Roll your own asa_facts module with splits and slices.
The SRX300 (and SRX550M) are configured to drop IPv6 traffic by default: see documentation: When IPv6 is configured on SRX300 Series and the SRX550M devices, the default behavior is set to drop mode because of memory constraints.https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ipv6-flow-processing-enabling.html This can be confirmed: admin@CS7-HQ-FW02> show security flow status Flow forwarding mode: Inet forwarding mode: flow based Inet6... Continue Reading →
Whilst completing my studies for the JNCIA-Junos exam I was trying various configuration on my SRX110 and decided to expose it to the internet as my LAN 'DMZ host', after a little while I noticed the log filling up with messages like these: Feb 14 11:24:24 2018 CS7-SRX01 sshd: SSHD_LOGIN_FAILED: Login failed for user 'root'... Continue Reading →
After a recent spate of hardware lock-ups and random reloads I decided to replace my ASA5505. It was the first cisco device I ever purchased and set me on my networking career, but it was playing up so I decided to swap it out for a Juniper SRX110H2-VA. As far as I can tell they... Continue Reading →
This post on CSC caught my attention and reminded me of the challenges thrown up whilst working my first IT job at a charity. Typically trying to stitch together enterprise solutions for the bare minimum price. At time of writing to two replies to the post come in at $700 (C881W) and $670 (MX64W). The... Continue Reading →
This post came about after answering a question on CSC regarding tunnels and VRF, and will elaborate on the the use case I suggested. Imagine two sites with multiple VRFs which need to communicate intra-VRF over a public WAN, lets run through the configuration options: Option A Each VRF would require a public IP which... Continue Reading →
Cisco WLC Mobility Groups - Data Path down/ Control Path down Cisco Mobility Group – Anchor : Data Path Down The path of the mobility group EtherIP tunnel between WLCs passes through a single CheckPoint firewall (R77.20), requiring that rules be defined to allow UDP/16666 and TCP/97 traffic to and from the WLCs. I created... Continue Reading →