Always Networks Blog

Check Point Certified System Administrator (CCSA) Study Notes - R77

Fri 22 January 2016

I'm now a Check Point Certified System Administrator (CCSA)! I took the R77 exam and passed. I have to say I was a little disappointed with the exam - there were 100 questions in 90 minutes, but I found a lot of the questions were repeated - albeit with a slightly different phrasing.

Below are the notes I made while I was studying. Definitely lab it (download …

Read whole post...

Packet capture, built in to Windows

Thu 14 January 2016

Sometimes when you are working in secure environments, you can't just go installing software. But if you need a packet capture, and it's a windows server, then what? If you can't install Wireshark, then you can use Microsoft Network Monitor.

The capturing is done via a command-line tool. Once you export the file, then you have to use some Microsoft software to analyse it - it's …

Read whole post...

Palo Alto scheduled backups - without Panorama

Fri 08 January 2016

Recently we deployed a Palo Alto VM-200 firewall. It was a stand-alone deployment on a remote site. We were going to deploy a pair, but we didn't see how much value it added as the VM-series firewalls do support HA but not stateful HA.

As it was stand-alone, it wasn't managed by Panorama. And without Panorama management, it is seemingly not very straightforward to enable …

Read whole post...

What is ARP?

Thu 20 August 2015

A number of times in the last few weeks I have been asked by a number of people:

What is ARP?

There is the simple answer - which is simply a definition:

Address Resolution Protocol (ARP) is a mechanism to resolve IP addresses into MAC addresses.

However...that doesn't really explain a lot. It probably doesn't explain anything you didn't already know. To really understand ARP …

Read whole post...

Nexus 7000 Software Bug - Flash RAID Errors - Part 2

Wed 12 August 2015

This is a continuation of a previous post.

The last post finished where we thought all was good, because the flash status code was reading 0xF0, which we were told means both flash drives are healthy. What we noticed though was that the diag tests were still failing for compact flash - test 7 - on some of the sups. Initially Cisco told us that this was …

Read whole post...

Why am I seeing packets on my server that aren't for this server?

While troubleshooting a totally unrelated issue, one of my colleagues noticed that they were seeing packets in a tcpdump that were neither destined for nor sourced from the server. This is odd, when plugged into a switch, so we started digging.

Server 1, was sending a stream of packets to Server 2 - in a different subnet somewhere. Sometimes, although rarely, these packets could be seen …

Read whole post...

Nexus 7000 Software Bug - Flash RAID Errors - 7k Reboot and Failover

It's been a mad couple of weeks with Nexus 7000's. My client hit a software bug on their Nexus 7k, which turned out to be a most impressive bug. It basically causes the flash drives to be erroneously marked as faulty, which then causes them to be remounted in read only. The first symptom was that you could not save the running configuration by running …

Read whole post...

Automate loading INE configs onto Cisco CSRs using Python

I haven't posted for a while. Work has been hectic, I failed my CCIE written and lost all motivation, and many other excuses. Whilst I haven't really been studying CCIE stuff, I have been productive. I have been learning Python. I decided to automate the process of loading the INE initial configs onto my CSR routers, using a Python script, and the power of pexpect …

Read whole post...

Replacing a failed Cisco Ironport Web Security Appliance Proxy

Recently we had a Cisco Web Security Appliance (WSA) Proxy fail. When I say fail, I mean a single stick of RAM failed after a reboot. Cisco said RAM isn't replaceable so we had to RMA the whole box (odd for a device that is basically a rebadged server...maybe I have a money saving idea for you Cisco!)

There were a few steps to …

Read whole post...

Checkpoint GAiA BGP Network Origination

Fri 30 January 2015

I was recently involved in a project upgrading the core firewall pair from Checkpoint R71.40 SPLAT to R77.20 GAiA. While very different, a lot of the configuration is pretty straight forward, and well documented in various articles on the Checkpoint website.

This setup runs BGP on the firewalls, to learn routes from our internal VRF's and also the WAN VRF where our MPLS …

Read whole post...