PA Antivirus Profile Featured Image

Palo Alto blocks SMTP Virus with 541 Response

While preparing for some Palo Alto Networks certifications I read something about the antivirus capabilities of blocking viruses via email by sending an SMTP response code of 541 to the sender (link). This was new for me since I thought the Palo Alto would only block IP connections (TCP RST) but not send layer 7 messages (SMTP codes). But actually, it does so by spoofing the IP address of the destination SMTP host. Cool stuff. Of course, I needed to test this. Here we go. ;)

Continue reading

OSPF Lab Featured Image

OSPF for IPv4 Test Lab: Cisco Router & ASA, Juniper SSG & Palo Alto

I tested OSPF for IPv4 in my lab: I configured OSPF inside a single broadcast domain with five devices: 2x Cisco Router, Cisco ASA, Juniper SSG, and Palo Alto PA. It works perfectly though these are a few different vendors.

I will show my lab and will list all the configuration commands/screenshots I used on the devices. I won’t go into detail but maybe these listings help for a basic understanding of the OSPF processes on these devices.

Continue reading

DHCP Featured Image

DHCP Sequences: Broadcast vs. Unicast

I missed a sequence diagram for DHCP which not only shows the four basic messages (DISCOVER, OFFER, REQUEST, ACK), but also the used source/destination addresses and ports, the type of connection (unicast/broadcast), the differences between the initial and the renewing messages, and the needed firewall rules for allowing DHCP traffic to/from the own interface or to/from a DHCP relay agent.

Here it comes! :)

Continue reading

Juniper ScreenOS DHCP Relay: “Use Interface as Source IP for VPN”

I had strange looking DHCP packets in my network as I tested around with DHCP relays on the Juniper SSG firewall. Some packets were blocked and I didn’t know why. After some troubleshooting it was clear that the checkmark “Use xy Zone Interface as Source IP for VPN” has a big impact in all environments even without the usage of a VPN!

Continue reading

Weiterer VRS-Feed: ADS-B Stick am Raspberry Pi

Ich hatte bei meinem aufgebauten Virtual Radar Server (VRS) bis jetzt nur mäßigen Empfang, da ich bei mir zu Hause die Antenne nicht aufs Dach platzieren konnte. Deswegen habe ich einen zweiten DVB-T Stick gekauft, ihn an einen Raspberry Pi (Raspbian Linux) gehängt, an einem Ort südlich des Frankfurter Flughafens aufs Dach gebaut und schließlich den Feed zu meinem vorhandenen Server hinzugefügt. Dadurch konnte ich die Abdeckung im Raum Frankfurt deutlich verbessern.

Im Folgenden beschreibe ich die Inbetriebnahme eines DVB-T Sticks am Raspberry Pi zum Empfang von ADS-B Flugzeugsignalen, sowie die Einbindung dieses Empfängers an einen zentralen Virtual Radar Server.

Continue reading

Juniper ScreenOS NSRP: Configuration via GUI, NSM, and CLI

Short step-by-step screenshot guide for an initial configuration of NSRP of two Juniper ScreenOS firewalls, such as the SSGs. One screenshot pack for the http GUI and another one for the Network and Security Manager (NSM) since I am always searching for the positions of the commands on it. Finally, I am listing the appropriate CLI commands.

Continue reading

Palo Alto: Vsys & Shared Gateway – Zones, Policies, and Logs

It was not easy for me to understand the type of zones and “from – to” policy definitions when working with a Palo Alto firewall that has multiple vsys’s and shared gateways. I was missing an at-a-glance picture that shows which zones to use. (Though this document describes the whole process quite good.) So, here comes one…

Continue reading

Grep Commands for Cisco ASA Syslog Messages

In a basic environment with a Cisco ASA firewall I am logging everything to a syslog-ng server. As there aren’t any reporting tools installed, I am using grep to filter the huge amount of syslog messages in order to get the information I want to know. In this blog post I list a few greps for getting the interesting data.

Continue reading

Basic syslog-ng Installation

This post shows a guideline for a basic installation of the open source syslog-ng daemon in order to store syslog messages from various devices in a separate file for each device.

I am using such an installation for my routers, firewalls, etc., to have an archive with all of its messages. Later on, I can grep through these logfiles and search for specific events. Of course it does not provide any built-in filter or correlation features – it is obviously not a SIEM. However, as a first step, I think it’s better than nothing. ;)

Continue reading

Juniper ScreenOS Firewall autocorrects Route Entries

I was a bit confused today as I saw a “wrong” route entry in the config of an SSG firewall. The route had not the correct “network/netmask” notation but a “host-address/netmask-of-the-network” notation. However, the SSG autocorrected this false route entry to the correct subnet id in its routing table.

Continue reading