Network design, architecture, thinking, working. Tech.
There is a significant numbers of ASA5110 chassis that have been reworked to look and act like ASA5520 or ASA5540 firewalls. Refer this bug toolkit for more details.
There is a significant camp of software developers who are developing software switching solutions for hypervisors. Which is nice, I guess. The use of software switching in the hypervisor has some good points but, in my view they are heavily outweighed by the bad. I present the use case, and show that software
I’ve been reviewing a network that has some CheckPoint firewalls that have been unstable, and while this isn’t surprising (in my experience, it’s common enough for Checkpoint firewalls to be unstable for some reason or the other), this time I’ve been faced with Checkpoint Clustering. A few years back I tried to make this work, but gave up when CheckPoint couldn’t make it work either.
A few years later, I find someone brave enough to attempt it. This time it’s different, I’m the one who has to justify why it’s a bad idea. Now that the manuals are not secret anymore I think I’ve found out why.
I’ve got a Cloud Security Blanket. Got to know that all my data is safes now.
Cisco announces End Of Life for CS-MARS. Whither goes Cisco’s commitment to Security ?
Recently, the Security Strategy from Cisco has become vague and ill defined.
Quick notes on the Virtual Context licensing requirements when using a Active/Standby (Failover) pair and looking for gotchas and traps.
One of the dangers of being from a pure cisco background is assumption. You treat all devices as if they have the same defaults as ‘normal’ Cisco devices. I think I’m pretty good at avoiding this, but it gets us all sometimes. As we all know, when you run long lived TCP connections through application [...]
The thing about firewalls is that all networks have them. Once, firewall expertise was rare and a special job focus. Now, firewalls are like noses – everyone’s got one.
The Cisco Firewall Service Modules (FWSM) has a design limitation based on its ability to discriminate packet forwarding between multiple contexts. It also applies to ASA/PIX software. Lets review this in detail and learn the evil consequences.
