Category: Firewalling

Configuration Example, Firewalling

FortiGate – debug flow

René Jorissen on February 10, 2015 0 Comments • Tags: #debug #diagnose #flow #fortigate #policy #simulation

You can use the diagnose debug flow commands to do a policy simulation. An example of the output: fw01 (root) # diagnose debug enable fw01 (root) # diagnose debug flow show console enable show trace messages on console fw01 (root) # diagnose debug flow filter addr 10.10.1.25 fw01 (root) # diagnose debug flow trace start … Read More

Configuration Example, Firewalling

McAfee Firewall – NAT mapping

René Jorissen on December 28, 2011 0 Comments • Tags: #arp #enterprise #firewall #mcafee #nat #proxy #redirect

While testing a McAfee Enterprise Firewall running software 8.2.0, I had some problems with the creation of a NAT mapping. The firewall is configured as standalone firewall. All (NAT / access rule) configuration on the firewall is done using Access Control Rules. McAfee uses two types of NAT mapping: NAT: mostly used to translate a … Read More

Configuration Example, Firewalling

Cisco ASA – Reset TCP connection

René Jorissen on August 22, 2011 2 Comments • Tags: #application #asa #cisco #idle #legacy #packet #psh #reset #rset #tcp #timeout

“Normal” TCP applications use a three-way handshake to establish a session. After data has been send the session is closed. Some legacy applications don’t always close a TCP session. They keep the session open, even when the session is idle for a long time (+ 2 hours). When the session is idle and a client … Read More

Firewalling

Cisco ASA – Full recovery

René Jorissen on May 24, 2011 1 Comment • Tags: #asa #cisco #full #password #recovery

While trying to perform a password recovery on a Cisco ASA, I noticed that the password recovery feature was disabled on the appliance. Without the password recovery feature enabled, you can recover the Cisco ASA, but the file system will be wiped completely. During the boot of the Cisco ASA you need to press ESC … Read More

Firewalling, Security

ISA Server 2006 array – renew certificate

René Jorissen on May 23, 2011 0 Comments • Tags: #2006 #array #authenticate #certificate #channel #configuration #encrypted #isa #renew #server #ssl #storage

When configuring a Microsoft ISA Server 2006 array you have two options for authentication and communication between the Microsoft ISA 2006 Configuration Storage Server and the array members. Windows Authentication: Choose this option if ISA server and the Configuration Storage server are in the same domain, or in different domains with a trust relationship between … Read More

Firewalling

Juniper SSG to Cisco ASA VPN with overlapping subnets

René Jorissen on March 29, 2011 0 Comments • Tags: #asa #cisco #juniper #overlapping #screenos #ssg #subnet #vpn

I needed to configure a site-to-site VPN connection between a Juniper SSG firewall and a Cisco ASA firewall. The configuration of a VPN connection is very straightforward, but this time the networks behind the firewalls are overlapping. I have configured the Cisco ASA multiple times in such scenario, but the configuration of the Juniper SSG … Read More