An interesting question came up the other day, we have multiple endpoints sending syslogs into a F5 VIP fronting a syslog collector…all on port 514. Our logging team wanted to change the port from 514...
Continue reading...jim
F5 iRule — Syslog Cloning iRule with HSL or Sideband
HSL_syslog_cloning First lets create two(2) pools with a single node in each. These will be used in our iRule to clone the UDP datagram to both. pool_SyslogServer001 pool_SyslogServer001 Now that we created the two(2) pools...
Continue reading...F5 iRule — No Pool Members Available Vanity Page
I wrote a iRule post located here, where I describe the essentials behind how beneficial iRules can be and the many use cases they have. I stumbled across a situation the other day for a...
Continue reading...Cisco ACL — Dedicated Internet Edge Drop Device
A dedicated drop device is a network appliance, usually a router or L3 switch that sites at the very edge of your network infrastructure. Beyond the firewall, and usually acts a as either layer 2...
Continue reading...The Remote Access VPN Battle — SSL vs IPSec VPN
I’ve recently posted two articles covering two different VPN connection methods. SSL Remote VPN and IPSec Remote VPN via Cisco ASA security applicance. In the article I promised I would go thru and do a...
Continue reading...Apt-Get HTTP Proxy — One-Liner
I have a few Debian servers that are behind a firewall and they don’t have direct access to the internet. “Protected Servers”. I occasionally have to update their packages via a web proxy in the...
Continue reading...PAC File and Web Proxy Auto-Configuration (WPAD) HowTo
Hello! I posted an article a while back on how to use a web proxy to block unwanted content. While this is good and fun, we need an easy way to configure clients to use...
Continue reading...Cisco AnyConnect SSL/TLS Trustpoint
I wanted to put together a quick tutorial for setting up a Cisco ASA – AnyConnect with SSL/TLS. I’ve done it a few times and I always have to re-lookup each step and the order...
Continue reading...F5 BIGIP and HAProxy — Masking 2-Way “Mutual” SSL Authentication
Hello folks, So a recent post I published talked about 1-Way vs 2-way SSL Authentication in some decent detail. We learned that 2-Way “Mutual” SSL Authentication can be used to enforce both parties attempting to...
Continue reading...Linux — OpenSSL One,Two-way authentication
Table of Contents About SSL Authentication Quick Review Creating a Certificate Authority 1-way “Standard” SSL Authentication 2-way “Mutual” SSL Authentication Advanced SSL Authentication: CRLs, CDP, and OCSP Concept Review About SSL Authentication: TLS Authentication or...
Continue reading...