you can just choose panorama from the dress so what end conversation are you configuring right here are you configuring the guy with the box or the door great question so what I did up on the setup so device setup interfaces management I configured the door that's the listener component let me just recap that so I I did that part the door on the firewall next when I configure the guy right to talk to panorama this is the second part this is what I'm doing right now so I'm just saying hey panorama is a user ID agent that can forward mappings back down to the firewall so I'll just click OK and commit once this commits done we'll see our light go green and then while that's going let me go I'll show you let's look at panorama see what mappings panorama has oh I lost my connection dang it commits but we're gonna finish to stern take a drink oh that's one thing we didn't do is we didn't what am i doing where is my camp operate an enchanted minion yeah let me just there we go so let's do show user IP - she's our mapping I'm gonna do all and you gotta have space there we go all right so no Mattox right and if we go look at firewall a we have no mappings because the ones I sent in earlier had timed out and let's just confirm this with firewall B all right so while he logs in so what I'm gonna do now is I'm gonna go back to my Linux script and I'm gonna feed those mappings back to firewall a right so that's done let's confirm firewall a has mappings panorama has mappings and let's see fire will be awesome firewall B has mappings one interesting thing you'll notice that the timeouts for firewall a and firewall B are very very close but panorama gives really really long time outs and also you can see that the the source user ID agent that's what the UI a is versus on the firewall the source was the XML API and then firewall B also shows user ID agent so you can see I fed the mapping into firewall a that's where the source was XML API then it was mapped to panorama that's where the source was user ID agent and it was Matt from panorama down to fire will be and the source again was user ID agent so that's it it's it's fairly straightforward and let's see I don't have any questions in the chat but you know what if you guys have questions let's see maybe there was one no I feel free to ask them in the chat otherwise we can have a little QA kind of after the session ends yeah so this is also be yoq bring your own questions oh by all means we're gonna have an opportunity for folks and we'll look at the chat again I do I did notice we do have a question earlier on mark I do see your question so we'll come back to that kinda miss it and just say sorry about that so let me share my screen here once again Oh mark to your question I was using nano to create the user ID agent your user ID register file but you can use any editor you want alright so for those of you who want to learn a little bit more about this and the invitation that Mitch sent out you sent out a little video here's a couple of other resources that you could use there are some resources online in the live community module 11 is where we spend some time looking at how to configure the basics of user ID Mitch of course took us to the next level with that great script example and focusing on redistribution and then we also have some additional videos on politics YouTube channel so you can find these pretty easily here's an example user ID resource lists lots of information here how to set up the agent or install the agent if you haven't taken the t-ten course right encourage you guys to look at that because we go through all of the features on the firewall user ID being just one part of it and then we have some additional videos here right here user ID redistribution which walks through the very things that Mitch was just talking to us about all right now we want to move on to our next section we've got a special guest here for us this person is famous at least around here with us I use fairness this is Bob Williamson you can see him here on the right with another famous actor as well Bob Williamson he spent three years at Palo Alto Networks before that he was a network administrator at a K through 12 boarding school before that he worked as a VMware and pilot the network's consultant to many companies within the the Northwest he's deployed Palo Alto Networks at a boarding school with a heavy user ID adoption so with that we'd like to introduce to you Bob Williams enemies turn his camera on here how's that awesome hey thanks for joining us Bob well thanks for having me can I call you Jason okay so you come legit so what what can i connect information can I give you so so I have a question for you what was it like when you deployed user ID at this this boarding school just tell us a little bit about the scenario and and and what it was like well that's what makes this scenario so interesting right because we've got K through 12 and as part of the dorm students because they're only 16 to 18 years old we had to have dorm parents over there as well so we had adults living in this place we had ninth through 12th graders living there staying all night and then the day school was the younger kids right so it's part of me mu different use 8 groups and and some of their wants needs like I said no education usually it's pretty lacks with certain firewall security policies so what was that like yeah we'll see it's Rick it's tricky because the students ninth in grade and above actually owned their own computers so it was like a bring your own computer thing it's along with that they brought their phones from wherever they lived in the world and expected those beyond they want their ps4 on they wanted their PC on and then we had the adults he wanted 24-hour access of course and then of course we had the people who work there a lot of Windows computers so we're talking Windows Mac iPad kiosk machines for for students to do certain things to check in and out of the dorms and so how and then of course they always wanted reports and what these kids are doing started where did user ID play in to hold the whole scenario well initially it was they wanted to be able to see who was doing what on what computer because there's also a lot of shared computers along with their other devices but as it progressed this is a it's a score they have special testing international testing and whatnot so it got to the point where dad asked me to block a group of users from accessing Google for one hour on next Thursday because they had an exam they had to use a computer online but they didn't want them using Google that's jeaious for example right so to set up one rule that would expire within one hour and then they'd be off or running and then along with that they you know how to go through and search for logs for users it did do things that they weren't supposed to at a particular time so so it's you know if you throw all the different pieces in it so we're looking at probably twelve hundred devices total and different users right - yeah you know the k1 and to those young kids could even type they had iPads right right so we had to bypass user ID for those particular devices and then it real quick the one thing that that people don't recognize there's a couple things about user ID people don't recognize but you can run it on multiple subnets okay right multiple zones and they all match in that same database so these students could be working on their school computer but also have their phone on an SSID that's on a different VLAN right so you spin up an SSID for private devices it goes into a sub interface on the firewall it parses it out and does a user ID as well and that way you could by referencing a single rule multiple zones you can have it effect that students filtering for all the devices that potentially is nice so used for both enforcement as well as reporting and logging oh absolutely yeah and that's I think people forget about that they always go use ready cool man I can get a report on what this kids been doing yeah but there's a heck of a lot more man you know you can actually reference it in QoS do you think about that yeah so what was the user experience like when you implemented all of that to be that the students even know well like that that is yeah let me go back so so yeah so they knew because with the private devices or other non ad devices they would have to use captive portal okay so they periodically got that kind of hotel page where they had to sign in until until you get worthy now we hooked the captive portal or I hooked the captive portal ins Kerberos and it would immediately authentic instigate against ad so that would add the ID IP user mapping sorry I have to take a sip of this beer this [Laughter] it's at a Georgetown is buds IMTA but is if I yeah but anyway where we at so so what the school admins like about having I mean not just the ability to run reports but like what was their experience like administering user ID once you handed this off to the networking team no I was being I was the networking team oh you were the he were it okay yeah me and another guy but they just step back even further so the dorm parents live there 24 hours a day wanted access all 24 hours whereas the older students unless they're seniors were certainly they had to be cut off at midnight so the enforcement piece was really huge and actually became primary secondary was reporting you know what's my life searches some logs so how to implement this in the easiest fashion at the time so this was version four five a lot to never skier we used ad because as we all know right people log on the computer it's a domain controller leaves a Kerberos authentication event sucks those out immediately and changes the user ID it's perfect right yeah as long as the OS X units the Mac the Apple boxes are ad bound so as part of getting them on our school network we had to ad bind their computers now you don't have to do that today though right with with all the different mapping resolution methods you could you could use obviously captive portal globe will protect maybe that would be easier these are private devices right it's kind of this gray area yeah I mean getting a private device to join the schools domain I bet that was a bit of an uphill battle as well it was just a requirement you know at the beginning of the year we would we would attach all of them all of the hundred students we'd go through one day and just bind them all and then when they leave after four years we'd unbind him and it to him interesting and they didn't like there was always that concern if you know we put something like GP on whether or not we could you know watch I honest you know when they're off site because there's a certain amount now you could do GP in an on in non tunnel mode but that's yeah right they named an Asian that was best the API approach that we just looked at could could also work pretty well right if you tied that into like a record-keeping system that the school already uses such like once a student leaves maybe that mapping goes away tied in with DHCP or IPAM or something like that yeah I mean there's certainly other ways you could could have been done at the time this was their best option it gave us the captive portal gave us an option to allow students to have friends come to their home because it was their home and then they would just hand him the password SSID and then allow them to log on as themselves right so that would be one way of them cheating is letting their friends get on but then we could always reference to log on anyway because I'd have to give them their password that make sense well that works great because a single username can have multiple IP addresses associated with it so I imagine that worked out pretty well yeah yeah it worked out really well now we had a question coming in to the sorry Jason do you no no go ahead take that I take the question and yeah so there's a question that came in from one of the students on the session today she asks did you use the golden triangle to bind the Mac stuff to Active Directory that should be named to the I got another word I would use instead of Golden Triangle but don't use it online no way from that fairly quickly and is super easy to bind Mac's to to DC's there is there are a couple tricks though you know how end-users don't shut down their computers right yeah no matter what you tell them they just closed their lid it's primarily Mac users let's be honest right and you know so as as Mitch mentioned earlier there's a timeout value right so what happens if somebody OH shuts their lid goes to Christmas break unknown user right unknown user and if you've got all your rule set up correctly that unknown user is gonna get at the very least hopefully look at a captive portal but you know if you have that setup yeah so then you think well okay we also have exchange server everybody's run we run an exchange server run an Outlook right you could monitor exchange yeah well here's a hot tip for you exchange on OS X as well as Mac mail and these other options use what's called EWS exchange web services yes go ahead you know I was gonna say so you don't authenticate to the server itself it's through some kind of web call or whatever yeah you authenticate through iis battled that hard trying to figure out how to parse out out of IAS so you know you mentioned it's more solid from the left to the right on that one once that's resolution yeah and actually I would suggest that you're that's almost certainly true but I think you have taken to account the different situations that that you have to deal with in the real world right everybody says install GP that's easy through your policy but not if you got 80% max right yeah you know so yeah that's a good good thing to go by but you also the real world so so so I got a question for you but this will be our last one just in the interest of time as a parting thing what would you suggest to a customer or an implementer who's a little bit trepidatious about deploying user ID maybe either they think it's too difficult or they're afraid of the amount of information that that could potentially come back on individuals what would your advice be to someone in that kind of scenario whether right on the edge but not sure if they want to take the leap well as far as the implementation you don't have to have user IDs and your rules so I mean you could just implement it run it through and then you can start seeing it's gonna the resolution and the logs that you start seeing users just won't just don't choose to block them so you can do it fairly easily right is it in yeah yeah and then in slowly build your rules above your existing rule set number one number two I think it's huge I think it's one of the most important things out there honestly and I think it's underutilized people like say people think of it mentally as some way to get a history of somebody but actually it's a true enforcement piece you know a kiosk that's out there somebody logs on unless you've got user ID you have no idea who logged on to it and all sitting there browsing the internet then that's huge a lot of times we look at user ID from the standpoint of knowing what people are doing but when you think of it as a point of from a security perspective and then you start thinking about okay what about user activity towards the center of your network and in the data center and monitoring unauthorized users right seeing you see Joe's traffic going between you know two tiers of an application that normally that traffic you know you shouldn't see Joe's traffic there right that should only be sanctioned service accounts or something there's a lot of security application to use your ID yeah it's a very significant technology oh it's huge and I any type that the other the only other thing I'd mentioned would be tying it to QoS I think is a tremendous value as well and I know people argue the QoS is not that important but if if somebody if if for example you have a user who has to have the best YouTube resolution because they're showing it on a big screen you know add that to QoS rule give them the ball the resolution or that user for that group that's great excellent excellent results with that Bob we have something we want to do and we want to know if you'd stick around for this we have this little segment we like to do right before we leave the day in the life of the trainer and your trainer and yeah yeah I'm a trainer so what we're gonna do is in the next 60 seconds talk a little bit about just a tip some sort of travel tip something you've learned recently something on those lines here so I'll put our timer on right here so I'm answering these air so on an airplane if your TSA PreCheck just a tip the liquor bottles the little minis they go through TSA just so yeah I learned that from you that's a good one track your points track your points s took my family to San Diego for free for a three-day visit to the zoo free hotel free flights oh you just went to the zoo yeah daddy's not that far right get young I'm used to flying so you know Google Maps I like Google Maps for reviews of places to eat especially this one just it I think one of the coolest tips that Mitch you shared was how the hack the thermostat in a hotel oh yes so if you're like me and you like a cold night sleep Google how to turn the thermostat lower than the limit that they give you by default fantastic I'd suggest keeping it keeping in touch with the people you've taught I've got some incredible friends over throughout the world now [Applause] [Music] [Applause] [Music]

Info

Channel: Palo Alto Networks LIVEcommunity

Views: 3,469

Rating: undefined out of 5

Keywords: palo alto networks, user-id, users, xml-api, api, ngfw, next-gen firewall, next-generation firewall, lhh, learning happy hour, panw

Id: 6FrQPZeXxDU

Channel Id: undefined

Length: 43min 4sec (2584 seconds)

Published: Mon Mar 11 2019