The Context aware modules for the Cisco ASA provide enhanced functionality for L7 services. These include but are not limited to URL category/reputation databases, HTTP inspections, AVC, TLS proxy, TCP Proxy, and Multiple Policy decision points. The management of these…

The ASA SSP module is the traditional firewall module found in the 5585-x chassis. It performs the default firewall roles and has the standard firewall features. If you’re looking to do some detailed L7 work with focus on user authentication,…

Here is the Juniper flavour of the FQDN access-list. The policy used references the dns-name and creates policy destination addresses accordingly. It is important, as noted in the optimisation and initial ASA FQDN configuration post, that you have a set…

My previous post focused on using access-lists that we based upon Fully Qualified Domain Names. This recently has posed a solution for some works that have been undertaken. Even though it might seem quite straight forward to implement – there…

A recent change came through which required a geo-spatial map data server from an isolated network to cache maps from various public entities. The geo-spatial database calls upon various websites.  The use of Bing, Google, government agencies, traffic management combine together…

I have managed to get the QEMU version of ASA running inside Ubuntu 12.04. Previously I have installed this on Windows and OSX. The trifecta will be complete with this post with the ASA running inside Ubuntu. Similar to the…

As per the previous blogs if you have followed from the start you will notice you have downloaded, installed, and configured your Juniper SRX to support IDP technologies. This is a great start. For most users the default templates defined…

Juniper’s SRX family offer the ability to perform much more than firewalls, access-lists, and NAT. As a part of their Unified Threat Management suite (UTM), Intrusion Detection and Prevention (IDP) is a vital part to a layered approach to security.…

Time to get into some access-list tips. I am going to make a management zone and want to control which protocols.First make the address book entry we will use to define our management hosts. set security zones security-zone trust address-book…

Forward As I mentioned last  earlier, I have been asked about being apart of the Thwack Ambassador program and my first post went up. I am linking to it now for my readers who follow my blog and may not be aware of the…

A functional zone is a unique type of zone. The SRX family has only one type of functional zone applicable to it. The management zone is designed to have a physical interface allocated to it which allows true out-of-band management.…

Forward As I mentioned last  earlier, I have been asked about being apart of the Thwack Ambassador program and my first post went up. I am linking to it now for my readers who follow my blog and may not be aware of…

Forward As I mentioned last week that I was apart of the Thwack Ambassador program and my first post went up. I am linking to it now for my readers who follow my blog and may not be aware of the…

Solarwinds provide a plethora of network and server management tools. They are a household name for network and server administrators. Their portfolio of software stretch from application monitoring, virtual machine management, to the ever handy IP Address management platform. All…