This post outlines how to add routes to a Neutron router. The outcome of this post will allow the jumphost to access VMs and networks advertised behind the SRX. Working on my lab environment I have some server infrastructure and jump…
Cisco VIRL is a learning platform which allows you to run real devices. It is built on an OpenStack architecture that allows rapid deployment of instances of NX-OS, IOSv, IOS-XE ASA and vSRX. I am going to show you the…
Today I sat the JNCIS-SEC exam. I felt it was a fair exam and I am going break it down. It capped off a year of certifications for me as I have worked on transforming my knowledge and applying myself…
There has been a quite a bit of ‘SDN-washing’ when it comes to what the future holds. Just because there is an API it doesn’t necessarily mean a product leverages SDN. As marketecture around next generations firewalls hits its peak…
Developing your own lifecycle and proactive maintenance should be considered at the start of any investment. It allows administrators and managers and all stakeholders to understand the cost of the network. In some environments the network is purely seen as…
There comes a point in all deployments when an installation transitions from deployment to support. This involves handover documentation and for many people what this encapsulates varies. The importance of having comprehensive documentation on handover cannot be overstated. It should…
Management is such an interesting topic. There are many ways in approaching how to manage a device and the correct method to do so. By no means is this a comprehensive guide but should influence how you design the management…
Over the last decade we have seen the increased footprint of physical firewalls. Audits and compliance require traffic isolation, segregation, and application tiers to meet the check boxes. This has seen a vast sprawl of the data centre firewall. Such sprawl…
So you have the business requirements from a customer and have garnered the requirement information that will allow you yo formulate a high level design. What do you do now? How do you distill this information into something that will…
In a pre-sales environment or an enterprise that empowers its own staff, the translation of business and strategic objectives into technical solutions is paramount. These can be such aims as to isolate customers, enhance stability, reduce cost, attain or maintain…
Shrouded in a unique CLI with its own Order of Operations the much-loved or loathe firewall rules a majority of networks with an iron fist. The adulation of this bastion of permission (or the chagrin of expensive DC heater) all…
As some readers may note I have been using Juniper’s SRX-110 for my home firewall for some time. It is a very cool piece of kit and an extremely flexible, dynamic, and feature rich. In June, Brad Woodberg and Rob…
Here is the Juniper flavour of the FQDN access-list. The policy used references the dns-name and creates policy destination addresses accordingly. It is important, as noted in the optimisation and initial ASA FQDN configuration post, that you have a set…
So what is DHCPv6 client mode and why can this help me? A while back Ivan Pepelnjak commented on the blog asking if the SRX had DHCPv6 client features such as IA_PD and IA_NA. Now as of version 12.1×45-D10 these…
As per the previous blogs if you have followed from the start you will notice you have downloaded, installed, and configured your Juniper SRX to support IDP technologies. This is a great start. For most users the default templates defined…
The Juniper SRX110h-va has some delicious features. It has been the darling of quite a few posts and whilst I have some free time it will be part of a few more. This post is number two in a small…
Juniper’s SRX family offer the ability to perform much more than firewalls, access-lists, and NAT. As a part of their Unified Threat Management suite (UTM), Intrusion Detection and Prevention (IDP) is a vital part to a layered approach to security.…
Time to get into some access-list tips. I am going to make a management zone and want to control which protocols.First make the address book entry we will use to define our management hosts. set security zones security-zone trust address-book…
Forward As I mentioned last earlier, I have been asked about being apart of the Thwack Ambassador program and my first post went up. I am linking to it now for my readers who follow my blog and may not be aware of…
In a branch office you generally have workers who work standard business hours. These generally exist between the hours of 0700 and 1800 hours. Most branches have VOIP handsets or APs that run off PoE. These do not need to…
Micro and Small branch considerations are far and wide between depending on what is the requirements are. From experiences I have found this to be a nightmare with some vendors. A set solution may not exist or the solutions that…
As previous blogs have indicated I have my hands on a Juniper Networks EX-2200. This device has great functionality what I found great was the dual-purpose uplink ports. As pictured below these ports are linked and can take either a RJ-45…
My Juniper lab is at home and contains an EX2220-C and a SRX110. Traditionally I created an interface in which I could SSH to. This worked for a while but when labbing you are generally testing new things. Well needless…
Again we come to the topic of guarding the edge. Another day, another battle. Last time it was Spanning-tree defence mechanisms, today it is mac address spoofing. Every device has a MAC address and is populated into a devices CAM…
As many readers have been aware I have been working away at Juniper posts. Working through various topics I have passed Junos and Enterprise. Security looks to be on the horizon. I will see how I feel when I get…