Packet capture with access list You can use access-list to group the interesting traffic, then use the capture command. If you use ASA version 9, remember do not use the keyword any when creating access-list. This keyword supports both ipv4 and ipv6, you will receive this error when you try to use the capture command. … Continue reading Cisco ASA: Packet Capture
Scenario The pair of PA5050 firewalls are at the edge of the network, the downstream of PA5050 pairs has a pair of Cisco Catalyst 6506 and a pair of Cisco Catalyst 4506 switches. The diagram is illustrated as below. The pair of Cisco Catalyst 6506 is configured as a virtual switching system, which unifies the … Continue reading Palo Alto Networks: Active/Active High Availability
you need to get use to the command sets.. If you are a Cisco user it will be easier to compare the commands with cisco's. set vlans trust vlan-id 10 is the same as set interfaces vlan unit 10 family inet address 192.168.10.1/24 and set vlans trust l3-interface vlan.10 are the same as set interfaces … Continue reading Juniper Networks: Configuring Vlan interface on SRX210H
The previous post about Cisco VSS is to integrate with Palo Alto Firewalls. Layer 3 link aggregation on PA firewall Click on Network tab and select Interfaces from the menu on the left. There is an "Add Aggregate Group" at the bottom of the page, it may seem quite unnoticeable. After the link aggregation link … Continue reading Palo Alto Networks: OSPF and L3 Link aggregation
Introduction An organisation has gone through the gap analysis by consultant and engaged your company to do phase 1 implementation based on the treatment plan by consultant. This is a new office by the organisation. The implementation phases are broken down, you will first implement phase 1. Scope 1. Implement VLAN to segregate networks. 2. … Continue reading Palo Alto Networks: Mocked up project task
Suppose you want to verify if your packet actually reach the untrust interface of Palo Alto Network firewall, you can let the untrust interface of the firewall to send echo reply by using set network profiles interface-management-profile command. Firewall policy will not influence the firewall to send echo reply back to the originator. Note that … Continue reading Palo Alto Networks: Ping firewall interface
Remove insecure system services The default configuration allows telnet and http, remove these from the default configuration. Create users Create an administrator account and prevent the use of root. Create operator account and readonly account. Set up NTPd for time synchronization Time is important for the syslog messages and event messages to be useful. By … Continue reading Juniper Networks: Default configuration hardening.
If your password is too simple you will receive this message error: require change of case, digits or punctuation
Suppose your virtual-router profile has to be applied on both layer3 interfaces you can do the following configuration in command line.
Configuring Layer 3 interfaces Command line interface Web interface Click on Network tab then select Interfaces. Define zone for L3 interface Command Line Interface Web Interface Click Network then select Zones, you can create your zone or use the default trust and untrust zones. Create virtual router to define default route Command Line Interface Web … Continue reading Palo Alto Networks: Configuration basics