Clik here to view.
MRTG/Routers2: Template Juniper SA/MAG
I am monitoring an (old) SA-2000 cluster of Juniper Secure Access devices with my MRTG/Routers2 system. With the JUNIPER-IVE-MIB I built the configuration file for that monitoring system. In this blog...
View ArticleClik here to view.
MRTG/Routers2: Template Juniper SSG
Finally, this is how I am monitoring my Juniper ScreenOS SSG firewalls with MRTG/Routers2. Beside the interfaces (that can be built with cfgmaker) I am using my template in order to monitor the CPU...
View ArticleClik here to view.
Juniper ScreenOS NAT Overview: MIP DIP VIP
MIP DIP VIP. I am sometimes confused with the NAT names of the Juniper ScreenOS devices. Therefore, I drew a small figure with a few basic examples for these NAT types. Note that this figure does not...
View ArticleClik here to view.
If only one DNS query is malicious …
… the whole Internet breaks down. So happened on a Palo Alto with a DNS proxy and a (slightly misconfigured) anti-spyware profile. All network clients had a single DNS server configured, namely the DNS...
View ArticleClik here to view.
Considerations about IPsec Pre-Shared Keys
Pre-shared keys (PSK) are the most common authentication method for site-to-site IPsec VPN tunnels. So what’s to say about the security of PSKs? What is its role for the network security? How complex...
View ArticleClik here to view.
Logfile Parsing
While parsing logfiles on a Linux machine, several commands are useful in order to get the appropriate results, e.g., searching for concrete events in firewall logs. In this post, I list a few standard...
View ArticleClik here to view.
IPsec Site-to-Site VPN Palo Alto FortiGate
This is a small tutorial for configuring a site-to-site IPsec VPN between a Palo Alto and a FortiGate firewall. I am publishing step-by-step screenshots for both firewalls as well as a few...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate Juniper SSG
Here comes the step-by-step guide for building a site-to-site VPN between a FortiGate and a ScreenOS firewall. Not much to say. I am publishing several screenshots and CLI listings of both firewalls,...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate Cisco Router
This blog post shows how to configure a site-to-site IPsec VPN between a FortiGate firewall and a Cisco router. The FortiGate is configured via the GUI – the router via the CLI. I am showing the...
View ArticleClik here to view.
Minor Palo Alto Bug concerning IPv6 MGT
A few month ago I found a small bug in PANOS, the operating system from Palo Alto Networks. It is related to an IPv6 enabled management interface. The MGT address was not reachable when the firewall...
View ArticleClik here to view.
Palo Alto PANOS 6.1.2: No more SSLv3/POODLE
Another fixed issue in the just released PANOS version 6.1.2 from Palo Alto Networks is bug ID 71321: “Removed support for SSL 3.0 from the GlobalProtect gateway, GlobalProtect portal, and Captive...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate Cisco ASA
Following is a step-by-step tutorial for a site-to-site VPN between a Fortinet FortiGate and a Cisco ASA firewall. I am showing the screenshots of the GUIs in order to configure the VPN, as well as...
View ArticleClik here to view.
“IPv6-Präfixe würfeln”– Was soll das?
Seit Monaten sieht man auf heise online an der rechten Seite den Link zu einem Artikel namens “IPv6-Präfixe würfeln“. Dabei geht es darum, OpenWRT einen Teil des IPv6-Präfixes innerhalb gewisser...
View ArticleClik here to view.
Site-to-Site VPNs with Diffie-Hellman Groups 19 & 20 (Elliptic Curve)
Similar to my test with Diffie-Hellman group 14 shown here I tested a VPN connection with the elliptic curve Diffie-Hellman groups 19 and 20. The considerations why to use these DH groups are listed in...
View ArticleClik here to view.
Palo Alto: Save & Load Config through CLI
When working with Cisco devices anyone knows that the output of a “show running-config” on one device can be used to completely configure a new device. On a Palo Alto Networks firewall, this is not...
View ArticleClik here to view.
Idea: IPv6 Dynamic Prefix
For dynamic IPv4 addresses, dynamic DNS services such as Dyn or No-IP are well-known. If an ISP issues a single dynamic IPv4 address every 24 hours (or the like), the router or any other device...
View ArticleClik here to view.
FRITZ!OS ab 06.23: IPsec P2 Proposals erweitert
Es geht in eine weitere Runde bei den VPNs von und zur FRITZ!Box. Nach den unglücklichen Änderungen in Version 06.20 hat AVM wieder ein paar Phase 2 Proposals hinzugenommen, die komplett ohne...
View ArticleClik here to view.
Low-Budget Zeitraffer in Full HD erstellen
Neben dem normalen Fotografieren und Filmen finde ich zwei Arten von Videos sehr interessant, nämlich Slow Motion Filme, bei denen eine schnelle Aktion sehr langsam dargestellt wird, sowie Zeitraffer,...
View ArticleClik here to view.
Palo Alto: DNS Proxy for Management Services
The Palo Alto firewall has a feature called DNS Proxy. Normally it is used for data plane interfaces so that clients can use the interfaces of the Palo for its recursive DNS server. Furthermore, this...
View ArticleClik here to view.
Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration...
View Article