Category Archives: General

Juniper Open Learning: JNCIE-ENT Certification Exam Preparation

Tuesday, June 11, 2019 7:00 AM PST If you are considering taking or actively preparing for the Enterprise Routing and Switching, Expert (JNCIE-ENT) exam (and joining the #JNCIEClub2019), then join us for a free certification prep session. This session will address many of the common questions candidates have prior to taking a JNCIE exam and it will give you an opportunity to ask your own questions. As a BONUS, registrants will also receive a 25% discount voucher for the purchase of a JNCIE-ENT Self-Study Bundle. You will receive your discount voucher via email within 1-2 days after the event has run. Hurry up, seats re filling fast.

To register for the webcast follow this ink https://learningportal.juniper.net/juniper/user_activity_schedule_info.aspx?id=153691&activity=11121


No tags for this post.

Magic Quadrant for Enterprise Network Firewalls 2018

Security landscape is evolving fast, so fast detection and mitigation is important for customers.   Many enterprises are looking to firewall vendors to provide cloud-based malware detection instances to aid them in their advanced threat detection efforts, as a cost-effective alternative to stand-alone sandboxing appliances.
SSL Decryption is one of the key topics, since TLS 1.2 to the TLS 1.3 standard will undoubtedly force changes in how enterprise firewall vendors process the traffic.
Policy Orchestration and Automation Become Critical on SDN deployments, some vendors haven’t provide much attention om this topic. Firewall Services Within IaaS Environments Become an Area of Differentiation.

Magic Quadrant for Enterprise Network Firewalls

Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2018

Google BBR Algorithm

Google’s BBR algorithm for handling TCP traffic congestion could announce a new Era on the trasnport Control Protocol (TCP). Google announced integration with Google Cloud, a cloud hosting platform offered by Google to thousands of companies and which serves millions of websites on a daily basis.

BBR stands for “Bottleneck Bandwidth and RTT (Round-Trip Time),” and is an algorithm for optimizing how network packets travel through servers in order to avoid jamming certain routes.

If you want test this on your linux box, you can follow this guide here https://patchwork.ozlabs.org/patch/671069/

An draft IETF proposal as been made, you check see it here https://tools.ietf.org/html/draft-cheng-iccrg-delivery-rate-estimation-00

Magic Quadrant for Enterprise Network Firewalls 2017

Cisco is climbing fast, Fortinet faster, PaloAlto still leading and filling their gaps in portfolio and Check Point released finally the R80 for gateways. I predict 4 Leaders next year, it will be a nice race to watch!

Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2017

Spot Bad Traffic without decrypting it

How can we detect and mitigate a kill chain in encrypted traffic without breaking users privacy and same time  with minimal false positives? Cisco Catalyst 9k is the newest platform with this capability which is called Encrypted Traffic Analysis (ETS). Machine Learning & metadata seems to be the right ingredients to make the wheel work.

Read here for more detail.

 

 

 

Wishes of Cisco Champion

I’ve thinking on this, a really cool thing could be Cisco providing extended trial licenses for those who live and breathe Cisco (true DNA of a Cisco Champion). Also part of the bundle could a Cisco VIRL license be included and/or a voucher for a Cisco Press ebook.

Maybe we can see some of these next year 2018.

Fingers crossed.

ALG breaking a Transfer Zone

This came when i tried to do a DNS Transfer Zone through a Cisco SOHO (877), which when triggered i received a RST packet from the router. Initially i was thinking that came from the server, but looking to the packet capture i observed the TTL was 254, which was the from router it self. Why? Answer ALG.

Because ALG can handle until a certain message size, the only way to fix this is DISABLE the ALG.

INTERNET#sh ver | i Vers
Cisco IOS Software, C800 Software (C800-UNIVERSALK9-M), Version 15.2(4)M6, RELEASE SOFTWARE (fc2)

[[email protected] ~]# dig -y @104.28.16.27 cocheno.com -t axfr;; communications error to 104.28.16.27#53: connection reset

Looking at the NAT Debug…..

Jan 11 23:15:10.146: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.150:  NAT-L4F:setting ALG_NEEDED flag in subblock
Jan 11 23:15:10.150: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.150:  NAT-L4F: Policy check successful
Jan 11 23:15:10.150:  NAT-L4F: received fd1: 1073742971 and
tcp flags = 0x2, payload_len = 0
Jan 11 23:15:10.294:  NAT-L4F:setting ALG_NEEDED flag in subblock
Jan 11 23:15:10.294: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.294:  NAT-L4F: received fd2: 1073742972 and
tcp flags = 0x12,payload_len = 0
Jan 11 23:15:10.298:  NAT-L4F:setting ALG_NEEDED flag in subblock
Jan 11 23:15:10.298: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.298:  NAT-L4F: Received final ACK from fd1 : 1073742971 and
tcp flags = 0x10
Jan 11 23:15:10.298:  NAT-L4F:Transistioning to proxy: rc 0 error 0
Jan 11 23:15:10.298:  NAT-L4F: Successfully proxied this flow
Jan 11 23:15:10.298:  NAT-L4F:setting ALG_NEEDED flag in subblock
Jan 11 23:15:10.298: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.298: NAT-ALG: lookup=0 l7_bytes_recd=125 appl_type=12
Jan 11 23:15:10.298: NAT-ALG: DNS l7_msg_size = 125
Jan 11 23:15:10.298: NAT-ALG: after state machine:
Jan 11 23:15:10.298: NAT-ALG: remaining_hdr_sz=0
Jan 11 23:15:10.298: NAT-ALG: remaining_payl_sz=0
Jan 11 23:15:10.298: NAT-ALG: tcp_alg_state=0
Jan 11 23:15:10.298: NAT-ALG: complete_msg_len=125
Jan 11 23:15:10.298:  l4f_send returns 125 bytes
Jan 11 23:15:10.298:  Complete buffer written to proxy
Jan 11 23:15:10.298:  NAT-L4F:NO DATA to read
Jan 11 23:15:10.446:  NAT-L4F:setting ALG_NEEDED flag in subblock
Jan 11 23:15:10.446: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.454:  NAT-L4F:setting ALG_NEEDED flag in subblock
Jan 11 23:15:10.454: NAT-FRAG: tcpmss value :0
Jan 11 23:15:10.454: NAT-ALG: lookup=1 l7_bytes_recd=1452 appl_type=12
Jan 11 23:15:10.454: NAT-ALG: DNS l7_msg_size = 31751
Jan 11 23:15:10.454: NAT-ALG: Unsupported l7_msg_size = 31751
Jan 11 23:15:10.454: NAT-L4F:CSM isn’t able to accept the pkt
Jan 11 23:15:10.458:  NAT-L4F:read RST, aborting
Jan 11 23:15:10.458:  NAT-L4F:setting ALG_NEEDED flag in subblock

 

How to disable DNS ALG?

INTERNET-RTR(config)#no ip nat service alg tcp dns