ASA 8.42 in VMware Workstation
Here are all related ASA(v) posts in this blog: ASA 8.02 in Vmware Workstation ASA 8.42 in VMware Workstation ASA 9.21 in Vmware Workstation 10 Cisco ASAv 9.4.1 and ASDM…
ASA 8.02 in Vmware Workstation
Here are all related posts in this blog: ASA 8.02 in Vmware Workstation ASA 8.42 in VMware Workstation ASA 9.21 in Vmware Workstation 10 Cisco ASAv 9.4.1 and ASDM 7.4.1…
Problem when two Checkpoint Clusters Connected on same Cisco Switch
Got mac address flapping messages on Cisco Switch log. Dec 22 17:27:16: %SW_MATM-4-MACFLAP_NOTIF: Host 0000.0000.fe01 in vlan 20 is flapping between port Gi0/12 and port Gi0/11 Dec 22 17:27:16: %SW_MATM-4-MACFLAP_NOTIF:…
Cisco Pre-defined Access-list Port Number
Working on move PIX/ASA migration to Juniper SRX. Some of ports name convention Cisco is using which is different from JunOS. I found following list to map port number to cisco name…
Checkpoint R75 new feature violated PCI rules
My company recently upgraded our firewall UTM from R71 to R75. It was neat and no worries upgrade until today our External Security company sent us a report our public…
Tcpdump or Fw Monitor, which is better ?
FW MONITOR————It is said that it captures at 4 important points in the firewall namely i,I,o & O. You would see them in the capture in the same sequence.i –…
IEEE STANDARD 802.3AD – JunOS Configuration
The 802.3ad standard supports aggregation on full duplex, point to point links, to form a Link Aggregation Group (LAG), so that a Media Access Control (MAC) Client can treat the…
SecureXL Process Details
SecureXL is a patented technology consisting of a software package with an API for the acceleration for multiple, intensive security operations. In addition to the IPS, SecureXL also accelerates operations…
WebUI port change doesn’t survive a firewall policy push or reboot
Change WebUI port to 4434 from Command line: webui disable webui enable 4434 Unfortunately after a cpstop/cpstart or reboot, the 4434 port will not survive. It rolled back to 443…
Route-based VPN between Juniper and Cisco
Another useful post for route-based vpn from http://x443.wordpress.com/page/5/ Cisco router configuration: crypto isakmp policy 1 encr aes 256 authentication pre-share group 5crypto isakmp invalid-spi-recoverycrypto isakmp keepalive 10crypto isakmp key 0…
Policy NAT-ing with overlap message – Order is important
Existing rule : static (dmz,outside) 200.147.90.89 172.17.1.3 netmask 255.255.255.255 There is a special situation come up today. When 172.17.1.3 access to another site 200.200.200.200 , it has to be nat-ed…
Checkpoint Domain Object
Was thinking to use Domain Object as a source in our firewall rule. After consulted with checkpoint support, it seems impossible if your domain object represented multiple ip addresses. SK42128…