Very rarely do I have to do any modification of Linux netfilter firewall rules directly using iptables. I generally use Debian based Linux distributions personally e.g. Ubuntu which come preinstalled with UFW as an abstraction layer to iptables but there
Palo Alto Useful Links and Commands
I’m forever needing docs for Palo Alto considering that is now my weapon of choice in the fight against bad actors. The problem is that it can sometimes take me an age to find some of those useful docs that
Firewall Vendor Transitioning
Introduction This is quite a complex topic and can still be a tricky one to get right but I have developed a proven methodology that can be used very successfully.I have now used this methodology multiple times to transition from
Upgrading SSH Keys
Putting this here as I always forget the commands when I need them! For more details see Gerts blog post linked below. Commands Create new ed25519 keys: Create secure rsa keys: Find all keys on your system: Change or add
Palo Alto Dual WAN branch office to Netscreen HQ
Introduction The deployment of dual WAN firewall solutions in branch offices is often required to ensure fail-over for unreliable WAN connections. This type of deployment however can add additional complexity compared to a full BGP setup using capable routers. With
Juniper Netscreen Track IP
Introduction IP tracking can be used to change routing based on the connectivity of configured IP addresses. This can be used with either default routes or static routes which in normal circumstances would not change in the event of reachability
Troubleshooting Juniper Netscreen VPNs Down
Introduction If you’ve ever needed to investigate a site to site tunnel which is down at 05:00 in the morning, this might just help you get to the bottom of it a bit faster. Steps to take Access your firewall
Rancid Logins Fail After ASA Upgrade to 9.1(7)
Introduction You’ve performed a code upgrade on an ASA firewall and suddenly Rancid decides it won’t login. You’ll get the message: spawn ssh -c 3des -x -l <user> <device> no matching cipher found: client 3des-cbc server aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr Error: Couldn’t login:
Sophos UTM9 Reverse Proxy Certificates
Introduction If you’re using the Sophos UTM9 as a reverse proxy then you will need to install certificates on the UTM to present to the client when they are browsing those secured sites. The UTM will need the file in
Sophos UTM9 Reset Used IP count
Introduction If you’ve got the Sophos UTM up and running in your home network then you may come across this issue at some point. I was using UTM9’s web protection for quite some time and suddenly starting receiving emails to