As many of you are well aware I own a Juniper Networks SRX110H-VA firewall. THis firewall has been the focus of many blogs up until now. I have covered off a myriad of subjects with many more to come in…

The purpose of this post is to dissect what a TCP SYN scan is by digging into the TCP protocol. The notion of TCP SYN scans have been around for many years. It is something that a network engineer should…

Next topic on the blog is Security policies. An important part of firewalls is controlling of traffic. Once we logically define zones and we segregate the network we need to control traffic to and from these zones. It is important…

Juniper works very different to IOS. If you have been following my blog recently you will have discovered I have been on the Sauce. Fresh of the JNCIA Junos pass I am diving into JNCIS-SEC. I am going to explain…

Like Cisco, Juniper offer their equivalent to security levels. Known as zones, the SRX family can classify common interfaces and apply hierarchical policies that allow stable scalability. This post is designed to introduce Cisco people to the Juniper equivalent, and new…

As I slowly diversify my skill set and acquire JUNOS knowledge I find that knowing the technology and underlying concepts are the same. Minor changes like routing preference and the like is easy to deal with. Slowly I am working…

Currently I am getting a big dose of the Juniper sauce. I like it thus far. The device that has been getting my whistle wet is the SRX110. This bad boy was plonked between my desktop and current network. I…

Over the couple of weeks I have had a real dose of JUNOS. I’ve been drinking the secret sauce and I am very exited. Powerful, Flexible, and delicious. In my previous post I introduced my SRX110 Firewall Router. My good…

–Network Address Translation, ASA 8.2 NAT is required for a number of scenarios and can be used in the most unusual places. Most common is translation of a private RFC 1918 address into a globally routed public IP address. An…

–Routing on ASA– The ASA supports static and dynamic routing protocols. As of ASA code release 8.3+ most routing protocols are supported. OSPF, EIGRP, RIPv2, and static routing are the protocols the ASA can use. Static Routes Static routes are…

–Transparent and Routed Firewalls– There are two modes in which you can have your firewall; routed or transparent mode. Each mode will treat the packets differently and operate in its own way. Depending on your requirements of your design you…

NAT enhancements There are a few little tricks to improve NAT performance. The first would be translation timeout. Translation timeout returns a translated address back to the pool. The default is 3:00 hours. If you have a smaller pool or…

I hope you enjoy this extract from my upcoming ebook – Deploying Cisco ASA firewalls. –DNS on ASA– This section looks at the provision of DNS functions on the ASA. Whilst it cannot provide DNS AAA records it does provide…

The Cisco ASA line has some serious bad juju when mentioned in networking circles. Example of this is of my mentor, Kurt Bales. He is a Juniper champion, JNCIE candidate, and all around network guru. His background lent it self…