Author: rtoodtoo
Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN, currently living in the Netherlands and works as a Network Support Engineer.
// JNCIE-SEC #223 / RHCE / PCNSE
if you somehow end up having hundreds of address objects in a PAN firewall and you would like to delete all of them, good luck! probably to prevent accidental removal there is no way on GUI as of now on 7.1.x releases (or I don’t know yet) but if you want to you can use
Read More »
Panorama is a nice management tool. It is nice compared to NSM and Security Director:) On the other hand, I had to deal with an issue which is address group content on panorama was different than the firewall. Here is an example; Panorama had AddGroup1 = Addr1 , Addr2, Addr3 Firewall had AddGroup1 = Addr1,
Read More »
There are various SSH clients for Windows platforms and up until couple of months ago I was thinking that the best SSH client for me was SecureCRT but I discovered another one called Mobaxterm. This product really took my attention, primary reason of which is the richness of the feature set. Fist look at what
Read More »
Slow file transfers must be really bothering everyone. I have a ZyXEL NSA325 NAS device which has a gigabit interface but I am getting extremely low throughput. Unfortunately this has been a problem I think since I bought this device. Now I could finally get hold of time to troubleshoot the issue. Here is my
Read More »
This post aims to give an introduction to configuring Palo Alto Networks firewall for initial deployment as it is for beginners, I would like to cover the following topics; Configure management interface settings (i.e IP Address, default gateway) via console Assign IP addresses to ethernet interfaces and default gateway Configure NAT and Security Policies to
Read More »
Once you are familiar with one firewall, sometimes it is difficult to be comfortable on another firewall. Here I will list 2 things that you do differently on these firewalls. At least these were the first things I noticed. 1) PING On an SRX firewall, if you ping a remote address, command will be accepted.
Read More »
OSPF has slightly different way of removing routes compared to BGP. On this short post, I will present how a link failure is propagated to other routers on OSPF domain. For this test, I have the following topology section in which AREA3 is connected to AREA0 and we simulate a link failure on the Junos
Read More »
What happens when you change a BGP import routing policy in your neighbor configuration? Changes take effect immediately or we need to issue the soft-inbound command to request the routes? Let’s see by an example. We received the route 10.83.0.0/24 from 10.82.1.9 already as you see below. root@J29> show route protocol bgp terse 10.83.0.0/24 inet.0:
Read More »
On this micro post, I would like to show one reason why a BGP open message receives a TCP RST. For this test, I set up a BGP neighborship between two peers: PeerA(10.82.1.9) and PeerB(10.82.1.10) PeerA initiates the connection and look what happens in the packet capture. According to the sequence, TCP seems to have
Read More »
On this post, I will show an example of loop prevention on OSPF protocol. There is a nice document at here about the principles of loop prevention. What I will just do is to show this on Junos. In order to show this, I am using the following topology; On this topology, J40 and J32
Read More »