Blogpost Friday! Networking |
- Blogpost Friday!
- Are Sonicwalls capable of multi-ISP dual homed BGP?
- Can someone ELI5 SIP ALG?
- Any experiences with 2.5/5GBASE-T and SFP+ modules?
- Help me understand why this worked
- High Availability DR Site with Microsoft Azure??
- Past ICND1 but feels like I still need to study?
- WatchGuard vs Fortigate
- VPN cuts off local LAN
- How to store switch/router details?
- Procurve 3800 "show run" from operator role
- what causes asymmetric transfer rates?
- 10G internet router for multi-homed colo site - maybe not Cisco.
- Using Anyconnect Client Failover
- windows port mapping/forwarding
- Troubleshooting best practice literature
- Can Auto MDI-X swap each pin individually or pairs only?
- Transparent firewalls
- Routing VLANs over different WAN connections?
- Cisco 9800 WLC VM
- Proxy to alter web content?
- How do you provide network access to external consultants?
- How does identitity based web filtering work with multiple users on a machine
| Posted: 15 Aug 2019 05:04 PM PDT It's Read-only Friday! It is time to put your feet up, pour a nice dram and look through some of our member's new and shiny blog posts Feel free to submit your blog post and as well a nice description to this thread. [link] [comments]  |
| Are Sonicwalls capable of multi-ISP dual homed BGP? Posted: 16 Aug 2019 11:30 AM PDT We currently have NSA 5600 HA's running our datacenter. We currently have a single provider, single line. We're evaluating getting our own IP block, two providers and BGP to provide better redundancy, but I can't figure out a straight answer on whether Sonicwalls even support it. Admittedly, I don't know a whole lot about BGP, no experience with it. But I've reviewed Sonicwalls KBs and I can find nothing in there about setting up a multihomed dual ISP BGP configuration... only single and multi homed single ISP BGP configurations. So this leads me to wonder if Sonicwall even supports it. I do see in one of their documents: "The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. " I also found this doc which looks fairly old/outdated that talks about BGP with two ISPs, but I'm not 100% sure if this configuration is what I'm looking for, as it has a different remote-as for each provider, so I'm assuming that means each provider will have a different public IP block, whereas we need one IP block for both ISPs. http://help.sonicwall.com/help/sw/eng/8410/25/9/0/content/Appendix_B_BGP.171.20.html Is there anyone out there running this configuration that can verify it's supported? And if so would you mind sharing a config example on how to set this up? [link] [comments]  |
| Posted: 16 Aug 2019 01:54 AM PDT I recently had a site that was basically a test environment for a specific type of business. They were testing out the phone install process and actual service from different VOIP providers so they had a few different systems running on their equipment. This wasn't a typical site, I had to mdf access, just a switch where I was to do my work. Other providers were provided with the same, a Cisco 2960-X with an uplink to their network. The topology was explained to me as Centurylink fiber with different broadband providers feeding to a Cisco router to a Cisco 2960-X switch which then fed to our test install switches. They did not share much more information about the network setup and upon connecting to the switch I had dhcp IP but no internet connection, could ping gateway but no outside traffic. They made some changes and proceeded to provide me internet access. Now before the phone installation a readiness test is ran to make sure the network is good, specifics of this is not available to me but I know it checks bandwidth as well as possible network incompatibilities. SIP ALG came up but support was unsure how it'd affect our install, the readiness test just flagged it. The phones were obihai VOIP phones and almost everything worked properly, except for call parking and transferring. Configurations were checked and working configs were used to no success. SIP ALG could not be disabled due to another provider requiring it but it was determined that was most likely causing the issues we experienced. My question is what exactly is SIP ALG and does anyone have similar experiences? I've done my basic read up on it and I understand the big picture of it but I've never encountered it in the field and am not enough network knowledged to understand why this might've only caused issues with these features. There was no other equipment installed, the VoIP phones were wired directly to the switch and were PoE if that makes any difference. No device in between and afaik it went from switch to switch to router though from my experience there would usually be a firewall somewhere along the line. I know this is a rather broad question with little info but this case piqued my interests [link] [comments]  |
| Any experiences with 2.5/5GBASE-T and SFP+ modules? Posted: 16 Aug 2019 01:38 PM PDT I've seen that not only Aquantia, but other vendors like Flexoptix and FS are offering SFP+ modules that are capable of not only 1/10GBASE-T but combinations of 1/2.5G, 1/2.5/5G or even 1/2.5/5/10G, where the last option usually ends up being the most expensive. While Aquantia mentions some sort of rate adaptation (https://www.aquantia.com/products/sfp-modules/) for theirs, likely making it compatible with existing SFP+ ports, I don't know if the switch or NIC needs to have some knowledge about the multi gigabit standards or will it "just" work? - Does the SFP+ module implement the multi gigabit standards or will it only work when the NIC or switch were made after these newer standards were ratified? [link] [comments]  |
| Help me understand why this worked Posted: 16 Aug 2019 09:07 AM PDT I'm an IT generalist in a medium sized business. Networking is not my strong point. I was Network+ certified some years ago, but our infrastructure is really small so my skill has atrophied somewhat. Recently we started allowing a number of our employees to work remotely. They quickly started opening helpdesk tickets about VPN issues trying to connect to resources in Azure. While connected to the VPN, web browsing (80/443) would work. But any services that used a non-web port (RDP/3389, SQL/1433) would fail if they were connecting to a resource on the internet. Accessing Azure resources while directly connected in the office was working. The VPN is hosted on our firewall/gateway in the office. It's a Sophos SG310 UTM. Ultimately I fixed the problem by enabling NAT masquerading for the SSL VPN subnet to the WAN. It was already enabled for the directly connected subnets. My question is - why did web traffic work even if NAT was not configured? I would have expected that all return traffic from the internet, regardless of the port, should not have had a route to the clients. [link] [comments]  |
| High Availability DR Site with Microsoft Azure?? Posted: 16 Aug 2019 11:40 AM PDT The organization I work for is looking to setup a DR site in Microsoft Azure in the next two years and I have some Networking questions about it. Hopefully someone here can point me in the right direction since I'm sure everything we want to do is possible, but I currently lack the knowledge on where to start. The plan is to start backing up our VMware disks to the cloud for safe keeping. Then if the main data center gets nuked we would just start paying Azure for the resources to actually spin up the VMware disks as production servers. The servers would have the same IPs and the clients would need to be routed out to the cloud for everything to work. This is where I start getting fuzzy. I'm aware that you can span subnets between datacenters using VXLAN as part of an overlay. So you're running layer 2 over layer 3. Usually everyone says to run iBGP between the datacenters as your routing protocol. (I've never done any of this and have only read the really high level view) If we are using Azure is the process the same? Or is there some other network architecture that we should setup for the cloud? I assume at the least we would need to be running some sort of virtual firewall in the cloud to connect to our main site. And we would need to setup a VPN to make this secure. Thank you to anyone with insights and is willing to take the time to respond! [link] [comments]  |
| Past ICND1 but feels like I still need to study? Posted: 16 Aug 2019 02:28 AM PDT I passed my ICND1 yesterday with a ~893 score. But I feel like I had a lot of questions on the exam which i couldn,t anwser and had to guess. Is this normal? [link] [comments]  |
| Posted: 16 Aug 2019 06:28 AM PDT We are getting quotes to replace a old Cisco ASA firewall Our preferred vendor has proposed an Fortigate 500E or Watchguard M570. They are kinda pushing the watchguard as a better fit for us but I have seen some negative comments out here about that brand - wondering about specifics? Good remote user vpn, reporting/logging, web filtering, app blocking are things important to us. Thanks [link] [comments]  |
| Posted: 16 Aug 2019 10:00 AM PDT We have a lot of businesses we work with that utilize VPNs (like Cisco AnyConnect or Palo Alto, for example) where they have disabled local LAN functionality. This is a bummer because we have a ton of local server data over SMB that is needed to be accessed while on these VPNs. Is there any way I can implement a work-around? I've tried forcing routable paths on my workstation but that doesn't work. Current work-around I have is that I created a VM that I connect to the VPN with a Remote https service(like Teamviewer, screenconnect, etc) then after establishing a connection I can open the Virtual console to "directly connect" to the VM as I cannot RDP to it since it cuts off all local traffic. Being on the client-side of course I cannot tweak the VPN to my liking. Thanks for any suggestions. [link] [comments]  |
| How to store switch/router details? Posted: 16 Aug 2019 05:10 AM PDT Hi, Is there any open source software to store network device details. Currently we are using Excel file, secured with commonly known password (yup, secure as ...) each row is filled with:
I'm aware that best option is to use some DCIM software (eg. netbox). My company is working on it, but it will take some time to decide which DCIM software we are going to use. [link] [comments]  |
| Procurve 3800 "show run" from operator role Posted: 16 Aug 2019 08:39 AM PDT We still have a few of these Procurve 3800s and I'm trying to see if it's possible to show the config from an operator role. We have a read only user configured via RADIUS for config backups, and I'd like for it be able to issue the "show run" command as a non-manager user but I can't seem to figure out how. The switch software version is KA.16.04.0016, and it doesn't appear to support the command-privilege command. Anybody have any ideas? [link] [comments]  |
| what causes asymmetric transfer rates? Posted: 16 Aug 2019 02:14 PM PDT I noticed something weird. When transferring between two hosts A & B (in 2 different geographical locations). When transferring from A to B, transfer rate is a meager 6MB/s when I am transferring from B to A however, I get >100MB/s anyone know what causes this? thanks!! [link] [comments]  |
| 10G internet router for multi-homed colo site - maybe not Cisco. Posted: 15 Aug 2019 10:10 PM PDT Looking for a pair of routers that can support a full public BGP table and 10G throughput. For similar projects in the past, I've usually gone with Cisco ASRs but the costs are pretty steep compared to some of the alternatives. I'm thinking about trying Huawei or Juniper this time. Any thoughts about these or other brands? I'd appreciate any recommendations for models. [link] [comments]  |
| Using Anyconnect Client Failover Posted: 16 Aug 2019 06:05 AM PDT I have two Cisco ASA firewalls in disparate locations across my campus. They were purchased before I started and do not have SFP interfaces. I am trying to get some sort of HA established for VPN. Here are my thoughts thus far:
[link] [comments]  |
| windows port mapping/forwarding Posted: 16 Aug 2019 03:16 AM PDT I write a port mapping/forwarding software for windows. hope it's helpful :) [link] [comments]  |
| Troubleshooting best practice literature Posted: 16 Aug 2019 10:22 AM PDT Networking folks! What websites or literature can you recommend for best practices in troubleshooting? Like different troubleshooting approaches/philosophies, things to consider, biases, fallacies, etc. Thx [link] [comments]  |
| Can Auto MDI-X swap each pin individually or pairs only? Posted: 15 Aug 2019 10:57 PM PDT I always wondered if modern devices can fix cables with random wiring on each end. Or is there another protocol in case someone messes the wiring up? I know about EMI on mixed twisted pairs but on short distances that could work fine I guess. [link] [comments]  |
| Posted: 15 Aug 2019 08:57 PM PDT Are firewalls commonly used in transparent mode in large networks? In which scenarios? Would a transparent firewall between a site router and the various networks (a typical corporate LAN and a plant/production network) at a small branch office be a normal deployment? I have a coworker that is very much against firewalls doing any routing and it feels like a bad idea to me but I wouldn't be able to articulate why that is. [link] [comments]  |
| Routing VLANs over different WAN connections? Posted: 16 Aug 2019 09:11 AM PDT This is the scenario... https://imgur.com/a/erdNSyQ Forgive my crazy Visio, I tried to get what was in my brain, out of my brain...if I am totally headed in the wrong direction please let me know. But this is how I envision this working simplistically. A branch office needs both public and private wifi access. I want to have one access point with both public and private VLANs, but the public should route out the local Comcast connection and the private should route out the main WAN connection like the rest of the branch. The branch router doesn't have any available ports, so I would create a sub-interface and a VLAN on the switch connected to it. Anyway, would this be policy based routing? Does anyone know a good resource that I could start with to get this working? I don't have any experience with pbr. I think it is a fairly common scenario, but we are moving from physically separated public/private wifi to this. It's cumbersome having two AP's at every location. (it was an auditor thing) [link] [comments]  |
| Posted: 16 Aug 2019 01:33 AM PDT I'm looking at the 9800-CL as a replacement for our existing 2504 controllers. As I understand it the vm is free but each AP needs a DNA essentials license at a minimum. Is this correct? Has anyone here deployed the 9800 wlc's? [link] [comments]  |
| Posted: 16 Aug 2019 08:59 AM PDT Hey everyone, I am not a networker but I need to create a NON-TRANSPARENT proxy that will alter web content. How do I go about learning this? Any online resources that someone like me can understand? I know python and some JavaScript as well as html and css if that helps. Thanks! [link] [comments]  |
| How do you provide network access to external consultants? Posted: 15 Aug 2019 11:35 PM PDT We currently provide our own laptops to external consultants and connect to our network. However, this is unique case cause the consultant has few tools and softwares which can't be installed in our laptop (licensing issue) and he needs to access our internal network. So is VPN the only option? How else would you recommend segregating network access? [link] [comments]  |
| How does identitity based web filtering work with multiple users on a machine Posted: 16 Aug 2019 02:46 AM PDT How do technologies like Fortigate FSSO, Checkpoint Identity Awareness and even BlueCOAT's BCAAA work in general steps, when using a multiuser server (like TS or Citrix)? In case of one user/server I find that easy, user signs in to server, agent identifies the user is logges in relays this info to the firewall, and now the firewall will apply the specific policy for traffic sourced from that IP. However in the case of multiple users, there has to be more granularity, as the users may have different access privileges so you can't apply a policy to an IP, that just won't work. So how does it actually work? My general idea is that when the agent would match each users applications by their PID, and then (through something like a netstat command) see the source ports used by those applications, and with that info (userid, AD group membership, source IP, destination IP, source port, destination port, and maybe URL) then the firewall can identify the connections and decide whether or not to allow them. However this seems like a lot of work. I'm doing some tests with a VM and I'm trying some websites and seeing that each takes a few tens of TCP connections each, granted these are probably very short lived. But given a few dozen users on the server, and each of them have a few websites open in different tabs/browsers I feel these would add up quite fast and be very dynamic. Seems a lot for the agent to relay and the firewall to go through. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking news, blogs and discussion.. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment