Rowell Dionicio

Get Techie With It

About Rowell Dionicio

Wi-Fi expert. Coffee addict ☕️. Tech nerd. Business owner.

Q4 2021 and Yearly Income Report

By Leave a Comment

Just like that we’re in 2022. We just kissed 2021 good bye. This year brings on a clean slate with fresh challenges. I’m coming into this year with great optimism but it’s going to require some careful planning.

Highlights of Q4

Completed an SD-WAN Project

I spent a good chunk of evenings learning how Palo Alto Networks does SD-WAN with their acquisition of CloudGenix. I first came to know about CloudGenix from Networking Field Day as a delegate where I listened about their products.

Here I am, now as an end-user and reseller, deploying Ions at multiple locations for a retail customer of Packet6.

Rested

At the end of December, I finally got to put my feet up and rest. What a year.

Lessons Learned

Just in time learning

After reflecting on SD-WAN, I thought about how much reading and learning was required. Having access to documentation and vendor support was critical in helping me understand how certain parts of SD-WAN technology worked.

Exercise

With my days and nights being occupied with multiple cutovers, I spent the rest of my time sleeping. Without exercise I don’t think I was at my best and I know I definitely gained additional weight at the end of the year. Next step is to put health as a top priority in 2022.

Income/Expense Analysis

This quarter was exceptional compared to Q3 2020. We were still in the pandemic last year and saw huge decreases all around. Things have positively looked good in 2021 and I remain hopeful.

Businesses are in full swing trying to fix issues as people came back to the workplace. Others were getting ready for the return to office. The trend I have seen is less carpeted office Wi-Fi work was needed. The environments I’ve been in are primarily warehouses or higher education.

Expenses keep creeping up. It’s been a goal of mine this year to decrease expenses and I’ve rolled it over to 2022 as well. They’ll eat into your profits.

Q42020 PY% Change PY
Revenue$163,232.89$45,742.54256.85%
Expenses$114,420.23$37,297.13206.78%
Net Income($33,062.19)($749.49)(4,310.50)%

Revenue analysis

Revenue more than doubled compared to the previous year Q4. It’s a good metric to see increase year over year.

There was a big jump pro services, increasing 117.75% compared to Q4FY20. We couldn’t have done it without help. I’ll be tempted to do project work alone especially when you can earn most of that income without paying it to someone else. But working alone is not the answer. More projects begin to pile up and that’s when we start looking for assistance from other professionals.

Hardware reselling activities increased 462.83%. Another big quarter in reselling right before the vendors increase their prices. None of the reselling activity came from cold calling sales activities. This was mainly increased due to new projects from existing clients.

Q42020 PY% Change PY
Pro Services$51,127.50$ 23,480.0241.68%
Hardware$53,713.51$9,543.55734.51%

Expense analysis

This is the category that brings us to a negative profit number. I’ve mentioned it in previous quarters but I’ll say it again – watch your expenses.

What really drove up our expenses this quarter was pre-paying federal taxes. I’d rather not have a large tax bill in April so I ended up pre-paying taxes for previous quarters. I’ll note that I’m supposed to pre-pay quarterly, if not, I’ll see some penalties for skipping it. This was our largest expense item. Not sure if I should even classify taxes as an expense but it was money that left our accounts – a question for my CPA.

Where things went well was the decrease in Office Supplies & Software by 60.90%. But we saw Web services – subscriptions increase by 238.83%. Not a good sign. But that was due to a subscription payment of ZoomInfo for sales, the largest expense in that category. I better make up for this next quarter! Other increases in expenses moving forward will be a vehicle lease. A decision that was made in December.

Q32020 PY% Change PY
Vehicle$6,116.11$516.551,084.03%
Web services – subscriptions$5,214.13$1,538.86238.83%
Office Supplies & Software$2,000.94$5,117.62(60.90%)
General & Admin Expenses$17,261.98$10,528.9063.95%

I didn’t meet my goal of decreasing expenses in Q4FY21. At the end of the year there are decisions to spend money which would lead to a lower taxable income, a strategy we’re looking to improve for 2022.

FY21 Review

20212020% Change
Revenue$623,160.35$224,880.26177.11%
Expenses$272,681.16$141,317.7292.96%
Net Income$147,499.11$40,113.54267.70%
20212020% Change
Pro Services$192,868.07$132,531.1046.28%
Hardware$247,889.74$33,687.08635.86%

Given that 2020 was a rough year with the pandemic, we did very well in 2021. We were able to meet some of our key objectives of increasing sales by 70%. Reselling of hardware really paid off.

Last year I was able to obtain my CompTIA CTT+. In December 2021 is when I started the planning on how I could better utilize what I’ve learned from CTT+. The goal here is to see the product by the end of Q2FY22.

Obtained my CompTIA CTT+

We closed deals with 5 new clients last year. A few who were new and came through out website and others that were from previous relationships at other companies. It’s always good to nurture the relationships you have since people will change roles or companies often.

Most of the revenue comes from existing clients. Repeat business with companies that trust us. When you treat people like people, have good intentions, and over deliver on promises you will be rewarded.

Where we failed was operating within budget. The expenses nearly doubled. But luckily, it didn’t hurt us.

What’s Next

Our biggest objective is to keep an eye on unnecessary expenses. Even operating as a small business, we’re placing an additional process for expenditures. Budget forecasting is new for us but we have 4 years worth of data to develop a budget. We’re also implementing an approval process which means I can’t go rogue with purchases.

We’re improving upon the processes we’ve implemented in 2021 and continue to add new ones in 2022. Subcontracting will likely be more involved with that process to free up precious time. But we have to be strategic with who we work with.

In 2022 we’ve laid out some objectives to reach:

  • Increase website visits by 15%
  • Increase reselling revenue by 10%
  • Increase pro services revenue by $5-10k each quarter
  • Publish training material
  • Lower expenses by 7%
  • Obtain two new clients via cold sales activities

I hope you found this information useful if you’re thinking about starting your own business.

I’m proud of the progress we’re making no matter how small.

I PASSED JNCIA-MistAI

By Leave a Comment

Juniper Networks Certified Associate, Mist AI (JNCIA-MistAI)
JNCIA-MistAI

A goal I set for myself in 2021 was to take the JNCIA-MistAI certification. Unfortunately, I didn’t have any time so I set it aside for January 2022.

I’m familiar with Mist as an administrator and as a reseller/partner. I have clients who use Mist and I have a few Mist access points and a Juniper switch in my lab.

The JNCIA-MistAI certification is for network administrators managing a Wired or Wi-Fi network with Mist infrastructure. Or it could be aimed towards IT professionals who want to get more familiar with Mist.

For my studies, I leveraged the training videos available in Juniper Open Learning with Peter Mackenzie. I did not watch every single video but I had to brush up on MistAI specific topics and licensing.

What is on the JNCIA-MistAI exam?

You can see the exam objectives from Juniper’s website. The main topics include:

  • General WLAN Concepts
  • Wi-Fi Standards
  • WLAN Lifecycle
  • Mist AI Components
  • Mist AI Configuration
  • WLAN Monitoring

If you have a background with Wi-Fi and have taken the CWNA exam then you’ll have the General WLAN Concepts, Wi-Fi Standards and WLAN Lifecycle covered.

Utilize the available training from Mist to get up to speed with the last three bullets. If you have a Mist AP to lab with then you’ll be better off.

It’s important to understand how Mist does things because licensing will be covered.

Be sure to be very familiar with the dashboard to identify different components of Service Level Expectations.

Run through setting up Wi-Fi within the dashboard to easily identify Wi-Fi policies and how they work.

What type of questions are on the exam

Expect to see three types of questions:

  • Multiple choice
  • Single choice
  • Scenario-based

Where can I take the exam

Testing formats can be at a testing center or at home. I did the exam at home while wearing my pajamas. It was comfortable and I used a reliable computer.

You’ll want to test the OnVue application prior to taking your exam. Be sure the application can use your microphone and camera.

If taking the exam at home, you’ll want to clear your desk. You’ll be asked to show your desk with your camera. Additionally, you’ll use your phone to take a photo of your ID, your face, and your desk area.

Make sure no one can interrupt you.

The number of questions on the exam could change and I do not know what the passing score is.

At the end of the exam you’ll be notified if you’ve pass or failed.

Study Resources

Admins and Role-Based Access Control – PCNSA

By Leave a Comment

This is published as part of a series on obtaining the PCNSA certification.

Firewall administrators are defined via Panorama (central management) or locally on the firewall. But not everyone should have cart-blanche access.

Role-based access control can limit the type of changes a firewall administrator can perform.

Authentication Methods

The most common method is to define an administrator using local authentication.

To add a firewall administrative account, navigate to Device > Administrators and click on Add.

Firewall Administrators

Specify a name for the account and password.

There are a few optional items such as the Authentication Profile and the Administrator Type, either Dynamic or Role Based.

Defining an administrator

An Authentication Profile is used with other authentication services.

The Administrator Type specifies a role. Dynamic includes built-in roles which include:

Dynamic RolePrivileges
SuperuserFull access to the firewall
Superuser (read-only)Read-only access
Device AdministratorFull access to the firewall except creating new accounts and virtual systems
Device Administrator (read-only)Read-only access to all firewall settings except password profiles and administrator accounts.

Role Based will include custom roles that you configure. This allows you to create more granular control over certain settings. This would be configured under Device > Admin Roles

Admin Roles

For example, I can create an Admin Role called analyst which will have access to the Monitor Logs only.

Firewall Management Interfaces – PCNSA

By Leave a Comment

I just finished up the PCNSA Study Guide and now I’m going back to review and lab as much as possible.

Gaining access to a Palo Alto Networks firewall is an obvious task in order to manage the firewall. There are different ways to manage the firewall and I’ll review some of them below.

Management Methods

There are four ways to manage a Palo Alto Networks firewall:

  • Web interface
  • CLI
  • Panorama
  • XML API

You’re most likely to use the out-of-band management port on the firewall which is on the control plane.

There’s also a serial/console port available. I normally connect something like an OpenGear console server.

Management tasks such as license retrieval and updates of threat and application signatures are are done through the management port.

Let’s talk a little bit more about the management methods

  • To use the web interface, you’re browsing to management IP address over HTTP or HTTPS. Preferably, the latter
  • Using CLI, you’re opening a terminal application on your computer and using SSH to gain access over the management port. Or you could be using the terminal application to gain access over the console port. Once authenticated, you’ll configure the firewall using commands
  • Panorama is a centralized method to managing multiple firewalls
  • XML API uses the REST-based interface for firewall configuration and more. Just take a look at the API browser by navigating to the URL of your firewall slash api.
  • With the API, you can automate several tasks such as creating, updating, and modifying configurations, execute operational commands, and more.

Interface Management Profiles

It is possible to use a data interface to manage the firewall. It’s a good backup to the management interface in case it is down or not accessible.

A data interface can have different services binded to them such as

  • HTTPS
  • SSH
  • Ping
  • Telnet
  • HTTP
  • SNMP

It’s the interface management profile that protects your firewall from unauthorized access. You can control what service can be used on an interface and permit specific IP addresses for that service.

By default, the firewall will deny management access for all IP addresses, protocols and services so you must define what is accessible through the Interface Management Profile.

You can assign a Interface Management Profile to Layer 3 Ethernet interfaces, subinterfaces, and logical interfaces.

For example, my firewall has an IP address on it’s public facing interface. Currently, there’s no Interface Management Profile configured. That means I cannot ping that IP at the moment but I want to allow ping.

I will create a new Interface Mgmt profile and name it Untrust Mgmt Profile. I will only allow Ping under Network Services and I will permit any IP address to ping the firewall.

Interface Management Profile configuration

Next, click OK and go to the public facing interface which is ethernet1/1 on my PA-820.

Interfaces

Click on the Advanced tab.

On the dropdown for Management Profile, select Untrust Mgmt Profile.

Adding the Interface Management Profile

Click OK and commit.

Now I can ping the firewall’s IP on ethernet1/1.

Upgrading Firewall PAN-OS Version

By Leave a Comment

Upgrading the software of a Palo Alto Networks firewall (PAN-OS) can be daunting if it’s running in production. If you’ve been in IT long enough, you’ve come across some nightmare upgrades.

The PAN-OS software upgrade is fairly straight forward. There’s plenty of documentation around it.

Because I’m studying for the PCNSA certification, I need to upgrade my firewall to 10.0. In this blog post, I’m going to run through the general steps to upgrade.

My PA-820 lab firewall is currently running on 9.1.4. Reading through the Palo Alto Networks documentation, I need to upgrade to the latest preferred train, which at the time of this post is 9.1.12.

☝️Release Notes

When upgrading to a new feature release, read the release notes. Understand the fixes, new features, and open caveats.

Backup the Configuration

Always cover your butt. Just in case things go sideways, you wan’t to have a backup of your configuration.

Navigate to Device > Setup > Operations

Click on Save named configuration snapshot

Click the dropdown box and select running-config.xml

Click on Export named configuration snapshot and click OK

You’ll be prompted to save the configuration file to your computer.

Install Content Updates

When I first started learning how to upgrade PAN-OS, I found out you needed to have the latest content release versions. This is the Application and Threat Updates.

Head over to Device > Dynamic Updates

Click on Check Now

Download the latest content release under Applications and Threats (as it relates to upgrading to 10.0)

Upgrade PAN-OS

It is recommended to upgrade PAN-OS to the latest preferred version of your current software train. In my example, the latest preferred version is 9.1.2. Here is a useful resource on preferred versions.

Navigate to Device > Software and click on Check Now. You’ll then be presented with a list of software versions.

Download the latest PAN-OS preferred version on your software train.

Then click on Install

After the installation is complete, you’ll be prompted to Reboot the firewall. You should perform this step after business hours to minimize downtime to the end users.

Wait about 10-15 minutes and the firewall should come back up with the latest version you just installed.

You can then proceed to the next feature release version. In my case, I’m going to download 10.0.0 and install the software. This process repeats to your desired version.