Solved

PIX 515E.....Proper DMZ setup PLEASE! *************3 simple objectives****************.

Posted on 2007-03-30
9
3,602 Views
Last Modified: 2013-11-29
I have been trouble shooting this for over a week now and I am nearly in tears.  I am simply trying to facilitate a DMZ (which is set up) that will allow for..........

1.access to a staging server that our clients could get to our beta version of  a web app, and allow us to get to inside our LAN, by the url and not the internal IP that has (or now maybe had)  
I know DNS here is the issue but I am certain it is in the PIX and not my DNS servers settings, but I could be wrong

2. ftp

3.front end Exchange server with OWA

I have posted my config here for you to look at.


PIX Version 7.2(2)
!
hostname MatrixFW1
domain-name dms.local
enable password 05HxXdkum7f.9uQg encrypted
names
!
interface Ethernet0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address 67.103.180.194 255.255.255.192
!
interface Ethernet1
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet2
 speed 100
 duplex full
 nameif DMZ
 security-level 50
 ip address 192.168.2.1 255.255.255.0
!
interface Ethernet3
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup DMZ
dns server-group DefaultDNS
 retries 3
 timeout 3
 name-server 64.105.199.74
 name-server 64.105.159.250
 name-server 192.168.1.101
 domain-name dms.local
object-group service dns tcp
 port-object eq domain
object-group service deltek tcp
 description deltek frontend
 port-object eq 7001
 port-object eq 1433
 port-object eq www
object-group service TE tcp-udp
 description Deltek Frontend
 port-object eq 7001
object-group network LAN
 network-object 192.168.1.0 255.255.255.0
object-group network DMZ
 network-object host 192.168.2.42
 network-object host 192.168.2.52
 network-object host 67.103.180.198
 network-object host 67.103.180.199
access-list Access_in extended permit icmp any host 67.103.180.198
access-list Access_in extended permit ip any host 67.103.180.198
access-list Access_in extended permit tcp any host 67.103.180.198 eq www
access-list Access_in extended permit tcp any host 67.103.180.198 eq https
access-list Access_in extended permit tcp any host 67.103.180.198 eq smtp
access-list Access_in extended permit tcp any host 67.103.180.197 eq www
access-list Access_in extended permit tcp any host 67.103.180.197 eq smtp
access-list Access_in extended permit tcp any host 67.103.180.197 eq pop3
access-list Access_in extended permit tcp any host 67.103.180.197 eq https
access-list Access_in extended permit tcp any host 67.103.180.197 eq imap4
access-list Access_in extended permit tcp any host 67.103.180.198 eq ssh
access-list Access_in extended permit tcp any host 67.103.180.197 eq ssh
access-list Access_in extended permit tcp any host 67.103.180.197 eq pptp
access-list Access_in extended permit gre any host 67.103.180.197 log
access-list Access_in extended permit esp any host 67.103.180.197 log
access-list Access_in extended permit udp any host 67.103.180.197 eq isakmp
access-list Access_in extended permit tcp any host 67.103.180.198
access-list Access_in extended permit udp any host 67.103.180.198
access-list Access_in extended permit udp any host 67.103.180.197
access-list Access_in extended permit tcp any host 67.103.180.198 eq domain
access-list Access_in extended permit tcp any host 67.103.180.197 eq domain
access-list Access_in extended permit udp any host 67.103.180.198 eq domain
access-list Access_in extended permit udp any host 67.103.180.197 eq domain
access-list Access_in extended permit icmp any host 67.103.180.197
access-list Access_in extended permit icmp any any echo-reply
access-list Access_in extended permit tcp any object-group deltek host 67.103.180.199 object-group deltek
access-list DMZ_access_in extended permit icmp object-group DMZ object-group LAN echo-reply
access-list DMZ_access_in extended permit icmp object-group DMZ interface outside
access-list DMZ_access_in extended permit tcp object-group DMZ eq smtp object-group LAN eq smtp
access-list DMZ_access_in extended permit tcp object-group DMZ eq ftp object-group LAN eq ftp
access-list DMZ_access_in extended permit tcp object-group DMZ eq domain object-group LAN eq domain
access-list DMZ_access_in extended permit tcp object-group DMZ eq www object-group LAN eq www
access-list DMZ_access_in extended permit tcp object-group DMZ object-group deltek object-group LAN object-group deltek
access-list acl_inside_cap extended permit ip any host 192.168.2.42
access-list acl_dmz_cap extended permit ip host 192.168.2.42 any
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip verify reverse-path interface outside
no failover
monitor-interface outside
monitor-interface inside
monitor-interface DMZ
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any DMZ
asdm image flash:/asdm-522.bin
asdm history enable
arp timeout 14400
global (outside) 1 67.103.180.195 netmask 255.255.255.255
global (outside) 2 67.103.180.196 netmask 255.255.255.255
global (DMZ) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
nat (DMZ) 2 192.168.2.0 255.255.255.0 dns
static (inside,outside) 67.103.180.197 192.168.1.101 netmask 255.255.255.255
static (DMZ,outside) 67.103.180.198 192.168.2.42 netmask 255.255.255.255
static (DMZ,outside) 67.103.180.199 192.168.2.52 netmask 255.255.255.255
static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
access-group Access_in in interface outside
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 67.103.180.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa local authentication attempts max-fail 5
http server enable
http 192.168.2.0 255.255.255.0 DMZ
http 192.168.1.0 255.255.255.0 inside
http 67.103.180.192 255.255.255.192 outside
http 67.103.180.192 255.255.255.192 DMZ
http 67.103.180.192 255.255.255.192 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 67.103.180.192 255.255.255.192 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.2.0 255.255.255.0 DMZ
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
dhcpd dns 64.105.199.74 interface outside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect http
!
service-policy global_policy global
ntp server 192.43.244.18 source outside
ntp server 216.200.93.8 source outside prefer
prompt hostname context
Cryptochecksum:e4053622981d83301200ea24993546a3

NAT policies on Interface inside:
  match ip inside host 192.168.1.101 outside any
    static translation to 67.103.180.197
    translate_hits = 46190, untranslate_hits = 29608
  match ip inside 192.168.1.0 255.255.255.0 DMZ any
    static translation to 192.168.1.0
    translate_hits = 53, untranslate_hits = 1662
  match ip inside 192.168.1.0 255.255.255.0 outside any
    dynamic translation to pool 1 (67.103.180.195)
    translate_hits = 355033, untranslate_hits = 21678
  match ip inside 192.168.1.0 255.255.255.0 inside any
    dynamic translation to pool 1 (No matching global)
    translate_hits = 0, untranslate_hits = 0
  match ip inside 192.168.1.0 255.255.255.0 DMZ any
    dynamic translation to pool 1 (192.168.2.1 [Interface PAT])
    translate_hits = 1767, untranslate_hits = 11

NAT policies on Interface DMZ:
  match ip DMZ host 192.168.2.42 outside any
    static translation to 67.103.180.198
    translate_hits = 4836, untranslate_hits = 22524
  match ip DMZ host 192.168.2.52 outside any
    static translation to 67.103.180.199
    translate_hits = 0, untranslate_hits = 475
  match ip DMZ 192.168.2.0 255.255.255.0 outside any
    dynamic translation to pool 2 (67.103.180.196)
    translate_hits = 0, untranslate_hits = 0
  match ip DMZ 192.168.2.0 255.255.255.0 DMZ any
    dynamic translation to pool 2 (No matching global)
    translate_hits = 0, untranslate_hits = 0
0
Comment
Question by:ioglyphics
  • 5
  • 4
9 Comments
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18827146
Several issues here...

>global (DMZ) 1 interface
>static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0

The global statement is not necessary with the static. Suggest removing the global and keep the static.

>object-group network DMZ
This group should only contain the two 192.168.1.x addresses and not the public IP's. Suggest 2 groups:

object-group network DMZ
 network-object host 192.168.2.42
 network-object host 192.168.2.52
object-group network DMZ_public
 network-object host 67.103.180.198
 network-object host 67.103.180.199

>access-list DMZ_access_in extended permit tcp object-group DMZ eq smtp object-group LAN eq smtp
The source port will not be 25, but the destination wll be 25. Source port is random >1024. Don't you want to send email to only one mail server inside?
Suggest:
 access-list DMZ_access_in extended permit tcp object-group DMZ host 192.168.1.101 eq smtp

>access-list DMZ_access_in extended permit tcp object-group DMZ eq ftp object-group LAN eq ftp
Same issue with this and other acl entries. The source port will not be the same as the destination port.
Correct entry does not specify source port.
  access-list DMZ_access_in extended permit tcp object-group DMZ object-group LAN eq ftp

Here's my suggested DMZ Acl:
access-list DMZ_access_in extended permit icmp object-group DMZ object-group LAN echo-reply
access-list DMZ_access_in extended permit tcp object-group DMZ host 192.168.1.101 eq smtp
access-list DMZ_access_in extended permit tcp object-group DMZ object-group LAN eq ftp
access-list DMZ_access_in extended permit tcp object-group DMZ object-group LAN eq ftp-data
access-list DMZ_access_in extended permit tcp object-group DMZ host 192.168.1.101 eq domain
access-list DMZ_access_in extended permit tcp object-group DMZ object-group LAN object-group deltek
access-list DMZ_access_in deny ip object-group DMZ object-group LAN
access-list DMZ_access_in extended permit tcp object-group DMZ eq www any
access-list DMZ_access_in extended permit tcp object-group DMZ eq smtp any
access-list DMZ_access_in extended permit tcp object-group DMZ eq https any
access-list DMZ_access_in extended permit tcp object-group DMZ eq ssh any


>access-list inside_access_in extended permit ip any any
>access-group inside_access_in in interface inside
This acl is redundant to the default allow all and should be removed from the inside interface. Only apply an acl to the inside interface to restrict traffic outbound.

> and allow us to get to inside our LAN, by the url and not the internal IP that has
This is the hard part. The ONLY way you can access internal hosts by their public URL that resolves to their public IP address is through DNS re-write. This means that the DNS server the clients use lives outside the firewall, and the firewall intercepts the dns responses and re-writes them to actually give the client the real private IP address. Since your DNS servers live inside the firewall, you must have an internal-only dns server that resolves the url to the private IP address, and a public dns server that resolves the url to the public IP addresses.

0
 

Author Comment

by:ioglyphics
ID: 18827547
Thank you very much!  Everything you explained makes total since.  I will apply it all on Monday.  I will go ahead and accept your response as the solution, and try and contact you if anything fails to work.

Thanks,
ioglyphics
0
 

Author Comment

by:ioglyphics
ID: 18836866
lrmoore,

One other requirement I didn't mention because I didn't know it was an issue is web access to host IN the DMZ.  I can't seem to configure the proper rule to achieve this.  Each time I set up what I think is write it stops web access to the LAN????  Help with this would be greateful, eveything else you suggested worked.

ioglyphics
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18836986
It looks like you have the required entries:
Let's take publiw www server .198 as example:
//--Static XLATE to public IP - check
>static (DMZ,outside) 67.103.180.198 192.168.2.42 netmask 255.255.255.255

//--Permit tcp/80 inbound to public IP - check
>access-list Access_in extended permit tcp any host 67.103.180.198 eq www

//--Acl actually applied to interface - check
>access-group Access_in in interface outside

Those should be all you need to get traffic IN to the server. Now let's examine what can go OUT of the DMZ to outside:

//--Is www traffic from host 192.168.2.42 allowed "in" on the DMZ interface?
//-- If you added this as in my example, the answer is yes
>access-list DMZ_access_in extended permit tcp object-group DMZ eq www any

//-- is the proper server in this group? Yes
object-group network DMZ
 network-object host 192.168.2.42 <==

Does this server have the proper default gateway assigned?
Are you trying to access this server by Public IP from OUTside the network? - If all above conditions check out, then you should be able to.
Are you trying to access this server by Public IP from INside the network? - you can't and this is a design feature of the PIX.

Can you post your current running config, and what exact commands that you try to enter when it stops web access to the LAN?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:ioglyphics
ID: 18837265
when I am logged into the server I can not browse the web or ping any external host (i.e. 4.2.2.2) as I can from my LAN.  I need to have access to the web from the server.  If you could, please check this link to see if you can reach it:   http://demo.dmsva.com/prisms/login.cfm
As of last week we could get to this from OUTside our LAN.  Prior to that and I am not sure why or who changed it, only one of to NIC's in the host were enabled, and it's IP address was set with the public IP 67.103.180.198, which resolved to the link I asked you to check.  It makes since to me that you would not be able to reach it, because the domain name in the URL in question is set to the public IP, 67.103.180.198
I support a bunch of developers that have never had a LAN Admin, and they all still have free access to the servers for now.  I can get to the URL internally now because the IP in use on the only enabled NIC is the private address 192.168.2.42.  I posted the config, and I did apply all your suggestions.
The IP setting on the host in question(which I guess is wrong) is...
IP - 192.168.2.42
SM - 255.255.255.0
DG - 192.168.2.1

Two things....

1. "global (DMZ) 1 interface" still shows up in the config, though I removed it by entering "no" in front of this command.  Is there anything else I need to do to get rid of it?  When I run "no global (DMZ) 1 interface" it gives an ERROR stating that it doesn't exist.

2. Is there anything wrong with having muliti honed machines in the DMZ, one have the public and the other having a private IP?  I was informed that his can cause a loop, but in past experience I have seen boxes in a DMZ set up this way?  Basically my question really is, what IP address has to be on the one NIC in a host located in the DMZ if it only has one NIC or is two NIC's needed one with the Public and the other with the Private IP addesses?


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PIX Version 7.2(2)
!
hostname MatrixFW1
domain-name dms.local
enable password 05HxXdkum7f.9uQg encrypted
names
!
interface Ethernet0
 speed 100
 duplex full
 nameif outside
 security-level 0
 ip address 67.103.180.194 255.255.255.192
!
interface Ethernet1
 speed 100
 duplex full
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet2
 speed 100
 duplex full
 nameif DMZ
 security-level 50
 ip address 192.168.2.1 255.255.255.0
!
interface Ethernet3
 shutdown
 no nameif
 no security-level
 no ip address
!

ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup outside
dns domain-lookup inside
dns domain-lookup DMZ
dns server-group DefaultDNS
 retries 3
 timeout 3
 name-server 64.105.199.74
 name-server 64.105.159.250
 name-server 192.168.1.101
 domain-name dms.local
object-group service dns tcp
 port-object eq domain
object-group service deltek tcp
 description deltek frontend
 port-object eq 7001
 port-object eq 1433
 port-object eq www
object-group service TE tcp-udp
 description Deltek Frontend
 port-object eq 7001
object-group network LAN
 network-object 192.168.1.0 255.255.255.0
object-group network DMZ
 network-object host 192.168.2.42
 network-object host 192.168.2.52
 network-object host 67.103.180.198
 network-object host 67.103.180.199
access-list Access_in extended permit icmp any host 67.103.180.198
access-list Access_in extended permit ip any host 67.103.180.198
access-list Access_in extended permit tcp any host 67.103.180.198 eq www
access-list Access_in extended permit tcp any host 67.103.180.198 eq https
access-list Access_in extended permit tcp any host 67.103.180.198 eq smtp
access-list Access_in extended permit tcp any host 67.103.180.197 eq www
access-list Access_in extended permit tcp any host 67.103.180.197 eq smtp
access-list Access_in extended permit tcp any host 67.103.180.197 eq pop3
access-list Access_in extended permit tcp any host 67.103.180.197 eq https
access-list Access_in extended permit tcp any host 67.103.180.197 eq imap4
access-list Access_in extended permit tcp any host 67.103.180.198 eq ssh
access-list Access_in extended permit tcp any host 67.103.180.197 eq ssh
access-list Access_in extended permit tcp any host 67.103.180.197 eq pptp
access-list Access_in extended permit gre any host 67.103.180.197 log
access-list Access_in extended permit esp any host 67.103.180.197 log
access-list Access_in extended permit udp any host 67.103.180.197 eq isakmp
access-list Access_in extended permit tcp any host 67.103.180.198
access-list Access_in extended permit udp any host 67.103.180.198
access-list Access_in extended permit udp any host 67.103.180.197
access-list Access_in extended permit tcp any host 67.103.180.198 eq domain
access-list Access_in extended permit tcp any host 67.103.180.197 eq domain
access-list Access_in extended permit udp any host 67.103.180.198 eq domain
access-list Access_in extended permit udp any host 67.103.180.197 eq domain
access-list Access_in extended permit icmp any host 67.103.180.197
access-list Access_in extended permit icmp any any echo-reply
access-list Access_in extended permit tcp any object-group deltek host 67.103.180.199 object-group deltek
access-list DMZ_access_in extended permit icmp object-group DMZ object-group LAN echo-reply
access-list DMZ_access_in extended permit icmp object-group DMZ interface outside
access-list DMZ_access_in extended permit tcp object-group DMZ eq smtp object-group LAN eq smtp
access-list DMZ_access_in extended permit tcp object-group DMZ eq ftp object-group LAN eq ftp
access-list DMZ_access_in extended permit tcp object-group DMZ eq domain object-group LAN eq domain
access-list DMZ_access_in extended permit tcp object-group DMZ eq www object-group LAN eq www
access-list DMZ_access_in extended permit tcp object-group DMZ object-group deltek object-group LAN object-group deltek
access-list acl_inside_cap extended permit ip any host 192.168.2.42
access-list acl_dmz_cap extended permit ip host 192.168.2.42 any
access-list inside_access_in extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging buffered informational
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
ip verify reverse-path interface outside
no failover
monitor-interface outside
monitor-interface inside
monitor-interface DMZ
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
icmp permit any DMZ
asdm image flash:/asdm-522.bin
asdm history enable
arp timeout 14400
global (outside) 1 67.103.180.195 netmask 255.255.255.255
global (outside) 2 67.103.180.196 netmask 255.255.255.255
global (DMZ) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
nat (DMZ) 2 192.168.2.0 255.255.255.0 dns
static (inside,outside) 67.103.180.197 192.168.1.101 netmask 255.255.255.255
static (DMZ,outside) 67.103.180.198 192.168.2.42 netmask 255.255.255.255
static (DMZ,outside) 67.103.180.199 192.168.2.52 netmask 255.255.255.255
static (inside,DMZ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
access-group Access_in in interface outside
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 67.103.180.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute

aaa authentication serial console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa local authentication attempts max-fail 5
http server enable
http 192.168.2.0 255.255.255.0 DMZ
http 192.168.1.0 255.255.255.0 inside
http 67.103.180.192 255.255.255.192 outside
http 67.103.180.192 255.255.255.192 DMZ
http 67.103.180.192 255.255.255.192 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh 67.103.180.192 255.255.255.192 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh 192.168.2.0 255.255.255.0 DMZ
ssh timeout 5
ssh version 2
console timeout 0
management-access inside
dhcpd dns 64.105.199.74 interface outside
!
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect http
!
service-policy global_policy global
ntp server 192.43.244.18 source outside
ntp server 216.200.93.8 source outside prefer
prompt hostname context
Cryptochecksum:e4053622981d83301200ea24993546a3
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18837443
The web site works fine.
This looks like the old config that should not work.

In order to browse the internet from the server console, we need to allow that out via the access-list:
 add the following:
access-list DMZ_access_in extended permit tcp object-group DMZ any eq www
access-list DMZ_access_in extended permit tcp object-group DMZ any eq https
access-list DMZ_access_in extended permit udp object-group DMZ any eq domain
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18837455
>Is there anything wrong with having muliti honed machines in the DMZ,
Yes, it defeats the whole purpose of having a DMZ - that is to have an actual firewall between the DMZ machines and the internal network. When dual-homed, If any DMZ machine is compromised, so is your entire internal network.
My advice - don't do it.
0
 

Author Comment

by:ioglyphics
ID: 18837518
Everything WORKS!

Thanks again lrmoore!

Good advice on the multi honed question.  All my requirements are met so there is no need for me to implement any work around.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18838023
Glad to hear it!

- Cheers!
<8-}
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now