Rowell Dionicio

Get Techie With It

About Rowell Dionicio

Wi-Fi expert. Coffee addict ☕️. Tech nerd. Business owner.

Allow Ping and Traceroute to Prisma SD-WAN ION

By Leave a Comment

One way to know whether your configurations have gone right is if you can ping certain IP addresses. When I was migrating a network to a Palo Alto Networks Prisma SD-WAN ION, I wanted to ensure it had network connectivity.

The way I had planned to do that was by pinging the public IP address of the Prisma Ion appliance. I started to sweat when I couldn’t ping the IP. But I knew there was network connectivity when devices on the network were able to access the internet.

By default, the Prisma SD-WAN ION doesn’t respond to ping or traceroute. There’s a Device Management Policy that needs to have ping and traceroute allowed.

When you log into the CloudGenix portal, our URL will be https://portal.hood.cloudgenix.com/#home

Prisma (CloudGenix) SD-WAN Portal

Change home to advanced and hit Enter. You’ll land on a hidden menu.

You can take a look at all the options but right now I’m more interested in allowing Ping and Traceroute.

Click on Device Management Policy

Select your Site and click Done.

Now select your Element. An element is an ION.

Then select the Internet interface on that ION. I selected my Internet and bypass pair.

Then click on GET

You’ll see there is no device management policy for this interface. We’re going to create one.

Empty Interface policy

In the empty Name field, type in ALLOW_PING_TRACEROUTE

In the empty prefix text box, type in the prefix you will allow Ping and Traceroute from. I’m allowing it from any with 0.0.0.0/0.

In the App drop down box, select Ping.

In the Action drop down box, select Allow.

Do the same for Traceroute in the next line.

Click Submit.

You should now be able to Ping and Traceroute the public IP of your CloudGenix ION.

Aruba IAP-514 for APoS

By Leave a Comment

My trusty Aruba IAP-514 has been sitting collecting dust for a while since I’ve let my Aruba Central license expire. But I’ve renewed interest in my Aruba IAP because apparently I can run it in standalone mode.

There’s an upcoming project where I need to use my IAP for an AP-on-a-Stick survey so I thought I should give it a shot and convert my IAP-514 to standalone to get more familiar with ArubaOS.

Course For You

At Clear To Send, we have a course, A Practical Guide to Site Surveys, which we go in-depth on doing an APoS survey along with the tools you need to perform them.

Aruba IAP + Ventev Venvolt

Reset Aruba AP

Since this was previously set up to Aruba Central, I needed to reset it and start fresh. The easiest way to do that is to hold the Reset button for 15 seconds while booting up the IAP.

When doing this step, your IAP will need network access. It won’t properly boot up without DHCP. You can check out this Aruba document for more information.

Wait for the IAP to fully boot up. The system LED will stay green while the radio LED will blink occasionally to show that the radio is up and running.

Join SetMeUp-XX:XX:XX SSID which is used for setting up the IAP. Or browse to the IP address of the AP if you know the IP.

A log in screen will be presented to you.

On firmware version 8.6+ the credentials the username will be “admin”. The password will be the serial number of the AP.

After logging in, select the correct Country Code and click OK.

You will be placed on the dashboard and you’re ready to configure your IAP!

Configure Standalone Mode

On the left navigation, click on Maintenance and about to see which version you’re running. On my IAP-514 I’m running 8.6.0.4.

Go to Maintenance > Convert and from the Convert one or more Access Points to select “Standalone AP”.

For the Access Point to convert dropdown, select the AP you’re logged into. Hopefully, no other APs have joined this virtual controller. If there are, ensure you’re converting the correct AP.

Then click on Convert.

Aruba will ask you to confirm you’re converting the correct AP. Click OK.

The AP will then reboot. When ready, log back in.

Creating a Network

Create a Network under Configuration > Networks.

Click on the + sign.

Give the network a Name, Type, and Primary usage. For Primary usage I am selecting Employee. Click Next.

Under the VLAN section, select Virtual Controller managed for Client IP assignment. For Client VLAN assignment, select Custom.

Next to Select Scope, click on the Add button.

Scroll down under Local DHCP Scopes. Click Add button.

This DHCP scope will be used for when devices associate to the SSID you’re creating on this AP. Fill out the details and use a desired network and scope.

Click OK.

Select scope newly created from the dropdown. Click Next.

Under Security, select your security type. Maybe you just need an open SSID for APoS purposes. Then click Next.

Under the Access section, set the Access Rules to Unrestricted unless you need to do something differently here. But for APoS we need to keep it simple. Now you’re done with the configuration of an SSID. You’ll see your SSID listed under Networks.

Access Point Configuration

Click on Access Points and select your AP. Click on the pencil icon to edit.

Expand Radio and configure the radios such as the channel and transmit power.

Expand External Antenna and configure the proper antenna gain, depending on the antenna you choose to use.

Click Save.

Navigate to Configuration > System and expand General. Change the system name. Click Save.

Go back to Configuration > Access Points > Edit your AP > Expand General and modify the AP name and give it a static IP so you can connect to it during your APoS, if needed.

Reboot AP to take effect.

Wait for AP to boot and start your APoS and join to it for your survey.

Mid-Year Review

By Leave a Comment

Keeping up with the craziness that started at the beginning of this year has me gasping for air. In January, I published my big audacious goals or Objectives and Key Results (OKRs) for 2021. Today, I set aside time to reflect mid-year.

This is when I take a step back and look at my progress and whether I’ve met any of my OKRs. It’s also an excellent time to learn from my set backs to note any changes or pivot. Life happens, and a decision to pivot or eliminate a goal will happen. One of my most significant learning moments for me is to maintain a healthier lifestyle. The adverse effects have significant ramifications. Hear an episode on Clear To Send about tackling mental health and burnout.

Let’s break it down.

Packet6

Increase Sales by 70%

Sales is hard. I’ve read books on how to be better at sales. It’s all mindset. But you need to understand how people buy. Then I have to take action and pick up the phone!

Earlier this year, the goal was to target $900k in revenue. So far, we’re 41% of the way. This year, there was an emphasis on hardware sales. We’re 42% towards our goal of $450k. Being a VAR has its own set of challenges where I have to question the whole process. But that’s another story. The professional service’s target is $350k, and we’re 31% there.

The lesson here is I’m just one person doing sales and professional services. Efficiency is critical, and processes need to be in place. Sales cycles are long, and it gives me time to think of how I can improve.

Compared to 2020 this year-to-date, Packet6 is up 42% in professional services, and hardware is up 674%. The changes and goals we’ve set appear to be working!

Produce Consistent Content

Creating content has proved to be challenging for me. With only 14 blogs published this year, I’ll need to adjust my workflow for higher efficiency. But 14 is not bad!

I’ve accepted the fact I can’t produce videos in the style I desire. Through this process, it’s more critical for me to get something published. It doesn’t have to be perfect.

Initiate a Marketing Plan

I have not started on any marketing plan. But I have been reading books in preparation. Some of the valuable books are Building A Story Brand and Marketing Made Simple.

The process is still in the early stages, but the priority should be increased. I’ve made progress by changing the website to speak more to client challenges and the goals I’m trying to achieve.

Build Proficiency with Python

Have not had the capacity to focus on Python scripting. My son and I have plans to learn Python together and I think that will make a fun project for the both of us.

Personal Website

Build a Technical Presence

There’s a method to my madness for building a technical presence. This hasn’t been a priority due to the projects I have taken on. Part of the plan involves creating authority and developing courses.

It would honestly be amazing to create my own income by helping others in IT.

Publish Content Consistently

This year-to-date, there have been 8 blogs published, with 5 from Q3 alone. The lesson learned here is to create a content calendar.

One of the few things I enjoy is creating content based on my own technical and business experiences. I haven’t published a full video since January 2nd, 2021. There’s a lot of planning and producing involved. I may need to adjust my expectations in video production quality and simply aim for content quality. But the downside of publishing videos and blogs is getting eyes on the content.

Earn Certifications

Earlier in the year, I was able to finally obtain my CompTIA CTT+. The goal of acquiring the CTT+ certification is to develop courses under my own name and for Clear To Send.

With my capacity being at an all-time high, I haven’t spent time developing any courses. A certification I am now adding to the list is the PCNSA. I’ve now decided to drop CCNP and CCNP Wireless for now. Interests change, and the Cisco certifications aren’t interesting to me anymore.

Clear to Send

Build Exposure

Publishing and maintaining a podcast means building an audience. Our goal is to get to the ears of many IT professionals who want to learn more about Wi-Fi.

In doing so, we’ve achieved 69% of our goal to 1,500 email subscribers. This is how we reach out to our listeners on our own platform. We have email signup options on our podcast website, and we’ve made PDF downloads which require people to join our email list.

Every month we range between 7k and 15k downloads. On average, we’re at 6k downloads per month. That’s only 24% to our goal of 25k. We still have a long ways to go to increase the exposure to the podcast.

In building our CTS community, we’ve made 94% of our goal of having 550 members in the Slack workspace. We funnel people into the Slack workspace through Twitter, LinkedIn, and our email list.

Increase Social Media Following

In conjunction with building exposure for the podcast, we’re growing an audience through social media using Twitter and LinkedIn.

Our primary method of communication is through Twitter, where we’re 69% to our goal of 5,000 followers.

On LinkedIn, we are 43% to our goal of 3,000 followers.

We track our follower count to gauge our reach and to drive more listeners to the podcast. We attribute much of the podcast’s success to social media. Without listeners, we may not have Clear To Send.

Create Three Courses

Following the creation of A Practical Guide to Wi-Fi Site Surveys, we wanted to focus on creating courses for CWNA, CWDP, and CWAP.

Our lives got really busy, which took away time to developing the curriculum. CWNA is still up next for us, and we have a portion of the curriculum completed.

We did not want to rush into these courses. We always aim to put out quality work.

Final Thoughts

It looks like I have a lot going on. And I do. There are many of my OKRs I simply cannot complete. My tactic is to jot down everything I want to achieve. Keeping track of progress is done through Todoist but I am now using Notion for extensive planning.

The most important takeaway for me is to focus on one thing at a time and put out my best work. It’s planning, execution, and perseverance.

Setting up a Palo Alto Networks Firewall for the First Time

By 2 Comments

I recently added to my lab network is a Palo Alto Networks PA-820 next-generation firewall (NGFW). Over at Packet6, I’ve been getting into the PAN NGFWs for a while now and we are reselling Palo Alto Networks.

In this post, I’ll be going over a simple configuration to set up the PA-820 for the first time. The goal is to set up a LAN, WAN (using DHCP), and NAT to get internet access.

This process would be very similar for other models as well.

Keep in mind the version running on my firewall is v9.1.4.

Table Of Contents
  1. Register your firewall
  2. Access the NGFW
  3. Configure Device Settings
  4. Create a new super user
  5. Commit your changes
  6. Configuring Interfaces
  7. Configure the WAN interface
  8. Configure DHCP
  9. Default-wire
  10. Commit
  11. Management Profile
  12. NAT
  13. Security ACLs
  14. Closing Thoughts

Register your firewall

You’ll need to create an account on the Palo Alto Networks Customer Support Portal.

To register your firewall, you’ll need the serial number.

Sign into the portal.

Click on Register a Device

Select the radio for Register a device using Serial Number then click Next

Under Device Registration, you’ll need to fill out all the required information. This includes the serial number of the firewall and the location of where this firewall will be deployed. That last part is important for RMA’s. Then at the bottom you’ll need to agree with the Eula.

There’s an option to create a Day 1 configuration but I’m going to skip that for now.

When finished, your NGFW will be registered.

Access the NGFW

Plug into the MGMT interface of the firewall.

Default IP

The MGMT interface is configured to 192.168.1.1.


Set your NIC to 192.168.1.2 with a mask of 255.255.255.0. You will not receive DHCP leases from the MGMT interface.

Next, you’ll open a web browser to https://192.168.1.1. You should be presented with the login screen of the NGFW.

Default username and password

The default username is: admin

The default password is: admin

After logging in, you’ll be prompted to change the password for the admin account, which is a super user. The new password must be 8 characters in length and must contain an upper case, lower case, number or special character.

After changing the password, you may be kicked out to the login screen. Log back in with the new password.

You’ll be presented with a Welcome pop up. You can close it and view it again later. You’re now in the NGFW and ready to configure the rest of it!

Configure Device Settings

Next, we’ll configure some basic device settings. Nothing crazy.

Click on the Device tab. On the left navigation, click on Setup. Then in the middle pane, you should be in the Management tab. There is a General Settings section. Click on the Gear icon.

Let’s add a hostname, login banner, and set the time zone.

Here’s the login banner I used.

Packet6 LEGAL NOTICE

This is a private system which may be accessed and used for authorized business purposes only.

THERE IS NO RIGHT OF PRIVACY FOR ANY PERSON ACCESSING OR USING THIS SYSTEM.

Access or use of this information system constitutes consent to these terms.

Create a new super user

It’s only best practice to set up a new user account so you’re not using the default admin account.

Let’s create a new one. We can harden accounts later. This is just basic admin account creation.

On the left navigation click on Administrators then at the bottom click Add.

In the new pop up, type in the name of the account. We won’t set the Authentication Profile just yet so leave it at none. Create a password and select Dynamic for the Administrator Type. From the dropdown, select Super User.

There are two Administrator types:

  • Dynamic
  • Role Based

The latter would be a more secure way to define administrators. The Dynamic type uses the built-in roles:

  • Superuser
  • Superuser (read only)
  • Virtual System Administrator
  • Virtual System Administrator (read only)
  • Device administrator
  • Device administrator (read only)

Commit your changes

We’re now in a good spot to save our changes to the running configuration by commiting.

By using Commit, we take the Candidate configuration and apply it to the Running configuration.

The Commit button is at the top right.

You’ll be presented with a commit pop up where you can preview your changes and add a commit comment.

Before clicking on Commit, click on Preview Changes to see what is included in this Commit Scope.

It’s good practice to review the changes being applied so you don’t create an issue.

Click on Change Summary to get a different view of the changes. I like this view much better. There’s more detail such as the object that is being changed, the location, and the user account that created the change.

Additionally, we can Validate the changes for any errors.

Why don’t we add a commit comment for good practice and click Commit. It will take a moment ☕️

If the Result is Successful then good job! 👍

Configuring Interfaces

Before we can have full network connectivity, we need to configure our interfaces.

Let’s create our first network. We will need an interface for our WAN and LAN. I’m going to configure the WAN on interface ethernet1/1 and the LAN on interface ethernet1/2.

Click on the Network tab and on the left navigation click on Interfaces.

By default, I have the two interfaces I want to configure set to an interface type of Virtual Wire (I won’t go over the interface types in this post). We will change this.

Configure the WAN interface

Click on ethernet1/1.

Give the interface a comment.

Click on the dropdown for Interface Type and change it to Layer3.

Under the Config tab, set the virtual router to default. I’ll cover virtual routers in another post.

Click on the IPv4 tab.

My WAN is DHCP only so I’m going to change the type to DHCP Client.

Then click on OK.

Click on Zones on the left navigation

By default, there will be two zones: trust and untrust.

Zones are for grouping physical and virtual interfaces.

Click on untrust.

Change the type to Layer 3.

Click on Add to include interface ethernet1/1.

Then click OK.

untrust zone

We are placing ethernet1/1 in the untrust zone because this is where I’m connecting my ISP. We do not trust the Internet, hence, untrust zone.

Go back to the Interfaces config section.

Click on interface ethernet1/2.

Add a comment for the interface.

Set the Interface Type to Layer3.

Change the Virtual Router to default. (We’ll get to the Security Zone soon.)

Click on the IPv4 tab.

We’re going to begin creating our LAN by configuring the gateway for the LAN to reside on interface ethernet1/2.

Leave the type to Static.

Under the IP section, click Add.

You’ll have the option to add the IP for your new network, I will type in 10.1.1.1/24.

Then click OK.

Go back to Zones.

Click on the trust zone.

Change the Type to Layer3.

Add interface ethernet1/2 to the Interfaces list and then click OK.

Configure DHCP

Our LAN needs a DHCP scope. We’re not animals, configuring only static IPs for our LAN, are we?

Under the Network tab, click on DHCP from the left navigation.

In the DHCP Server tab, click on Add and we’ll create a scope for our new network under 10.1.1.0/24. You can change that to whatever network you’ve selected as long as the static IP we created earlier is in the same subnet.

Select the LAN interface ethernet1/2 that we configured in the Interface dropdown.

Under the Lease tab, I like to select “Ping IP when allocating new IP” and setting a Lease Timeout.

Under IP Pools, click Add and create a scope like I have done.

Then click on the Options tab.

We need to set the Gateway, subnet mask, and DNS servers.

Then click OK.

Default-wire

Delete the default-vwire, as we’re not going to use it.

Default-wire is used with virtual-wire. You can read up on it on Palo Alto Networks’ website.

Commit

Let’s commit our changes from the candidate config to the running config.

Then, we test the LAN interface.

I plug in my laptop into ethernet1/2 and see if I get a DHCP lease.

Sweet, I get an IP address within the DHCP scope we configured. I see I have a gateway assigned and DNS servers. Can I ping the gateway, 10.1.1.1?

% ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
^C
- – 10.1.1.1 ping statistics – -
5 packets transmitted, 0 packets received, 100.0% packet loss

If you want to allow ping replies then we’ll need to configure a Management Profile for the interface.

I’m going to plug back into the MGMT interface, where HTTPS and SSH is allowed.

Management Profile

Click on the Network Tab and on the left navigation click on Interface Mgmt under Network Profiles.
Just for simplicity and educational purposes, I’m going to create an interface management profile to allow HTTPS, SSH, and Ping on ethernet1/2.

Click on Add.

Create a name for this Interface Management Profile.

Enable HTTPS and SSH under the Administrative Management Services section.

Enable Ping under the Network Services section.

You can be more restrictive by allowing access to these services from specific IP addresses.

Click OK.

Click on the Interfaces sub menu item.

Click on ethernet1/2 (or your interface configured for the LAN).

Click on the Advanced tab.

Under the Other Info tab, click on the drop down for Management Profile and select the newly created Interface Management Profile.

Click OK.

You’ll be presented with a warning. Understand how this Interface Management Profile affects your network.
Continue by clicking on Yes.

Now, commit your changes.

Let’s test the LAN by plugging your laptop into ethernet1/2. Don’t forget to re-enable DHCP on your laptop interface and ping the gateway.

% ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.989 ms
64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.915 ms
64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=1.180 ms
^C
- – 10.1.1.1 ping statistics – -
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.915/1.028/1.180/0.112 ms

What about HTTPS? From the screenshot below you can see that it works. It even has our login banner. That will really scare away the bad guys 😉 And I can successfully log in with my newly created super user account.

You can even see the DHCP lease in the System Logs.

NAT

Plug in your WAN connection.

If I refresh my system logs we can see that my ISP’s modem provided a DHCP lease. It’s simple to setup the Palo Alto Networks NGFW WAN interface as a DHCP client.

Can we ping the internet? Nope!

% ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
^C
- – 1.1.1.1 ping statistics – -
4 packets transmitted, 0 packets received, 100.0% packet loss

We need to configure NAT!

Click on the Policies tab and then NAT on the left navigation.

Click Add to create a new NAT policy.

In the new NAT Policy Rule window, create a Name, description, and Audit comment.

Then click on Original Packet tab.

For the source zone, add the trust zone. This is where ethernet1/2’s zone.

Under Destination Zone, select untrust from the drop down menu. That is the configured zone for our WAN interface, ethernet1/1.

For Destination Interface, you can leave it as any but I will select ethernet1/1 here.

Click on the Translated Packet tab.

Configure the Translation Type to Dynamic IP and Port.

Address Type to Interface Address.

Interface to our WAN interface.

IP address to None (because we’re using DHCP).

Click OK.

Commit changes.

Here’s what the NAT policy looks like.

Now test ping and web browsing.

% ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=55 time=30.468 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=28.170 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=55 time=27.824 ms
^C
- – 1.1.1.1 ping statistics – -
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 27.824/28.821/30.468/1.173 ms

DNS is good too.

% ping google.com
PING google.com (142.250.217.142): 56 data bytes
64 bytes from 142.250.217.142: icmp_seq=0 ttl=114 time=27.169 ms
64 bytes from 142.250.217.142: icmp_seq=1 ttl=114 time=26.697 ms
64 bytes from 142.250.217.142: icmp_seq=2 ttl=114 time=28.073 ms

Security ACLs

It’s important to note that there is a default ACL included, rule1. It allows traffic from the trust zone to the untrust zone.

You can see the Hit Count for the traffic.

You need to specify what’s allowed through the firewall, and rule1 is allowing any traffic originating from the trust zone out to the internet (untrust zone). With rule1 disabled, our traffic will not get to the Internet.

Our NAT policy has increasing hit count as well.

Closing Thoughts

This is the basic configuration of a Palo Alto Networks firewall where we configured our super user account, basic system configuration, interfaces, and NAT.

Our configuration will work for basic lab and internet use. There are advanced configurations to secure this firewall and the network which I will address in the future.

To see more tutorials like this, sign up for my email list. I’ll be going through more configurations of my PA-820 lab unit.

My Q2 2021 Income Report

By Leave a Comment

Here is the second installment of my quarterly income report. I use the income report to summarize what has been happening in the business, where revenue came from, analyze my expenses, and reflect upon what actions have positively or negatively impacted the net income.

Table Of Contents
  1. Highlights of Q2
  2. Lessons Learned
  3. Income/Expense Analysis
  4. What’s Next

Highlights of Q2

There’s no shortage of work. Packet6 is a small business operated by my wife and me.

Happy Birthday

Q2 marked the year Packet6 turned four years old! It’s remarkable how many clients we’ve been able to help in that period. And this quarter, we thought about the processes we can improve to make the business run like a well-oiled machine.

A Yearly Retreat

One decision we made was to include a yearly retreat. For our second annual retreat, that meant spending two days without the kids, thinking about the business’s past, present, and future. We change our surroundings to keep our minds fresh.

It involves thinking about what worked well for us, what didn’t work, and what needs to change.

Security Is Everyone’s Responsibility

Adding to our list of expertise, Packet6 became a Palo Alto Networks (PAN) reseller. When working with our clients, we’ve found that they come back to us asking if we can work on other parts of the network. That includes switching, routing, and firewalls.

I consider PAN to be a strong vendor in the security landscape, so I decided to become a partner and resell their solutions. It’s primarily the NGFW products, and it could branch out from there. Baby steps.

Lessons Learned

Travel

Wearing a mask has never bothered me, and I also received my vaccination in March 2021. It made me confident to travel for clients that relied on Wi-Fi.

Using my stockpile of vacation from my full-time job, I flew to Kansas City, St. Louis, New Jersey, and Seattle. While I like traveling, trying to condense some of those trips as short as possible can be draining.

Warehouse

Sales

In Q1, I spent time reading as much as possible about creating a sales process and sequence to generate a sales cycle. It’s not easy holding multiple roles, but it challenges your mindset.

Discipline is at the heart of sales. I wouldn’t say I like doing it, but there isn’t any revenue if there aren’t any sales. I’m not as consistent as I’d like to be. It just means I need to change my system to be more efficient. Set goals around how many calls/emails/connections to make each week.

I did not make one conversion from my sales process this quarter.

Income/Expense Analysis


Current QuarterPrevious QuarterChange% Change
Revenue$209,419$32,853$176,566537%
Expenses$67,156$43,719$23,43754%
Net Income$145,991-$10,845$156,8361,446%





Professional Services$59,236$26,805$32,431121%
Affiliates$55$25$30118%
Hardware$156,889$17,412$139,477801%

In previous Income Reports, I’ve talked about decreasing costs to increase the net income. It’s easy to say, but as you can see, expenses rack up! People like to focus on the revenue number. But after you subtract the expenses, then you’re left with the take-home money.

I wanted to highlight some areas of revenue. Professional Services wasn’t isolated to a specific metro region. There was an increase in professional services, primarily Wi-Fi design, configuration, troubleshooting, and validation. That’s where I begin to reach my capacity and need to look for additional resources.

The reason why I highlight Affiliates is due to its form of passive income. On this blog, you’ll see links to resources I use. Some of those resources are affiliate links, mainly from Amazon. I receive a percentage of a purchase made through one of my affiliate links. It’s not much, but I also do not focus on Affiliates.

A significant shift in Q2 came from reselling network equipment. It was a mixture of Meraki, Juniper/Mist, and Palo Alto Networks. As a network engineer, I have the insight into creating an accurate bill of materials. I’ve seen other resellers try to sell over the moon with hardware, upselling more than required products, even for growth. So you won’t see a sleazy sales guy from me.

The challenge is being consistent with those hardware sales, and the struggle is real. We don’t have a dedicated sales rep to increase these numbers. That’s me.. for now.

Where we can improve is in the expense category. There’s room to decrease expenses. We’re probably paying for too many web app subscriptions. One of our goals is to analyze what we’re paying for and whether it contributes positively to the business. If not, it goes—Marie Kondo style.

What’s Next

It’s time to implement systems and processes. I’m only one person. We’d love to bring on an additional engineer to help with Wi-Fi projects. We want to be sure it also fits within our budget. More backend business work needs to be implemented to support this plan.

Professional Training is another area we’d like to grow, but it’s percolating as an idea for now. More planning needs to happen.

Then there’s buttoning up the business. The training we need to take for specific processes, like bookkeeping, which we will eventually outsource.

Exciting things are happening!

Cheers 🍻