Kommentar verfassen

Unboxing Cisco Firepower 1010 – Mixed feelings

Hello everyone. Today we have the honor to be the witness of the unboxing of my new Cisco Firepower 1010. I have big expectations and I will spend some time to cover all the needed basic information about this device.

At the time I am writing this post there is already a newer version of the software released (6.6). The devices are being delivered with version 6.4 and this will be the version we will see in this post. Once I’ve played around, the device will be upgraded and for sure a new post will be written regarding the new features.

Allgemein CIsco Firepower Firewall Hardware Home Network Security Security
Kommentar verfassen

Sending traffic to SFR module – Cisco ASA 5506-X with FirePOWER services

By default, even if the box is fully functional and correctly installed, the traffic won’t be passed to the FirePOWER instance. We will have to configure it by ourselves.

To accomplish this we will create an ACL for the traffic we would like to pass by to the FirePOWER instance.

access-list ACL_SFR extended permit ip any any

afterwards we will create a class-map where we will match all the traffic from the ACL „ACL_SFR“. We will name it „TO-SFR“ and it should look like this.

Allgemein ASA Firewall Home Network Security Security
Kommentar verfassen

Cisco ASA 5506-X with FirePOWER services in inline mode

Hello everyone. Yes, it is 2020 and I am still speaking about ASA…

On one side I recently bought myself an ASA-5506-X with FirePOWER services, to extend my lab, to see how it works, and to do some experiments I can not do on a customer environment :). On the other side I also recently bought a Firepower 1010 to see the evolution Cisco made from ASA to ASA with FirePOWER and finally Firepower. We also have to assume that there are still a lot of ASA Firewalls out there and they will remain for a while before replacement.

At first sight, we may not find any difference between the wording Firepower and FirePOWER. But there is one… a significant one.

When Cisco mentions the word FirePOWER, then they talk about ASA-Devices with a Firepower Image on top running as a module.

In contrast to this, when Cisco speaks about Firepower then they are mentioning the Firepower Threat Defense device.

While reading this post, keep in mind that it is NOT a configuration guide. This text has been written with the simple purpose to describe the functionality, architecture and design without going too deep in detail.

Allgemein ASA Firepower Firewall Home Security
Kommentar verfassen

Fortigate – SSH Login mittels privater Schlüssel

Ich hasse Passwörter… Passwörter können komplex und lang sein und manchmal sogar noch schwierig zu verwalten. Kollegen wechseln das Passwort auf einem Gerät und vergessen Dieses in der Dokumentation einzupflegen.

Ich hasse Passwörter… habe ich das bereits erwähnt?

Als Alternative gibt es die Authentifizierung mittels privater Schlüssel. Wie funktioniert das?

Mit einer Symmetrische Verschlüsselung kann man mit dem selben Schlüssel etwas ver- und entschlüsseln, aber mit einem asymmetrischen Verfahren sieht es anders aus.

Allgemein Firewall Fortigate Home
Kommentar verfassen

Fortigate – VxLAN over IPSEC

Einführung

Virtual Extensible LAN (Kurz VxLAN) bietet uns eine Möglichkeit Layer-2 Domäne über Layer-3 Netzwerke zu strecken.

In diesem Artikel werde ich eine Variante erklären, wie man mittels eines VPN-Tunnel, IPSEC und VxLAN ein Layer-2 Segment, verschlüsselt, über zwei verschiedene Standorte ausdehnen kann.

Ausgangslage

Was wollen wir hiermit erreichen?
Host A und Host B befinden sich im selben Netz (10.240.50.0/24), aber standort technisch sind beide getrennt. Wir werden versuchen mittels VxLAN und IPSEC die Pakete im selben Netz über die zwei Standorte zu übertragen.

 

Konfiguration von VxLAN over IPSEC in einer Fortigate in 4 einfache Schritte

Fortigate Home Security Switching