Author: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

JNCIP-SEC [ 2 – Virtualization ]

According to exam topics I will focus on routing instances, routing between instances and filter based forwarding. Lets get started; Routing Instances Routing instances may be considered to be virtual routers within a physical router configured like below. I have two virtual routers configured each of which inherits one interface from physical router.  In configuring
Read More »

ScreenOS fetching defaults

Although I am not that familiar with ScreenOS, it is worth of mentioning this hidden command I have found. It is a handy command fetching system defaults such as max number of addresses etc. host-> get sys-cfg acl rule mem size number: 16384 ADSL Sub-if limit number: 0 alarm glog number: 128 def apppry scheduler
Read More »

routing instances and rib-groups

Here is a short routing instance and rib-group configuration. I assume you have configured routing instance named “untrust” Configure routing instance root@host# show routing-instances untrust {     instance-type virtual-router;     interface ge-0/0/1.0; } Display Routes root@host> show route inet.0: 6 destinations, 6 routes (3 active, 0 holddown, 3 hidden) + = Active Route,
Read More »

JNCIS-SEC exam

It is needless to say that I am very much interested in JUNOS. Recently I have taken JNCIS-SEC exam though  it was a bit more difficult than I expected. Now I want to run for JNCIP-SEC and JNCIS-SP. I don’t know which one will be the first but I feel hungry for both routing and
Read More »

SRX packet mode

JunOS can have two modes which are Flow and Packet mode in the following devices; J-series services routers (I think after 9.3 version). This is also called junos enhanced services (junos-es) SRX security devices In default configuration SRX devices work in flow mode by which security policies are in place and unless otherwise allowed, packets
Read More »

JNCIS-SEC [ Web Filtering ]

There are three types of Web Filtering solutions: 1) Integrated Web Filtering:  This solution intercepts every HTTP request in a TCP connection. Then device identifies the category of a URL either from user-defined categories or from a category server (Surf Control Content Portal by Websense) 2) Redirect Web Filtering: This solution intercepts HTTP requests and
Read More »

JNCIS-SEC [ Content Filtering ]

Content filtering blocks or permits certain types of traffic based on the MIME type, file extension and protocol command. The content filter controls file transfers across the gateway. The content filter module evaluates traffic before all other UTM modules except Web Filtering. There are three types of content filters: 1) MIME Pattern Filter: It is
Read More »

JNCIS-SEC [ Antivirus ]

There are two types of protection techniques a) Full Antivirus Protection b) Express Antivirus Protection A) Full Antivirus Protection Files are scanned against a signature database.  Data packets are received and the original application content e.g email attachment is reconstructed. Kaspersky lab provides scan engine and if antivirus license expires, you can continue to use
Read More »

JNCIS-SEC [ Antispam ]

SPAM is an unwanted message as everyone knows. When SRX detects a message deemed to be spam, it blocks the email message or tags it with a configured string.  You can use a 3rd party spam block list (SBL) or create your own (whitelist or blacklist)  A) Server Based Antispam Filtering Firewall performs SBL lookups
Read More »