If you have noticed that your Blue Coat ProxySG inserts a HTTP header in every transaction, you might want to delete this to reduce information leakage to public networks
F5 BigIP LTM and GTM does not have any user authorisation capability for administration by Radius or TACACS. Can you believe that? They have been producing F5 BigIP software for more than a decade and I cannot believe that customers have not been asking to provide external user authorisation. To compare, I have just been [...]
No doubt that the Cisco Nexus 7000 switch is a fine piece of technology. The performance and throughput is welcome, and clearly offers some fine new capabilities such as virtualisation, ISSU, better OOB and so on. I am sure that everyone can perceive the positive messages, lets face it, Cisco isn’t going to be shy in telling us about them.
However, lets consider the issue from the perspective of the architect/designer and how Cisco has positioned this in the marketplace. From an architecture perspective, I will need to commit a substantial capex to the product and a much larger amount of resource cost to transition a network to use the product. Even if I am building new data centres (and thus have no legacy), changes to operating standards, procedures, management tools and other orchestration issues present substantial barriers to adoption.
Dynamips and dynagen are well behaved programs most of the time. Occasionally I am configuring a feature or two that causes IOS to crash (most recently I was configuring MPLS and redistribution on c2600 IOS which got really busted).
Then I noticed that my hard drive didn’t have a lot of free space….
A very simple tool in your Proxy SG to check that you can access resources. It only works for HTTP but it provides a good check. I use this a lot in networks where ICMP has been disabled for security.
The customer had decided to build a hosting platform, but could only arrange for a single internet connection to that site due to location. However, all other hardware was duplicated for high availability. After considering the options the following diagram was prepared showing the first pass at the design. This was the Internet Connection (100Mb Ethernet) connected to the router, then connected to a switch, which was interconnected by trunk to a second switch. The first layer of firewalls is then connected.
I have been working on a VPN setup that loads the Group Policy from a CiscoSecure ACS server. During the process I discovered the test aaa-server command. Its very handy tool when you are doing this kind of stuff.
First, I read about what TunTap is at Wikipedia and VTUN Sourceforge. From what I read, TunTap was written for the VTUN project to specifically encapsulate Ethernet packets (TAP driver), whereas the TUN driver encapsulated IP packets. The driver is used by other popular software so it looks like it is here to stay. It [...]
Is a laptop a Hammer ? I always perceived that my laptop is a special type of toolkit, in the same way that a tradesman has his toolbox of hammers and screwdrivers, I had a laptop with Windows and various pieces of software that are my tools. A TFTP server, notepad for manipulating text files, [...]