Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks – 2. Configuration

Continue with previous post “Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks – 1. Installation” Steps: After the installation of the Sophos Enterprise Console you had logged off. Now you logged in and the Console starts automatically. This Windows will appear:
Read more
Installation and Configuration of Sophos Enterprise Console 5.1 in your Networks – 1. Installation

This post is a detail documentation how to install Sophos Enterprise Console 5.1 in your networks. Pre-Requirements: copy the Sophos Enterprise Console to the Server (ProdInstall\Sophos\Sophos Console\sec_5.1.exe) check if you are able to connect to the infrastructure server like this: http://IP Server:8085 A webpage like this should be shown to you:
Read more
OWASP Top 10 (2010, 2013, 2017)

The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to providing unbiased, practical information about application security. The OWASP Top 10 Web Application Security Risks was created in 2010, 2013 and 2017 to provide guidance to developers and security professionals on the most critical vulnerabilities that are commonly found in web applications, which are also easy to…
Read more
Configure Cisco Enterprise Access Point 1142N As Home AP

Early of 2018, I got a chance to buy a Cisco Wireless Access Point with only $30, which is a great deal for AIR-LAP1142N-x-K9 – Dual-band Controller-based 802.11a/g/n. It is not 802.11ac ready AP, but as a replacement for my home wireless router, it is already enough. Since this device is enterprise product, the configuration is not that straightforward, even…
Read more
Configure a RMA-ed SRX340 with a JunOS Upgrade and Joining it into a Existing Cluster

My previous post (Juniper SRX DB mode (Debug mode)) described a situation which is one of firewall cluster members got stuck into DB mode. Although it was fixed eventually by re-installed image, it was still failed again after a couple of months. RMA ticket created with vendor Juniper and a new device was issued by Juniper. This post recorded all…
Read more
Gartner Magic Quadrant for Endpoint Protection Platforms (2018,2017,2016,2015)

Research firm Gartner defines the Endpoint Protection Platform (EPP) market as one with offerings that “provide a collection of security capabilities to protect PCs, smartphones and tablets,” which it said could include anti-malware, personal firewall, port and device control, and more. The endpoint protection platform provides a collection of security capabilities to protect PCs, smartphones and tablets. Buyers of endpoint…
Read more
Xen Server Switch Port is on Error Disable Mode

Our network environment is completely supported by Cisco switches from 2960, 4500, 3850 ,etc. Virtual environment is using Citrix Xen and Vmware products. Starting from a couple of months ago ,after Xen environment upgraded to 7.2, we are facing switch port err-disable issue.
Read more
Sophos Update Error – Troubleshooting with Palo Alto Firewall

Our Sophos Management Server is installed behind a Palo Alto firewall, which is used to centrally update and manage all internal Sophos clients. After new installation of this Sophos Management Server, we found update from Internet always failed. The Palo Alto firewall rule was configured to use FQDN addresses as destination. Based on Sophos support site, “The Sophos Update Manager…
Read more

Posts published in “VPN”

Install Mac OSX AnyConnect Package on Cisco Router

Published October 24, 2017 by john

Install Mac OSX AnyConnect Package on Cisco Router

Symptoms: One of my clients reported a Cisco AnyConnect issue. It only happened to his machine and later we found that is because he is using Mac machine. His credential works fine if he uses it at windows machine. From following screenshot, obviously there is Mac AnyConnect package missing from vpn gateway. Error Messages: “VPNThe AnyConnect package on the secure…

Cisco Router IKEv2 IPSec VPN Configuration

Published September 19, 2017 by john

Cisco Router IKEv2 IPSec VPN Configuration

What is Differences between IKEv1 and IKE v2? 1. Different negotiation processes − IKEv1 IKEv1 SA negotiation consists of two phases. IKEv1 phase 1 negotiation aims to establish the IKE SA. This process supports the main mode and aggressive mode. Main mode uses six ISAKMP messages to establish the IKE SA, but aggressive mode uses only three. Therefore, aggressive mode…

Troubleshooting Cisco IPSec Site to Site VPN – “QM Rejected”

Published September 19, 2017 by john

Troubleshooting Cisco IPSec Site to Site VPN – “QM Rejected”

There was a VPN issue to troubleshoot recently. It was between Juniper SRX and Cisco Router. It seems straightforward but it took quite a long time to troubleshoot because of communication. All steps listed here for my future reference. Some other related posts: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting…

Renew Cisco IOS IPSec VPN Certificates from Symantec

Published February 22, 2017 by john

I am not sure if there is other better way to do it. There is no good documentation from Cisco or somewhere else regarding how you should do on renewing your ssl certificates once it is expired. Every a couple of years, I have to face this problem, renewing all routers ssl certificates. As far as I know, you can…

Cisco IOS Router Configuration: IPSec over GRE or GRE over IPSec(1)

Published October 29, 2016 by john

IPSec over GRE means Outer Header is GRE. In other words, IPSec is riding over GRE. Please refer: Chapter: Point-to-Point GRE over IPSec Design and Implementation IPSEC over GRE Tunnel IPsec over GRE – Configuration and Explanation (CCIE Notes) The order for IPsec over GRE is IPsec first, GRE second. This order will result in these operations: 1.) Original header…

Cisco Configuration Professional (CCP) Configure IOS SSL VPN (AnyConnect SSL VPN)

Published August 5, 2016 by john

Basic Cisco Configuration Professional (CCP) configuration has been posted before at following link: Cisco CCP Installation and Basic Configuration This Post will demonstrate how to use CCP to configure SSL VPN on an IOS Router. 1. Confirm SSL-VPN License Installed You can review another post regarding how to add Cisco license into a router. From Command Line: VPN-1#show license detailIndex:…

Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed

Published May 22, 2016 by john

It is always not easy when troubleshooting a vpn issue. You will meet many situations. Here is one of examples I used to meet during configuring ipsec vpn.Other examples to troubleshoot IPSec VPN issue: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed Troubleshooting Cisco IPSec Site to Site VPN – “IPSec policy…

Troubleshooting Cisco IPSec Site to Site VPN – “IPSec policy invalidated proposal with error 32”

Published April 27, 2016 by john

There was vpn set up recently using Cisco Router to connect Check Point firewall. It seems quite simple task but “IPSec policy invalidated proposal with error 32” made me go through all troubleshooting steps which shows below. Other examples to troubleshoot IPSec VPN issue: Troubleshooting Cisco IPSec Site to Site VPN – “reason: Unknown delete reason!” after Phase 1 Completed…

Cisco ASA Remote Access VPN Configuration 2 – AnyConnect VPN

Published February 22, 2016 by john

Basic Cisco AnyConnect full-tunnel SSL VPN uses user authentication by username and password, provides IP address assignment to the client, and uses a basic access control policy. The client also authenticates the ASA with identity certificate-based authentication. Deployment tasks in this post are as follows: Configure the basic ASA SSL VPN gateway features. Configure local user authentication. Configure IPv4/IPv6 address…