Check Point and Microsoft has a test drive for R80.10 lab. The lab has been designed very well to understand Check Point architecture and features To summarize what I have got, I recorded the lab video on my laptop and put them together. 1. Log Into Azure – https://youtu.be/MInifWUg2H8 This lab is being run within the Microsoft Azure public cloud…
An Intrusion Detection and Prevention (IDP) policy lets you selectively enforce various attack detection and prevention techniques on the network traffic passing through your SRX Series. The SRX Series offer the same set of IDP signatures that are available on Juniper Networks IDP Series Intrusion Detection and Prevention Appliances to secure networks against attacks. The basic IDP configuration involves the…
Palo Alto Networks has developed Virtualized Firewalls VM series to run in virtual environment. Here is the list for supported hypervisors from its website: The VM-Series supports the exact same next-generation firewall and advanced threat prevention features available in our physical form factor appliances, allowing you to safely enable applications flowing into, and across your private, public and hybrid cloud…
Check Point 1100 SIP Configuration and Troubleshooting Dropped the packets due to “Violated Unidirectional Connection”
0
One request came up for a simple internet SIP connection to SIP provide Goldline. There are VoIP devices involved in this task, such as Cisco Router AS5350 and IP PBX, also Check Point 1100 firewall used to protect this connection. Topology
Cisco IKEv1 is still popular in VPN configuration. Most of my vpn configuration is based on IKE v1 although there are more demands for v2. I had a post “Cisco Router IKE v2 Site to Site IPSec VPN Configuration” to quickly show what the difference is between v1 and v2, and how to do v2 configuration. Recently some vulnerabilities scan…
Ethernet Management Interface VRF New Cisco Routers and Switches come with a dedicated Ethernet port which unique purpose is to provide management access to the device via SSH or Telnet. This interface is isolated in its own VRF called “Mgmt-vrf’. Placing the management Ethernet interface in its own VRF has the following effects on the Management Ethernet interface: Many features must be…
I have been dealing with Juniper SRX IDP error many times when NSM was been used. Mostly those errors are caused by corrupted signature DB or not enough storage space on SRX itself. Here is the latest one I encountered. Symptoms From Space, if I make a new change on firewall policy and push it to gateway, I will get…
In one of my clients environment, there are two Cisco 4510 running and HSRP has been configured. It has been discussed to upgrade it to VSS (Virtual Switching System) during last a couple of months. The main driven to get VSS is to have dual homed hosts run Etherchannel to connect to those two 4510R+E switches. Obviously converting the core switches…
Received a bunch of boxes for Cisco 3850, which will be used to build a switch stack for high availability switching environment. For 2960 series, there is previous post about it: Cisco Catalyst 2960X and 2960S Stacking Cisco Catalyst WS-C3850-48T-S and Components (Unboxed) Cisco Catalyst WS-C3850-48T-S and Components in the Boxes