Replacing ASA5550 with a PA-3020, thoughts? Networking |
- Replacing ASA5550 with a PA-3020, thoughts?
- Is SonicWALL stil la worthy competitor?
- dynamic client vpn endpoint address? route53?
- Cisco Cat 9k series for our user net (not DNA) -- some questions
- UTM / Firewall for < 250 users single site
- SPA-1x10GE-L2 card
- Upgrading to Cat9k
- Implementing a wireless network to connect cranes in a harbour.
- Time management
- Authenticating using NPS on Server 2012R2 (RADIUS)
- Combining Lan/Wan switches
- Looking for a little guidance on a simple Palo Alto firewall setup
- POTS --> ethernet (LAN) --> POTS
- Modem that support DSL, ADSL, VDSL, etc.
- HPE 5700 need help with basic port settings (Layer 2)
- Cisco FPR4100 backup Management Center config via SSH
- Got Gigiabit - But No One Can Tell. (Aerohive Configuration Help?)
- Cisco 9300+ISE - IoT Security
- NX-OS v9 out finally for cisco 9Ks and 3Ks
- python - netmiko
- Cause of exceeding packet in policy-map?
- Doing my first Network install for a client!
- IPv4 vs IPv6 IPSEC performance
| Replacing ASA5550 with a PA-3020, thoughts? Posted: 26 Jul 2018 12:25 PM PDT I'm thinking about replacing an ASA5550 with a PA-3020. Any thoughts about if this is a good move? [link] [comments]  |
| Is SonicWALL stil la worthy competitor? Posted: 26 Jul 2018 06:17 AM PDT First off, I don't mean to offend any sonicwall lovers out there :). Reason I'm asking is I have a smaller client looking to replace their firewall. Currently they have a very old TZ-205 I think. It's got no warranty or support. I'm used to dealing with the likes of Palo Alto and Meraki. I haven't dealt with sonicwall a lot in the past several years, but they seem to be having a rough go the past 5 years... or am I just disillusion? The client is small, only about 4-5 seats in the office. I could go Meraki MX64, but I'm not a fan of the Meraki licensing model. I could go with a PA-220, but that price might shock them. Looking at SonicWALL's offerings, they have a TZ400 and that's about $800. I'm also unsure of what their licensing landscape looks like these days. Of course, I'm always open to alternatives if anyone has any great ideas. I would like them to have some level of application aware firewall capability and they must have client-VPN. [link] [comments]  |
| dynamic client vpn endpoint address? route53? Posted: 26 Jul 2018 11:40 AM PDT So right now i have a few sites that can host client vpns and i try and hand out the address according people on the west coast i give my sf firewall and people in the east i give my ny firewall and so on and so. what I want to do is give all users the same address vpn.network.com and then have users connect to that and that dynamically send them to east or west or uk or where ever is there nearest vpn-endpoint or if one is down route to the next best? iv seen some stuff in route 53 that looks like it sorta can do that but i would have to create a record for every state to send half to east and half to west. just looking for the best/least painful way to set this up. Thanks [link] [comments]  |
| Cisco Cat 9k series for our user net (not DNA) -- some questions Posted: 26 Jul 2018 07:05 AM PDT We are planning to buy 9300 series (with mGig and stacking) for L2 access and 9500 (StackWise Virtual ) as the routed aggregation layer for our offices. We are running: 802.1X, PoE for APs, NEAT for our 2960cx table switches, DHCP Snooping, and some other port security. We are aware of the problem with mGig and Cat5, so we are in the process of upgrading the cable infrastructure to CAT6A in the office. I am still a bit worried about stability in the code of 16.x and the hardware itself. Currently we are running 3750x and in that deployment we have had some bugs in DHCP snooping and memory leaks with 802.1X. We do not wanna go back to those kind of headaches. We need 24/7 365 days of stability. As of now we are happy with the 3750x except their buffers. . . 1.) Anyone of you guys that are running the 9000 series that can say anything about the stability in the hardware? 2.) Anyone that is running 16.x IOS XE that can say anything about its stability? 3.) Is it worth paying for the mGig ports? We are planning to run the switches for 7-8 years (or as long we have support on them). The switches are going to provide access for APs, and wired access to the researchers that demand high capacity user network. Is there any chance that we will see clients with support for mGig, or is this purely for APs? 4.) Running 9500 in StackWise Virtual -- is it buggy? . . We have a good budget, but we do not want to waste money unnecessary. We are not in a position to look outside Cisco products. We are going to have a meeting with our VAR, but I would like to get some honest answers before that! Thanks! [link] [comments]  |
| UTM / Firewall for < 250 users single site Posted: 26 Jul 2018 11:57 AM PDT Hi guys, we are looking to replace our older SonicWall NSA2600's as we have outgrown the throughput on them. Currently i am looking at the NSA3650's however I am tempted to look else where. I only have experience with SonicWalls however i am a quick learner. Looking for some suggestions / recommendations on what would be a better replacement and why. All our switches are currently Dell, but we could be changing them in the next few years if that will make integrating with any UTM better. Thanks in advance for any advice / feedback. There is only so much you can get from watching some videos and reading the manuals and with dozens of offerings out there its good to get another persons perspective. [link] [comments]  |
| Posted: 26 Jul 2018 01:20 PM PDT a 1001x was purchased with this card, but apparently its not a routed port but a layer 2 port, question is what is it used for primarily? is there a workaround to make use of it as a routed port? [link] [comments]  |
| Posted: 26 Jul 2018 03:36 PM PDT Hello everyone! I help administer a fairly large local network (Cisco only) and we currently using 3850, 3750, 2960 for our access layer switches and are looking to upgrade a large amount of them to the new 9k series. My question for you all, cost aside, what benefits could you see with using 9407/9410 switches vs stacked 9300's in closets? We currently mostly use stacked switches with a few others scattered in. I need to present a solution to upper management with the best way forward for our network, and I was leaning more toward the chassis switches where possible. [link] [comments]  |
| Implementing a wireless network to connect cranes in a harbour. Posted: 26 Jul 2018 06:30 AM PDT Good morning guys, i'm currently working on a project to connect several cranes ( 16 ) to the network. The main obstacles here are that i cannot use any wiring. The closest location to the cranes that are connected to the company Lan are 350m away. I was thinking of interconnecting the cranes to each other and then connect the closest one to the Lan. My issue here is tha i do not know how the metallic cranes will attenuate the signal, and if it's possible to simply cover a radius of 500m using a big antenna. The data rate isn't an issue since this whole setup is simply to be able to collect sensors information from the cranes controllers (instead of having to go all the way up to every individual crane to monitor it). I would have used a simpler network with an implementation of a Lora network getting data directly from the sensors but the company already invested in a pc+ software setup for the cranes. Is my solution good enough, is there any modifications you guys would suggest. Here is the plan of the site. https://i.imgur.com/hjfONcn.png I'm planning on connecting everything to the DEL offices, since it's the closest spot connected to the LAN. Edit : The cranes are mobile, they can rotate and move across the rails setup on the edges. [link] [comments]  |
| Posted: 26 Jul 2018 11:25 AM PDT This is probably the wrong sub for this. Question for those who has a full time job, family, and going to school. How do you manage your time? I'm planning to take some two general education from Straighterline, trying to get the AWS CSA and Juniper JNCIP RS this year and trying to learn Python on the side. I think I can do this before 2019 but the lack of motivation is killing me. [link] [comments]  |
| Authenticating using NPS on Server 2012R2 (RADIUS) Posted: 26 Jul 2018 10:46 AM PDT I'm having a hard time authenticating using NPS on Server 2012R2. We're using Aruba IAPs currently with Cisco ACS, but it goes end of life next month, so we're trying to migrate to NPS. I have added my RADIUS clients and configured Connection Request Policy (Access Client IPv4 - allow) and Network Policy (Domain Users group - allow), but I'm still getting authentication errors. We'll be using PEAP w/ MSCHAPv2 and no certificates. I've verified the connections attempts are reaching the server, but getting Error: 6273 "The RADIUS request did not match any of the configured connection request policy. Is there anything I'm missing? [link] [comments]  |
| Posted: 26 Jul 2018 11:10 AM PDT Hi all, I've been tasked with setting up an HA pair for a couple Sonicwalls and dual ISP's. One of the ways I've thought to implement it is by creating 2 new VLANS on our core/distribution switch (one for each ISP) with 3 ports each then connecting the modem to 1 port and the Sonicwalls to 1 port each. Our switch stack is a couple 3750's. I'm sure this would work, but I'm not sure if this is a best practice. One of our issues is one ISP modem only has 1 port, so this is a work around for that. [link] [comments]  |
| Looking for a little guidance on a simple Palo Alto firewall setup Posted: 26 Jul 2018 06:18 AM PDT For clarity let me preface with a diagram: WAN -> ONT -> PA-220 eth1/1 -> eth1/2 -> Switch I'm using a PA-200 in L3 configuration. I have a static IP range from the local admin of the building we are leasing in. My subnet mask is /29. The IP range is 130.x.x.250-254. Current config: Interfaces
Policies:
Virtual Routers:
Virtual Wire:
I'm not able to identify the network from the test machine off the switch. I'm no network admin by trade (am a software architect), but we needed to spin up a remote office quicker than we could hire out. [link] [comments]  |
| POTS --> ethernet (LAN) --> POTS Posted: 26 Jul 2018 02:07 PM PDT I am needing a solution to convert 2 or more incoming POTS lines to ethernet and back again. The network was changed to Fiber and before I port their numbers over I need to be able to get the lines out to a building that is on the same LAN. I only need 2 lines, but if I could set it up for 4 then it would give expandibility. [link] [comments]  |
| Modem that support DSL, ADSL, VDSL, etc. Posted: 26 Jul 2018 02:02 PM PDT Does anyone know of modem that support DSL, ADSL, VDSL, etc. That may also incorporate A TR69 client (Not required) [link] [comments]  |
| HPE 5700 need help with basic port settings (Layer 2) Posted: 26 Jul 2018 09:54 AM PDT I have an HPE 5700 switch I need to configure for a SAN. I have the fans set right, SSH/Management, etc. I have left the default VLAN 1 alone and created vlan2 for production. None of the servers or my storage array can ping/talk with one another on vlan 2. I need to setup flow control and a few more options which I have found the parameters for in my HPE manuals but I would like to just get basic connectivity going before I start flipping more switches. All of the ports that need to talk with one another look like this: interface Ten-GigabitEthernet1/0/* Port access VLAN 2 That's all I have so far, I know with Cisco you need to set the switchport mode but I don't see any commands like that in my documentation. I'm assuming I'm missing a parameter. update I cheated and enabled the Web GUI, I can set all the stuff I need here but it's still not working, I'm dealing with ESXi 6.7 and it seems a lot different from 6.5 I'm probably missing something on the ESXi side. Update 2 It definitely was working originally, it's just one less line config than a cisco switch, it's ESXi that's the issue here, I verified by slapping a 10Gb NIC in a regular Windows PC, plugged it into the 10Gb switch and added it to the correct vlan. I can ping the storage array just not the ESXi hosts. I need to watch an ESXi network config video for 10Gb I haven't done this in over a year and 6.7 feels different. [link] [comments]  |
| Cisco FPR4100 backup Management Center config via SSH Posted: 26 Jul 2018 04:46 AM PDT So the Firepower Management Center does have a integrated backup solution, where you can choose to either download the file or specifiy a Server where the Backup will be uploaded via scp,ftp etc... I however would like to backup this file via SSH. Is there a way to generate the file and store it on the FPR via SSH? I could then open the file and read it that way or is there even a command like "show run" that will print the config in the SSH Window? The only backup solution i can find is the way over the gui and a job to upload it via sftp etc.. Help is appreciated [link] [comments]  |
| Got Gigiabit - But No One Can Tell. (Aerohive Configuration Help?) Posted: 26 Jul 2018 01:14 PM PDT Background: New IT guy of ~6 months, took over all IT ops for a company that was contracting out to an ITSP, company uses exclusively Aerohive APs which can be nice as we're a construction company with lots of job sites and I can configure them all from the manager if changes need to be made, but they're overly complicated imo. We got our brand new gigabit circuit from AT&T turned up today, only seen it go up to around 900Mbps but apparently that's normal (ripoff in my book as we're paying $2100+ a month for this) Hard-wire works fine both before and after the firewall, servers are getting 600 minimum at peak traffic. My APs are struggling though. The most I've gotten out of one is 250, but they're averaging less than 30 which is almost as bad as we had before this with a 50Mb circuit. Broadcasting at 5Ghz with a 80Mhz band width, not sure what else to do to try and get this thing faster. Put in a ticket with Aerohive but not expecting much help. If anyone here has experience configuring these things I sure would appreciate some pointers. We have an AP250 and an AP230 in the office, one for each floor, they should be able to output this no problem. Originally thought it was the firewall (Fortigate 100E), but servers behind it are fine. Set the MTU packet size to try and speed things up via removing fragmentation but it didn't seem to change much. Thanks for any help you guys can offer, let me know if you need any more info. [link] [comments]  |
| Posted: 26 Jul 2018 08:34 AM PDT I'm testing out Cisco Cat9300 switches and ISE functionality. One requirement is to configure and test AAA, and determine how secure the configuration is. For IoT devices, we're utilizing DHCP profiling to identify them and place them in a VLAN with a DACL. One thing that bothers me about using DHCP profiling alone for authentication is that it would be very trivial to spoof the MAC/IP of the device and connect to the network, assuming there is no way of enforcing the device to use DHCP. The DACLs will be very restrictive, but I still wonder if I shouldn't take it further than just DHCP profiling, or even bother with DHCP profiling. I'm trying to find a reasonable compromise between security and ease of access/management. Any thoughts? [link] [comments]  |
| NX-OS v9 out finally for cisco 9Ks and 3Ks Posted: 25 Jul 2018 06:25 PM PDT Just noticed that Cisco ninja released v9 of NX-OS on July 18th, for anyone waiting. Way overdue for me at least been waiting for NX-OS MACSEC support for a long time(93180YC-FX and 93108TC-FX). 9k release notes: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/9-x/release/notes/921_9000_nxos_rn.html [link] [comments]  |
| Posted: 26 Jul 2018 08:02 AM PDT Hello, I hope somebody can help me. At the moment I have written following:
It would be better if I can enter the network for example 192.168.48.0/24 [link] [comments]  |
| Cause of exceeding packet in policy-map? Posted: 26 Jul 2018 09:19 AM PDT Hi, Just want to ask your thought about this, Even though traffic usage doesn't exceed/reach the allocated BW of 5Mbps, there a minimal increase on "Exceeded packets", What would be the cause of these increase? Class class-default police cir 5000000 bc 156250 conform-action set-mpls-exp-imposition-transmit 0 exceed-action drop Class class-default police cir 5000000 bc 156250 conform-action transmit exceed-action drop
Thank you [link] [comments]  |
| Doing my first Network install for a client! Posted: 26 Jul 2018 09:03 AM PDT HI friends! thank you for reading and any advice. I am quoting my very first network cabling job for a client. I have done cabling at home before but Ill admit it was not any prof job and it wasnt always pretty. For a client I will only do quality work with a prof appearance so I need advice on the best procedures. Its a small office needed 3-6 100ft runs. they want Ethernet and phone. I was reading I can run phone and fast Ethernet down 1 cable since Ethernet only uses 2 pairs. Is this a viable rout? Should I just run 6 separate cables? I will need to buy cabling, keystones, wall plates and a punch down tool. Is there a good place to buy these things affordably? Lastly, I have never dealt with phones, I can run the cable well but there are these wall panels for the phones and i don't know how to punch that stuff down. I think its called a 66 block. anything special I need to know about those? [link] [comments]  |
| IPv4 vs IPv6 IPSEC performance Posted: 26 Jul 2018 08:53 AM PDT I apparently suck at googling but I cannot find any comparison of IPSEC performance between IPv4 and IPv6. My head says that IPv6 should be faster but my gut feeling is that IPv6 IPSEC headers are not properly implemented on most gear, negating any benefit. Anyone have any data on this? Preferably Juniper but I take anything. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment