Press "Enter" to skip to content

Tcpdump or Fw Monitor, which is better ?

0

FW MONITOR————It is said that it captures at 4 important points in the firewall namely i,I,o & O. You would see them in the capture in the same sequence.i – Preinbound, just where the packet is received on the interface. If you see only this then the packet is dropped by address spoofing or the access rule.I – Postinbound, where…

IEEE STANDARD 802.3AD – JunOS Configuration

0

The  802.3ad standard supports aggregation on full duplex, point to point  links,  to form a Link Aggregation Group (LAG), so that a Media Access Control (MAC) Client can treat the LAG as if it was a single link.  The sublayer defines multiple functions like Link Aggregation Control (LAC), Link Aggregation Control Protocol (LACP). LAC manages the Link Aggregation sub layer…

SecureXL Process Details

0

SecureXL is a patented technology consisting of a software package with an API for the acceleration for multiple, intensive security operations. In addition to the IPS, SecureXL also accelerates operations carried out by a Stateful Inspection firewall from Check Point. Through the SecureXL API, this firewall can offload the handling of those operations to a special module, the “SecureXL device,”…

WebUI port change doesn’t survive a firewall policy push or reboot

2

Change WebUI port to 4434 from Command line: webui disable webui enable 4434 Unfortunately after a cpstop/cpstart or reboot, the 4434 port will not survive. It rolled back to 443 again.  Solution: Firewall ->Properties -> SecurePlatform -> change main url to :http://x.x.x.x:4434 goto command line do webui changes push policy. 

Route-based VPN between Juniper and Cisco

1

Another useful post for route-based vpn from http://x443.wordpress.com/page/5/  Cisco router configuration: crypto isakmp policy 1 encr aes 256 authentication pre-share group 5crypto isakmp invalid-spi-recoverycrypto isakmp keepalive 10crypto isakmp key 0 keyforlab123 address 2.2.2.2crypto ipsec transform-set ESP_AES_256 esp-aes 256 esp-sha-hmaccrypto ipsec profile CIPHER-AES-256 set transform-set ESP_AES_256 Tunnel interface configuration: interface Tunnel18 description tunnel_to_srx ip address 192.168.100.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel…

Policy NAT-ing with overlap message – Order is important

0

Existing rule : static (dmz,outside) 200.147.90.89 172.17.1.3 netmask 255.255.255.255 There is a special situation come up today. When 172.17.1.3 access to another site 200.200.200.200 , it has to be nat-ed to different ip address 200.147.90.83 So what I did : 1. Add a new access-list PNAT-T: access-list PNAT-T extended permit ip host 172.17.1.3 host 200.200.200.200  2. Add a new access-list FW1/act/pri(config)#…

Checkpoint Domain Object

14

Was thinking to use Domain Object as a source in our firewall rule. After consulted with checkpoint support, it seems impossible if your domain object represented multiple ip addresses. SK42128 Symptoms     Rules containing a Domain object will only resolve to one of the associated IP addresses, causing request for a site not to return a web page.  Cause…

Add static route in Smoothwall

0

Add static route in Smoothwall Firstly, edit the file /etc/rc.d/rc.netaddress.up Above the 'echo "setting up firewall ……."', add: /sbin route add -net destination netmask subnetmask gw gateway devdeviceinterface ————————————– Edit /etc/rc.d/rc.firewall.up After the section on "# Allow packets that we know about through …" Add: # Allow packets from green to green /sbin/iptables -A FORWARD -i $GREEN_DEV -o $GREEN_DEV -j ACCEPT

no response when ping MS Cluster’s ip address – Solution

0

There is a Citrix cluster deployed in our environment. But cluster ip not working from an outside network, although working fine in same network. Checked MS doc – http://technet.microsoft.com/en-us/library/cc732592(WS.10).aspx troubleshooting NLB, foud following cause: There is no response when you use ping to access the cluster's IP address from an outside network. Verify that you can use ping to access the dedicated IP addresses…