Clik here to view.
Minor Palo Alto Bug concerning IPv6 MGT
A few month ago I found a small bug in PANOS, the operating system from Palo Alto Networks. It is related to an IPv6 enabled management interface. The MGT address was not reachable when the firewall...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate Cisco ASA
Following is a step-by-step tutorial for a site-to-site VPN between a Fortinet FortiGate and a Cisco ASA firewall. I am showing the screenshots of the GUIs in order to configure the VPN, as well as...
View ArticleClik here to view.
“IPv6-Präfixe würfeln”– Was soll das?
Seit Monaten sieht man auf heise online an der rechten Seite den Link zu einem Artikel namens “IPv6-Präfixe würfeln“. Dabei geht es darum, OpenWRT einen Teil des IPv6-Präfixes innerhalb gewisser...
View ArticleClik here to view.
Site-to-Site VPNs with Diffie-Hellman Groups 19 & 20 (Elliptic Curve)
Similar to my test with Diffie-Hellman group 14 shown here I tested a VPN connection with the elliptic curve Diffie-Hellman groups 19 and 20. The considerations why to use these DH groups are listed in...
View ArticleClik here to view.
Idea: IPv6 Dynamic Prefix
For dynamic IPv4 addresses, dynamic DNS services such as Dyn or No-IP are well-known. If an ISP issues a single dynamic IPv4 address every 24 hours (or the like), the router or any other device...
View ArticleClik here to view.
FRITZ!OS ab 06.23: IPsec P2 Proposals erweitert
Es geht in eine weitere Runde bei den VPNs von und zur FRITZ!Box. Nach den unglücklichen Änderungen in Version 06.20 hat AVM wieder ein paar Phase 2 Proposals hinzugenommen, die komplett ohne...
View ArticleClik here to view.
Firewall IPv6 Capabilities: Cisco, Forti, Juniper, Palo
Since IPv6 gets more and more important, I am using it by default on all my test firewalls, which of course support IPv6. However, when comparing the different functions and administration...
View ArticleClik here to view.
IPv6 through IPv4 VPN Tunnel with Juniper SSGs
The most common transition method for IPv6 (that is: how to enable IPv6 on a network that does not have a native IPv6 connection to the Internet) is a “6in4″ tunnel. Even other tunneling methods such...
View ArticleClik here to view.
Ping Times/Latency: DSL vs. Glasfaser, IPv4 vs. IPv6
Seit wenigen Tagen bin ich glücklicher Kunde eines Telekom Glasfaseranschlusses. Mit satten 50/10 MBit/s rasen die Daten bei mir ein und aus. Neben der deutlich höheren Geschwindigkeit war ich aber...
View ArticleClik here to view.
Basic IPv6 Messages: Wireshark Capture
When explaining IPv6 I am always showing a few Wireshark screenshots to give a feeling on how IPv6 looks like. Basically the stateless autoconfiguration feature (SLAAC), DHCPv6, Neighbor Discovery, and...
View ArticleClik here to view.
Telekom Dual-Stack Verbindungsaufbau
Bis neulich hatte ich einen normalen DSL-Anschluss von 1&1: Per PPPoE eingewählt und eine IPv4-Adresse bekommen – fertig. Das kann neben der FRITZ!Box natürlich auch jeder vernünftige Router oder...
View ArticleClik here to view.
Out of the Box Network Analyzer “ntopng”
Some time ago I installed a new firewall at the customer’s site. Meanwhile the customer was interested in the flows that are traversing through the firewall right now. Oh. Good question. Of course it...
View ArticleClik here to view.
IPsec Site-to-Site VPN FortiGate FRITZ!Box
Hier kommt ein kurzer Guide wie man ein Site-to-Site VPN zwischen einer FortiGate Firewall und einer AVM FRITZ!Box aufbaut. Anhand von Screenshots zeige ich die Einrichtung der FortiGate, während ich...
View ArticleClik here to view.
Policy Routing on a FortiGate Firewall
This is a small example on how to configure policy routes (also known as policy-based forwarding or policy-based routing) on a Fortinet firewall, which is really simple at all. Only one single...
View ArticleClik here to view.
1&1 DSL Routing: Hop Counts unterschiedlich
Seit über einem Jahr zeichne ich die Anzahl der Hops von einer Reihe DSL-Anschlüssen auf (siehe hier). Mein Monitoring-Server läuft dabei hinter einem statischen Anschluss der Telekom, während die...
View ArticleClik here to view.
Policy-Based Routing on ScreenOS with different Virtual Routers
I already puslished a blog post concerning policy-based routing on a Juniper firewall within the same virtual router (VR). For some reasons, I was not able to configure PBR correctly when using...
View ArticleClik here to view.
Policy Based Forwarding on a Palo Alto with different Virtual Routers
This guide is a little bit different to my other Policy Based Forwarding blog post because it uses different virtual routers for both ISP connections. This is quite common to have a distinct default...
View ArticleClik here to view.
Policy Based Routing on a Cisco ASA
Cisco ASA 9.4 (and later) is now supporting Policy Based Routing. Yeah. Great news, since many customers are requesting something like “HTTP traffic to the left – VoIP traffic to the right”. Coming...
View ArticleClik here to view.
OSPF Visualizer
While reading the OSPF chapter in the Cisco CCNP ROUTE learning guide, I was interested in how to visualize an OSPF area. Since every router in the same area has a complete view of all routers and...
View ArticleClik here to view.
OSPFv3 for IPv6 Lab: Cisco, Fortinet, Juniper, Palo Alto
Similar to my test lab for OSPFv2, I am testing OSPFv3 for IPv6 with the following devices: Cisco ASA, Cisco Router, Fortinet FortiGate, Juniper SSG, and Palo Alto. I am showing my lab network diagram...
View Article