Category: Firewalling
Configuration Example, Firewalling
FortiGate – debug flow
You can use the diagnose debug flow commands to do a policy simulation. An example of the output: fw01 (root) # diagnose debug enable fw01 (root) # diagnose debug flow show console enable show trace messages on console fw01 (root) # diagnose debug flow filter addr 10.10.1.25 fw01 (root) # diagnose debug flow trace start … Read More
Configuration Example, Firewalling
McAfee Firewall – NAT mapping
While testing a McAfee Enterprise Firewall running software 8.2.0, I had some problems with the creation of a NAT mapping. The firewall is configured as standalone firewall. All (NAT / access rule) configuration on the firewall is done using Access Control Rules. McAfee uses two types of NAT mapping: NAT: mostly used to translate a … Read More
Configuration Example, Firewalling
Cisco ASA – Reset TCP connection
“Normal” TCP applications use a three-way handshake to establish a session. After data has been send the session is closed. Some legacy applications don’t always close a TCP session. They keep the session open, even when the session is idle for a long time (+ 2 hours). When the session is idle and a client … Read More
Cisco ASA – Full recovery
While trying to perform a password recovery on a Cisco ASA, I noticed that the password recovery feature was disabled on the appliance. Without the password recovery feature enabled, you can recover the Cisco ASA, but the file system will be wiped completely. During the boot of the Cisco ASA you need to press ESC … Read More
ISA Server 2006 array – renew certificate
When configuring a Microsoft ISA Server 2006 array you have two options for authentication and communication between the Microsoft ISA 2006 Configuration Storage Server and the array members. Windows Authentication: Choose this option if ISA server and the Configuration Storage server are in the same domain, or in different domains with a trust relationship between … Read More
Juniper SSG to Cisco ASA VPN with overlapping subnets
I needed to configure a site-to-site VPN connection between a Juniper SSG firewall and a Cisco ASA firewall. The configuration of a VPN connection is very straightforward, but this time the networks behind the firewalls are overlapping. I have configured the Cisco ASA multiple times in such scenario, but the configuration of the Juniper SSG … Read More