Press "Enter" to skip to content

ASA 8.02 in Vmware Workstation

2

Here are all related posts in this blog: ASA 8.02 in Vmware Workstation ASA 8.42 in VMware Workstation ASA 9.21 in Vmware Workstation 10 Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (1) Cisco ASAv 9.4.1 and ASDM 7.4.1 in Workstation / ESXi (2) Cisco ASAv 9.5.1 200 and ASDM 7.5.1 in Workstation / ESXi  1. Found a…

Problem when two Checkpoint Clusters Connected on same Cisco Switch

2

Got mac address flapping messages on Cisco Switch log.  Dec 22 17:27:16: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 20 is flapping between port Gi0/12 and port Gi0/11 Dec 22 17:27:16: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe00 in vlan 20 is flapping between port Gi0/15 and port Gi0/16 Dec 22 17:27:31: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 20 is flapping between port Gi0/12 and port Gi0/11…

Cisco Pre-defined Access-list Port Number

0

Working on move PIX/ASA migration to Juniper SRX. Some of ports name convention Cisco is using which is different from JunOS. I found following list to map port number to cisco name convention from a Cisco 2901Router runing “Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M4,” Router(config)#access-list 101 permit tcp any any  eq ?   <0-65535>    Port number   bgp  …

Checkpoint R75 new feature violated PCI rules

0

My company recently upgraded our firewall UTM from R71 to R75. It was neat and no worries upgrade until today our External Security company sent us a report our public Internet ip scanning report failed on PCI compliance. Report shows there is self-sign checkpoint certification on our Internet facing firewall. Yes, it is right. All checkpoint firewall has a Certification…

Tcpdump or Fw Monitor, which is better ?

0

FW MONITOR————It is said that it captures at 4 important points in the firewall namely i,I,o & O. You would see them in the capture in the same sequence.i – Preinbound, just where the packet is received on the interface. If you see only this then the packet is dropped by address spoofing or the access rule.I – Postinbound, where…

IEEE STANDARD 802.3AD – JunOS Configuration

0

The  802.3ad standard supports aggregation on full duplex, point to point  links,  to form a Link Aggregation Group (LAG), so that a Media Access Control (MAC) Client can treat the LAG as if it was a single link.  The sublayer defines multiple functions like Link Aggregation Control (LAC), Link Aggregation Control Protocol (LACP). LAC manages the Link Aggregation sub layer…

SecureXL Process Details

0

SecureXL is a patented technology consisting of a software package with an API for the acceleration for multiple, intensive security operations. In addition to the IPS, SecureXL also accelerates operations carried out by a Stateful Inspection firewall from Check Point. Through the SecureXL API, this firewall can offload the handling of those operations to a special module, the “SecureXL device,”…

WebUI port change doesn’t survive a firewall policy push or reboot

2

Change WebUI port to 4434 from Command line: webui disable webui enable 4434 Unfortunately after a cpstop/cpstart or reboot, the 4434 port will not survive. It rolled back to 443 again.  Solution: Firewall ->Properties -> SecurePlatform -> change main url to :http://x.x.x.x:4434 goto command line do webui changes push policy. 

Route-based VPN between Juniper and Cisco

1

Another useful post for route-based vpn from http://x443.wordpress.com/page/5/  Cisco router configuration: crypto isakmp policy 1 encr aes 256 authentication pre-share group 5crypto isakmp invalid-spi-recoverycrypto isakmp keepalive 10crypto isakmp key 0 keyforlab123 address 2.2.2.2crypto ipsec transform-set ESP_AES_256 esp-aes 256 esp-sha-hmaccrypto ipsec profile CIPHER-AES-256 set transform-set ESP_AES_256 Tunnel interface configuration: interface Tunnel18 description tunnel_to_srx ip address 192.168.100.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel…