Press "Enter" to skip to content

Creat AWS Diagrams Online

john 0

I was looking for some online tools to create impressive AWS diagram for my learning process. Most of online diagram websites provide certain free usages. Here are some websites I found useful to me.   1. AWS 3D Diagram from It is quite impressive when I started to make my first diagram. Limit grid size is a big pain when you try to draw a detail diagram for your AWS VPC, but it is good enough to draw a…

Cisco Router IKEv2 IPSec VPN Configuration

john 0

What is Differences between IKEv1 and IKE v2? 1. Different negotiation processes − IKEv1 IKEv1 SA negotiation consists of two phases. IKEv1 phase 1 negotiation aims to establish the IKE SA. This process supports the main mode and aggressive mode. Main mode uses six ISAKMP messages to establish the IKE SA, but aggressive mode uses only three. Therefore, aggressive mode is faster in IKE SA establishment. However, aggressive mode does not provide the Peer Identity Protection. IKEv1 phase 2 negotiation…

Juniper Space Security Director Policy Hit Counts Not Updated Automatically

john 0

Issue Symptons: Normally, each firewall rule on the SRX auto-updates a snmp counter for hit-count, regardless of whether ‘count’ is configured or not.  Juniper Space Security Director periodically polls these OIDs and updates the hit-count.    In Junper Space 16.1 R1, the issue found is unable to view policy hit counts from Juniper Space Security Director, but SRX itself is keep updating.  Actions Taken: Verify Security Appliance Policy Hits from Command line root@fw-mgmt-2> show security policies hit-count node1: -------------------------------------------------------------------------- Logical…

Troubleshooting Cisco IPSec Site to Site VPN – “QM Rejected”

john 0

There was a VPN issue to troubleshoot recently. It was between Juniper SRX and Cisco Router. It seems straightforward but it took quite a long time to troubleshoot because of communication. All steps listed here for my future reference. Some other related posts: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting Cisco IPSec Site to Site VPN – “IPSec policy invalidated proposal with error 32” Troubleshooting Cisco IPSec Site to Site…

Blogger Tips and Tricks

john 0

Here are some collections for bloggers from my pas blogger experience: 1. Adjust Right Sidebar margin width Sometimes, the space between main body posts section and right side bar is too wide. You may want to change it from 40px to 10 px. Here is the code I found from here: #sidebar-right-1{position: relative;left: 40px !important;} Add the code to Blogger Them Designer – Advanced – Add CSS section as show below.

Cisco Wireless Controller 5508 Configuration – Tips and Tricks

john 0

All basic configuration has been created from following related posts. This post will focus on some other configuration or troubleshooting happened in real environment. Relate Posts: Cisco Wireless Controller 5508 Configuration Step by Step – Part 1 (CLI and GUI) – Cisco Wireless Controller 5508 Configuration Step by Step – Part 2 (User/Machine Auth) – Cisco Wireless Controller 5508 Configuration Step by Step – Part 3 (Certs Auth and Other Settings) Cisco Wireless Controller 5508 Configuration – Tips and Tricks 1. Create…

Access Amazon AWS EC2 Instances

john 0

Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow. Millions of users are currently leveraging AWS cloud products and solutions to build sophisticated applications with increased flexibility, scalability and reliability.   Amazon AWS Platform

NSS Labs NGFW Security Value Map Report (2017, 2016, 2014, 2013, 2012, 2011)

john 0

  It is good to compare with Gartner Magic Quadrant for Enterprise Network Firewall (2017, 2016, 2015, 2014, 2013, 2011, 2010) or Gartner Magic Quadrant for UTM (2017, 2016, 2015, 2014, 2013, 2012, 2010,…) End users are finding that NGFWs are no longer as limiting in their performance or capability trade-offs as they once were. NSS Labs discovered that many enterprises are choosing NGFW over traditional firewalls for a variety of reasons without feeling that they are compromising on features or performance. Some…

Gartner Magic Quadrant for Cloud Infrastructure as a Service (Worldwide) (2017, 2016, 2015, 2014, 2013, 2012…)

john 1

In the context of this Magic Quadrant, cloud compute IaaS (hereafter referred to simply as “cloud IaaS” or “IaaS”) is defined as a standardized, highly automated offering, where compute resources, complemented by storage and networking capabilities, are owned by a service provider and offered to the customer on demand. The resources are scalable and elastic in near real time, and metered by use. Self-service interfaces are exposed directly to the customer, including a web-based UI and an API. The resources…