October 26, 2011
There are some times where using static routing on firewalls is simply not scalable… As long as the routing is inside a trusted network, I do not see any reason to avoid dynamic routing. Juniper devices (Junos and ScreenOS) can even use virtual routers to split the routing domain into several domains. In the example here below, we will only show how to build a BGP peering between a ScreenOS cluster and two Cisco routers.
February 21, 2011
Starting with IOS 12.4(6)T Cisco introduced the Zone-Based Policy Firewall in all the IOS with an advanced feature set. This new configuration model allows the router’s administrator to define security zones, assign interfaces to zones, apply security policies between zones as he would have done on a Juniper firewall or on a Cisco ASA.
With CBAC stateful inspection was done on interface level. Now with zone-based firewalls, the inspection is done based on zone pairs (source and destination zones).
Here is an over-simplified exemple [Read more]
October 19, 2010
If you host your own domain name server and if you want to securely and dynamically update some DNS entries, here is a small howto.
Here is in a nutshell what we are going to do:
- Create a secret key to securely update the DNS zone
- Configure a dynamic (sub) zone in your DNS server
- Create a script to update a DNS entry
March 6, 2010
In a previous article, I exposed how to setup a basic DMVPN network with one hub router in a central location and several spoke routers negotiating a dynamically built IPSec protected GRE tunnel. I also explained the central site should be secured by deploying two hub routers… Here is one solution among others using DMVPN and OSPF. (Should you need another solution you can always contact our professional services)
November 29, 2009
The default install of ClamXav does not enable the automatic virus definition update. When a user enables those automatic updates, a ‘good old cron job’ is created for that user. Three minor concerns [Read more]
September 22, 2009
Ever wonder how to provision several hundreds of VPNs from remote offices with dynamic IP to a central site with minimal configuration? Cisco offer an elegant solution called Dynamic Multipoint VPN. With DMVPN the central site does not need to know the remote site IP in advance, it will learn it via NHRP protocol when the remote router will come up.
September 17, 2009
More and more server hoster have configured IPv6 on their network. And most of their Linux based servers come with a basic IPv6 configuration. Even if IPv6 is not used, it is there and widely open as the netfilter/iptables default policy is ACCEPT. [Read more]
April 24, 2009
exp-NETWORKS is proud to announce it became J-Partner Consultant. This partnership with Juniper is a guarantee you can count on exp-Networks expertise on Juniper products.
Here is what Juniper says about J-Partner Consultant:
Consultants play a critical role [Read more]
April 24, 2009
Here what Cisco says about certifications:
Cisco Certified Network Professional validates knowledge and skills required to install, configure and troubleshoot converged local and wide area networks. With a Cisco certification, a network professional demonstrates the knowledge and skills required to manage the routers and switches that form the network core, as well as edge applications that integrate voice, wireless, and security into the network.