Solved

PIX 515 Always shows 'Land attack' alarm.

Posted on 2008-10-07
14
1,942 Views
Last Modified: 2012-05-05
Hi! After natting (pat) the inside network to a single outside ip-address, I lost the ssh connection to the pix-device. After logging in via the console interface I see the continuing syslog alarms about the land attack.

Oct 07 2008 11:14:33: %PIX-2-106017: Deny IP due to Land Attack from x.x.118.12 to x.x.118.12

So, I suppose there aren't any hackers around. Can anyone explain what the hell happening?
Now we have lags on the inside network and no access to pix via ssh, maybe some more problems that I still haven't discovered.

I am including the important part of the config below.

Must say that we use Cisco 3750 as a lan switch (with all the intervlan routing, the default-gateway for all the hosts is 10.x.1.1 of the PIX). After the OUTSIDE interface we got the kind of Cisco 7600 where default gateway is known via bgp and network address used for natting is known via the static route (255.255.255.255).

I have searched the Net about the problem, but the answers to the equal issue are, in most cases, lame.
There goes the partial configuration.
!--------
interface Ethernet0.173
 vlan 666
 nameif OUTSIDE
 security-level 10
 ip address x.x.x.4 255.255.255.240 
 ospf message-digest-key 1 md5 <removed>
 ospf authentication message-digest
!
 
interface Ethernet1.110
 vlan 222
 nameif LAN
 security-level 50
 ip address 10.x.1.1 255.255.255.248 standby 10.x.x.2 
!
 
# the only default gateway
route OUTSIDE 0.0.0.0 0.0.0.0 x.x.x.1 1
 
access-list zzz extended permit ip 10.x.2.0 255.255.255.0 any 
global (OUTSIDE) 5 195.x.x.12
nat (LAN) 5 access-list zzz

Open in new window

0
Comment
Question by:poletay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 4
  • +1
14 Comments
 
LVL 8

Expert Comment

by:Jay_Gridley
ID: 22657267
Hi.

Do you have any idea where the traffic that generates the alarm comes from?
As you have probably already found out "This message appears when PIX Firewall receives a packet with the IP source address equal to the IP destination and the destination port equal to the source port"
(source: http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm)
This is the basic design of the PIX and can't be shut off.

I would go about finding out where this message is coming from and why the pix thinks it is an attack.
The problem would occur for example if you host a website on your inside network and try to access it from your inside network through the outside IP address of the pix.
You might need to find a work around for the situation or maybe the service causing trouble is no longer required and can be shut off.

Good luck in your efforts.

JG
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22659653


Did you try to ssh to yourself? You most likey have a shun in your config now blocking all traffic to x.x.118.12. Do a sh shun, from a console connection to see if the firewall is blocking that IP.

harbor235 ;}

0
 

Author Comment

by:poletay
ID: 22665344
Hello everybody and thanks for the comments! We have a bypassing rule. I am attaching the config part with that. Do you think there is a host with an exclusive address (not included in the acl) that tries to communicate with some usual member of the (LAN) interface? I might try to discover if anybody is using secondary ip address.
'#show shun' returns nothing...
access-list BYPASS line 1 extended permit ip 10.x.0.0 255.255.0.0 10.x.0.0 255.255.0.0
access-list BYPASS line 2 extended permit ip 10.x.0.0 255.255.0.0 10.y.0.0 255.255.0.0
access-list BYPASS line 3 extended permit ip 10.x.0.0 255.255.0.0 10.z.0.0 255.255.0.0
access-list BYPASS line 4 extended permit ip 10.x.0.0 255.255.0.0 192.168.x.0 255.255.255.0
 
nat (LAN) 0 access-list BYPASS

Open in new window

0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:poletay
ID: 22665524
Also, I noticed some strange message about my own ip address (10.x.z.2) being spoofing. 10.x.y.1 is the address of the PIX

Oct 08 2008 06:00:05: %PIX-2-106016: Deny IP spoof from (10.x.y.1) to 10.x.z.2 on interface KVS

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22665555
It sounds like your PIX might be malfunctioning... contact Cisco TAC and have them analyze this with packet captures and such. They will be able to determine if your device is malfunctioning.
I recommend that you do this as your next step because this is a very strange combination of "attacks" that seem to come from inside... Is this a network that has untrusted users or is this a secured business network?
Please let me know so I can help!
Cheers!
0
 

Author Comment

by:poletay
ID: 22666203
This is the physically secured business network. Users are under AD/windows and cannot modify network settings, MS ISA guards the traffic, antivirus software enabled.
When using packet tracer in Cisco ASDM, I see some rules are being ignored in inbound acl, so it drops the packets by the implicit "deny any to any" rule. That's why I can't ssh.
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666245
Hmmm... that's rather disturbing then... you neet to contact TAC and get a full diagnostic run on the unit. There's got to be some problem with the PIX. I've seen this before and all 3 times we RMA'd the PIX. The new unit with the same config worked fine.
Get this fixed immediately - I don't want anything bad happening, and from what it sounds like, your PIX could poop out at any time.
Best of luck, I hope my advice has helped.
Cheers!
0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22666253
BTW I've only seen this on 2 515s and on 1 525... it doesn't seem to happen to the smaller ones for some reason. I'm not sure why it would affect the bigger units more (as the have ample cooling), but it does seem to.
Like I said, get TAC to check this out - that's not normal.
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22667733

Number one, there has been a lot of security advisories for Cisco products lately, I hope that you are operating from one of the latest and most stable versions of IOS, if not I would upgrade first.

Interface KVS is reporting this potential attack,, perhaps there is actual traffic being spoofed here. Look at your arp tables on the KVS network, look for an association to 10 x.y.1 that is different then the mac address on the firewall. interface,  If there is spoofed traffic then he will most likely have a different mac.
The key is to perform packet captures, know the mac adddress of the firewall and look for something different then the mac of the firewall then trace that mac address to a switch port and identify the host.

Also, I see you are using an active/standby configuration, did the config change sync properly? Have they went active active? Reboot the standby, make sure when the secondary comes up that it is sync'd properly then reset the Primary, make sure failover is working properly and all interfaces are monitored. Why does your config not have the failover IP for the outside interface? Can you post show failover? Could be a contention issue between the firewall pair.
Can we see the rest of your config?

harbor235 ;}

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22679784
Yes, please do post your running-config again... I'd like to take a look at it with those changes. Maybe we missed something.
0
 

Author Comment

by:poletay
ID: 22683964
Hello to everyone. Thanks for ya comments. I localized problem cause to be at least three hosts and one of them is my own (look at acl TTK). Also, I noticed that now problem persist at night, beyond the working hours.

kln6-fw00# show ver

Cisco PIX Security Appliance Software Version 7.2(2)19
Device Manager Version 5.2(1)

Compiled on Fri 06-Apr-07 17:27 by builders
System image file is "flash:/image.bin"
Config file at boot was "startup-config"

Hardware:   PIX-515E, 128 MB RAM, CPU Pentium II 433 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Here's the most of the config, I ommited the other interfaces and the inbound acl tor outside interface. Nothing interesting there. Sorry, I can't disclose any real details.
hostname pixla
enable password /WEhTX4SoRXT89jB encrypted
names
dns-guard
 
interface Ethernet0
 description ------ OUTSIDE
 no nameif
 no security-level
 no ip address
!
interface Ethernet0.zzz
 description ----- OUTSIDE link
 vlan zzz
 nameif OUTSIDE
 security-level 10
 ip address (real).(net).184.4 255.255.255.240 
 ospf message-digest-key 1 md5 kazcing
 ospf authentication message-digest
!
interface Ethernet1.yyy
 vlan yyy
 nameif LAN
 security-level 50
 ip address (fake).(net).110.1 255.255.255.248 standby (fake).(net).110.2 
!
passwd 7KjQDb2Id8.3KYRU encrypted
banner motd Hostname $(hostname).$(domain)
boot system flash:/image.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).0.0 255.255.248.0 
access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).64.0 255.255.248.0 
access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).16.0 255.255.240.0 
access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(ten).14.0 255.255.255.0 
access-list LAN_ACL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).36.0 255.255.255.0 
access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(net).0.0 255.255.0.0 
access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(one).0.0 255.255.0.0 
access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(two).0.0 255.255.0.0 
access-list BYPASS_LOCAL extended permit ip (fake).(net).0.0 255.255.0.0 (fake).(ten).14.0 255.255.255.0 
access-list BYPASS_LOCAL extended permit ip (fake).(net).3.0 255.255.255.0 (fake).(ten).122.0 255.255.255.248 
access-list BYPASS_LOCAL extended permit ip any (fake).(net).0.0 255.255.0.0 
access-list DENGA_STATION extended permit ip (fake).(net).81.64 255.255.255.192 any 
access-list DENGA_STATION extended permit ip (fake).(net).34.0 255.255.255.0 (real).(net).184.0 255.255.255.0 
access-list DENGA_STATION extended permit ip (fake).(net).32.0 255.255.255.0 any 
access-list DENGA_STATION extended permit ip (fake).(net).34.0 255.255.255.0 (real).(net).128.0 255.255.224.0 
access-list DENGA_STATION extended permit ip (fake).(net).34.0 255.255.255.0 10.246.0.0 255.255.0.0 
access-list LAN_access_in extended permit ip (fake).(net).34.0 255.255.255.0 any 
access-list LAN_access_in extended permit ip any object-group Support 
access-list LAN_access_in extended permit icmp (fake).(net).1.0 255.255.255.0 (fake).(net).100.0 255.255.255.0 
access-list LAN_access_in extended permit ip (fake).(net).1.0 255.255.255.0 (fake).(net).100.0 255.255.255.0 
access-list LAN_access_in extended permit ip (fake).(net).1.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 
access-list LAN_access_in extended permit ip (fake).(net).32.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 
access-list LAN_access_in extended permit ip (fake).(net).33.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 
access-list LAN_access_in extended permit ip (fake).(net).35.0 255.255.255.0 (fake).(net).3.0 255.255.255.0 
access-list LAN_access_in extended permit ip (fake).(net).73.0 255.255.255.0 host (fake).(net).72.254 
access-list LAN_access_in extended permit ip host (fake).(net).73.12 host (fake).(net).3.6 
access-list LAN_access_in extended permit tcp host (fake).(net).32.14 host (fake).(net).72.254 eq ssh 
access-list LAN_access_in extended permit ip host (fake).(net).32.60 host (fake).(net).72.254 
access-list LAN_access_in extended permit tcp host (fake).(net).34.2 host (fake).(net).72.254 
access-list LAN_access_in extended permit tcp host (fake).(net).32.166 host (fake).(net).72.254 eq ssh 
access-list LAN_access_in extended permit tcp host (fake).(net).32.166 host (fake).(net).72.254 eq telnet 
access-list LAN_access_in extended permit tcp host (fake).(net).32.166 host (fake).(net).72.254 eq 8001 
access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq ssh 
access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq ftp 
access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq 8001 
access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.226 eq 2300 
access-list LAN_access_in extended permit tcp host (fake).(net).32.221 host (fake).(net).72.254 eq 8000 
access-list LAN_access_in extended permit icmp host (fake).(net).110.3 host (fake).(net).3.6 
access-list LAN_access_in extended permit ip (fake).(ten).122.0 255.255.255.248 host (fake).(net).3.19 
access-list LAN_access_in extended deny ip any (fake).(net).100.0 255.255.255.0 
access-list LAN_access_in extended deny ip any host (real).(net).184.19 
access-list LAN_access_in extended deny ip any host (real).(net).184.18 
access-list LAN_access_in extended deny ip any host (real).(net).184.17 
access-list LAN_access_in extended deny ip any (fake).(net).3.0 255.255.255.0 
access-list LAN_access_in extended deny ip any 10.222.0.0 255.255.0.0 
access-list LAN_access_in extended permit ip host (fake).(net).32.21 (fake).(net).0.0 255.255.0.0 
access-list LAN_access_in extended permit tcp host (fake).(net).32.21 83.217.39.0 255.255.255.0 
access-list LAN_access_in extended deny ip host (fake).(net).32.21 any 
access-list LAN_access_in extended permit ip (fake).(net).100.0 255.255.255.0 host (fake).(net).3.19 
access-list LAN_access_in extended permit udp any any eq domain 
access-list LAN_access_in extended permit ip host (fake).(net).81.66 any 
access-list LAN_access_in extended permit ip any host (fake).(net).34.2 
access-list LAN_access_in extended permit ip (fake).(net).32.0 255.255.252.0 any 
access-list LAN_access_in extended permit ip host (fake).(net).1.8 any 
access-list LAN_NAT_SRV extended permit udp host (fake).(net).1.6 any eq domain 
access-list LAN_NAT_SRV extended permit tcp host (fake).(net).1.6 any eq 123 
access-list LAN_NAT_SRV extended permit udp host (fake).(net).1.6 any eq ntp 
access-list LAN_NAT_SRV extended permit tcp host (fake).(net).1.10 host 80.253.4.44 eq www 
access-list KP extended permit ip host (fake).(net).1.130 any 
access-list TTK extended permit ip host (fake).(net).34.2 any 
access-list TTK extended permit ip host (fake).(net).34.50 any 
access-list TTK extended permit ip host (fake).(net).34.113 any 
pager lines 42
logging enable
logging timestamp
logging buffer-size 65535
logging console critical
logging monitor errors
logging buffered debugging
logging trap informational
logging asdm warnings
logging queue 1025
logging host LAN (fake).(net).1.6
mtu OUTSIDE 1500
mtu LAN 1500
ip local pool remote_users (fake).(net).48.2-(fake).(net).48.254 mask 255.255.255.0
ip local pool remote_admin (fake).(net).100.176-(fake).(net).100.184 mask 255.255.255.248
failover
failover replication http
failover link FAILOVER Ethernet5
failover interface ip FAILOVER (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206
monitor-interface OUTSIDE
monitor-interface LAN
icmp unreachable rate-limit 1 burst-size 1
asdm image flash:/asdm-521.bin
asdm history enable
arp timeout 14400
nat-control
global (OUTSIDE) 3 (real).(net).184.10
global (OUTSIDE) 2 (real).(net).184.12
global (OUTSIDE) 4 (real).(one).190.30
global (OUTSIDE) 5 (real).(two).118.12
nat (OUTSIDE) 0 access-list in-out
nat (LAN) 0 access-list BYPASS_LOCAL
nat (LAN) 3 access-list LAN_NAT_SRV
nat (LAN) 2 access-list DENGA_STATION
nat (LAN) 4 access-list KP
nat (LAN) 5 access-list TTK
static (LAN,OUTSIDE) tcp (real).(net).184.12 7000 (fake).(net).81.67 7000 netmask 255.255.255.255 
static (LAN,OUTSIDE) tcp (real).(net).184.12 64221 (fake).(net).32.221 3389 netmask 255.255.255.255 
static (LAN,OUTSIDE) tcp (real).(net).184.12 3389 (fake).(net).34.113 3389 netmask 255.255.255.255 
static (LAN,OUTSIDE) tcp (real).(net).184.12 3390 (fake).(net).32.15 3389 netmask 255.255.255.255 
static (LAN,OUTSIDE) tcp (real).(net).184.12 3391 (fake).(net).32.30 3389 netmask 255.255.255.255 
static (LAN,OUTSIDE) tcp (real).(net).184.12 3392 (fake).(net).32.33 3389 netmask 255.255.255.255 
static (LAN,OUTSIDE) tcp (real).(net).184.12 6888 (fake).(net).34.2 3389 netmask 255.255.255.255 
static (LAN,OUTSIDE) (real).(net).184.10 (fake).(net).1.8 netmask 255.255.255.255 
static (LAN,OUTSIDE) (real).(one).190.31 (fake).(net).1.6 netmask 255.255.255.255 
access-group from_outside in interface OUTSIDE
access-group LAN_access_in in interface LAN
route OUTSIDE 0.0.0.0 0.0.0.0 (real).(net).184.1 1
route LAN (fake).(net).33.0 255.255.255.0 (fake).(net).110.3 1
route LAN (fake).(net).1.0 255.255.255.0 (fake).(net).110.3 1
route LAN (fake).(net).32.0 255.255.255.0 (fake).(net).110.3 1
route LAN (fake).(net).34.0 255.255.255.0 (fake).(net).110.3 1
route LAN (fake).(net).35.0 255.255.255.0 (fake).(net).110.3 1
route LAN (fake).(net).73.0 255.255.255.0 (fake).(net).110.3 1
route LAN (fake).(net).81.64 255.255.255.192 (fake).(net).110.3 1
route LAN (fake).(ten).122.0 255.255.255.248 (fake).(net).110.3 1
 
router ospf 10
 network (fake).(net).100.0 255.255.255.0 area 0
 network (real).(net).184.0 255.255.255.240 area 0
 log-adj-changes
 redistribute static
!
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
group-policy remote_admin internal
group-policy remote_admin attributes
 dns-server value (fake).(net).1.6 (fake).(net).1.8
 ip-comp enable
 split-tunnel-policy tunnelall
 default-domain value some.dummy.dj
 client-firewall none
group-policy remote_users internal
group-policy remote_users attributes
 dns-server value (fake).(net).1.6 (fake).(net).1.8
 ip-comp enable
 split-tunnel-policy tunnelall
 default-domain value some.dummy.dj
aaa authentication http console LOCAL 
aaa authentication telnet console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication enable console LOCAL 
http server enable
http (fake).(net).0.0 255.255.0.0 DENGA
http (fake).(net).1.0 255.255.255.0 LAN
http (fake).(net).34.2 255.255.255.255 LAN
snmp-server host DENGA (fake).(net).3.19 poll community simbaka
no snmp-server location
no snmp-server contact
snmp-server community simbaka
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet (fake).(net).1.0 255.255.255.0 LAN
telnet timeout 5
ssh (real).(net).184.64 255.255.255.255 OUTSIDE
ssh (real).(net).184.65 255.255.255.255 OUTSIDE
ssh xxx.38.97.21 255.255.255.255 OUTSIDE
ssh xxx.33.8.160 255.255.255.240 OUTSIDE
ssh xxx.217.38.0 255.255.255.0 OUTSIDE
ssh (fake).(net).34.2 255.255.255.255 LAN
ssh timeout 5
ssh version 1
console timeout 0
!
class-map inspection_default
 match default-inspection-traffic
class-map bandw_test
 match access-list 120
!
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip 
  inspect xdmcp 
  inspect icmp 
  inspect snmp 
  inspect dns migrated_dns_map_1 
policy-map bandw_test
 class bandw_test
  police output 800000
service-policy global_policy global
ntp server (real).(net).184.1
ssl encryption des-sha1 rc4-md5
:end

Open in new window

0
 
LVL 12

Expert Comment

by:Pugglewuggle
ID: 22684130
I honestly see no problem with your config. Your next step should be to contact Cisco TAC and open a P1 case and get an engineer to determine what the problem is or if your PIX is bad.
Cheers!
0
 
LVL 32

Expert Comment

by:harbor235
ID: 22691656

I just wonder if failover is causing you some issues, try this
I have still not seen the output of the "show failover",

Remove the old failover config and do the primary do the following, Iassume e5 is a dedicated interface for failover
and is connected to a switch in a dedicated vlan, the secondary port is in the vlan as well?

failover                                          
failover lan unit primary                                          
failover lan interface failover Ethernet5                              
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206
                                                                  
On the secondary do the following;
                              
failover                                          
failover lan unit secondary                                          
failover lan interface failover Ethernet5                                    
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206

Interfaces are monitored by default and do not need specific monitor commands unless you use subinterfaces.
Once configures issue the command " write memory" on the primary, very it sync'd

harbor235 ;}                        
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 250 total points
ID: 22691664
Sorry for the typos;

I just wonder if failover is causing you some issues, try this.
I have still not seen the output of the "show failover",

Remove the old failover config and do the following, I assume e5 is a dedicated interface for failover
and is connected to a switch in a dedicated vlan the secondary port is in the vlan as well?

failover                                          
failover lan unit primary                                          
failover lan interface failover Ethernet5                              
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206
                                                                 
On the secondary do the following;
                             
failover                                          
failover lan unit secondary                                          
failover lan interface failover Ethernet5                                    
failover key cisco                                          
failover interface ip failover (fake).(net).172.205 255.255.255.252 standby (fake).(net).172.206

Interfaces are monitored by default and do not need specific monitor commands unless you use subinterfaces.
Once configures issue the command " write memory" on the primary, very it sync'd

harbor235 ;}                        
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question