Introduction This is quite a complex topic and can still be a tricky one to get right but I have developed a proven methodology that can be used very successfully.I have now used this methodology multiple times to transition from
Upgrading SSH Keys
Putting this here as I always forget the commands when I need them! For more details see Gerts blog post linked below. Commands Create new ed25519 keys: Create secure rsa keys: Find all keys on your system: Change or add
Palo Alto Dual WAN branch office to Netscreen HQ
Introduction The deployment of dual WAN firewall solutions in branch offices is often required to ensure fail-over for unreliable WAN connections. This type of deployment however can add additional complexity compared to a full BGP setup using capable routers. With
Juniper Netscreen Track IP
Introduction IP tracking can be used to change routing based on the connectivity of configured IP addresses. This can be used with either default routes or static routes which in normal circumstances would not change in the event of reachability
Troubleshooting Juniper Netscreen VPNs Down
Introduction If you’ve ever needed to investigate a site to site tunnel which is down at 05:00 in the morning, this might just help you get to the bottom of it a bit faster. Steps to take Access your firewall
Rancid Logins Fail After ASA Upgrade to 9.1(7)
Introduction You’ve performed a code upgrade on an ASA firewall and suddenly Rancid decides it won’t login. You’ll get the message: spawn ssh -c 3des -x -l <user> <device> no matching cipher found: client 3des-cbc server aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr Error: Couldn’t login:
Sophos UTM9 Reverse Proxy Certificates
Introduction If you’re using the Sophos UTM9 as a reverse proxy then you will need to install certificates on the UTM to present to the client when they are browsing those secured sites. The UTM will need the file in
Sophos UTM9 Reset Used IP count
Introduction If you’ve got the Sophos UTM up and running in your home network then you may come across this issue at some point. I was using UTM9’s web protection for quite some time and suddenly starting receiving emails to
Postfix Encrypt Email in Transit Where Possible
Introduction I noticed in Gmail recently they started warning when email messages weren’t encrypted in transit. When I say transit I mean when a message leaves your email server and sends to another mail server / edge server for another
Juniper Netscreen Site-to-Site VPN Rekey
Introduction The problem I was having was as follows. 3 Juniper devices in a hub and spoke topology, 1 HQ and 2 Branch. The 2 Branch firewalls were actually just basically identical configs in one branch on separate DSL lines.