Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,
I'm in the process of setting up SSO for users so we can control our internet access. We only want domain users to access internet and none domain users such (visitors) need to be blocked.

I have read a couple of articles but am still a little unsure which method to use, so here I am asking experts for guidance. I would also appreciate if someone can write step-by-step setup guide or an article that I can follow with some screen prints?

Please also point out any "gotcha"

This article says that "Event Log Monitor” has to be installed on all domain controllers, but later its talks about pushing out SSO client to machines which is also used for authentication, so am a bit confused if this is needed or not? Please clarify
http://www.skype4badmin.com/watchguard-sso-part-1/


and then this video also talks about "Exchange Monitor" for authentication.. do I need all of these options or will one suffice?
https://www.youtube.com/watch?v=qw8e85hXVcg

much appreciated!

Thanks
0
On Demand Webinar: Networking for the Cloud Era
LVL 10
On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Can I apply security profile (IPS, SSL) to tunnel mode connection simlar to those applied to interface connection ?

When should I use interface and tunnel mode respectively ? How can I simply convert a tunnel mode to interface mode on Fortigate 100D ?

Thx
0
I have a Smoothwall firewall running the latest edition of software, Kenilworth.  Students have been discovered using an https proxy bypass site to get around the firewall.  How do you determine the port the bypass site is using so you can block traffic to disable it?  The specific site is https://xvpn.io.
0
I have a Cisco ASA 5506 going into a new location with a main internet connection and a secondary, failover internet connection. I'd like to do two or three ICMP checks to make sure the main internet connection is down (say one of your ICMP targets goes down for unrelated reasons) before failing over to the secondary.

I think I've found it with this forum post: https://supportforums.cisco.com/t5/firewalling/asa-sla-tracking-w-multiple-icmp-checks/m-p/1368376/highlight/true#M46524

The answer part being the following:
 I’ve tried all of these options any haven’t gotten any of them to work.  But here is what I came up with that does seem to work really well.  You can ping two, four, or even more Internet hosts and only when all of them fail does the ASA failover to the backup ISP:

route outside 0.0.0.0 128.0.0.0 <primary gateway> 1 track 100

route outside 128.0.0.0 128.0.0.0 <primary gateway> 1 track 100

route outside 0.0.0.0 0.0.0.0 <primary gateway> 2 track 101

route outside-failover 0.0.0.0 0.0.0.0 <backup gateway> 254

track 100 rtr 100 reachability

track 101 rtr 101 reachability

sla monitor 100

  type echo protocol ipIcmpEcho 208.67.222.222 interface outside

  num-packets 3

  frequency 10

sla monitor 101

  type echo protocol ipIcmpEcho 8.8.8.8 interface outside

  num-packets 3

  frequency 9

sla monitor schedule 100 life forever start-time now

sla monitor schedule 101 life forever start-time now

   This way both 208.67.222.222 (OpenDNS) and 

Open in new window

0
Hello,

We use an RDP session through a VPN tunnel to connect to our hosted software out of state.

We constantly experience latency through all of our VPN tunnels.  I can run a constant ping from our hosted provider back to our environment to get a small picture how bad the response times of the pings are.

The ping times will be consistent for a little while hovering at 55ms - 67ms and then we will see "request timed out" multiple times and then ping times will rise.  It seems like the ping times fluctuate a lot  (I assume they would as the signal is traveling through multiple possible connections).

When ping times are at 55ms or less everything seems fine.  However, when it goes up from their end users report latency.

We are not hard lined to our ISP as everything is wireless.  Our internet pipe should be sufficient at all locations as we have spoken with our ISP and we do not hit the high water mark on our bandwidth - only rare spikes the main site.  

We are not hitting the high water mark on bandwidth usage at any of our other sites.  Is there a good piece of Enterprise level software that one could use to help get a clearer picture of where the issue occurs?

What kind of architectural questions should we be presenting to our ISP?   To our hosted provider?

1.  Is your VPN Server over-utilized?
2?
0
I hope your the right person,  Here is an outline of my problem,  I have configured a Cisco 5510 ASA and would like to tighten the rulebase to make the firewall more secure.

Please can you help
0
I have a Cisco 5510 ASA and would like to tighten up the firewall rules.
0
Does anyone know how to lock down a local businesses free wifi connection from being able to do file-sharing? Thought there might be a software product or router setup technique to do it... thank  you!!
0
I am troubleshooting a connection issue for two sites connected over ipsec l2l tunnel. It's occasional. TCP traffic conversation ages out. Is there a way to see when the tunnel went down or up in the previous 24 hours?
0
I already have an Transparent FW up and running with 7 BVIs. Everything is working fine. I also have several core and external switches which I access via TACAS+. All cisco devices other than the Transparent FW can be authenticated with TACAS+ from our jump server. However, now I need to add the Transparent FW to TACAS+.

Cisco docs only show config examples of setting up TACAS+ using either the inside or outside access. But the thing is, we are not using the data plane. We are using a completely different management segment to access our Cisco devices.

Logically, the config should be set as follows;

aaa-server GROUP-TACACS protocol tacacs+
max-failed-attempts 3
reactivation-mode depletion deadtime 10
accounting-mode simultaneous

aaa-server GROUP-TACACS mgmt host (ip address)

key 7 (Private key)
server-port Tacas+ 49

ssh console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL


aaa authorization command TACACS+ LOCAL

aaa accounting command privilege 1 TACACS+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+


Question:  I replaced (inside) with our "mgmt" nameif segment. Do you think this will work?
aaa-server GROUP-TACACS mgmt host (ip address)
0
Introducing the WatchGuard 420 Access Point
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

unable to ping systems on remote side of VPN from the Sonicwall Diagnostics tool
also unable to ping systems on remote side from local systems.
ping failure is one way   unable to ping from Site A to Site B  
but it appears we can Ping from Site B to Site A .
i know it must be a firewall rule but cant see what i am missing
0
Hello,

I have an ASA 5512-X with the IPS SSP module enabled. I am currently setting this up using scenario 1 shown here (https://www.cisco.com/c/en/us/support/docs/security/ips-sensor-software-version-71/113690-ips-config-mod-00.html#scenario1).

The problem that I am having is that I can ping the IPS SSP from the ASA itself, however, when pinging the IPS SSP from an internal host, the ASA is dropping the traffic with the following reason:

313004      Denied ICMP type=0, from laddr 172.16.10.6 on interface inside to 10.0.2.85: no matching session

From the IPS I can ping internal hosts.

Below is my config of the interfaces and IPS module and showing that I can ping from the ASA.

ASA(config)# sh run int g0/2
!
interface GigabitEthernet0/2
 nameif inside
 security-level 100
 ip address 172.16.10.2 255.255.255.248

ASA(config)# sh run int m0/0
!
interface Management0/0
 management-only
 no nameif
 security-level 0
 no ip address


ASA(config)# sh module ips details | in Mgmt
Mgmt IP addr:       172.16.10.6
Mgmt Network mask:  255.255.255.248
Mgmt Gateway:       172.16.10.2
Mgmt Access List:   0.0.0.0/0
Mgmt Access List:   10.0.0.69/32
Mgmt Access List:   10.0.2.80/32
Mgmt Access List:   10.0.2.82/32
Mgmt Access List:   10.0.2.85/32
Mgmt web ports:     443
Mgmt TLS enabled:   true
TICFW1(config)# ping 172.16.10.6
Type 

Open in new window

0
Hi.
Previously we have a Cisco 892FSP connected to our LAN switch (C2960) in which 892FSP router is configured with xconnect interface and connected directly to our LAN switch. We established L2TPv3 Tunnel with our site office between these two. Now we added a new firewall (ASA5506) between 892FSP and our LAN switch. Here are the things that I am not sure:

1. In ASA5506, how to configure the vlan for inside and outside interface? The firewall running in transparent mode but the vlan has no IP Address. What IP address should i configured for BVI interface?
2. 892FSP router interface that will be connected to ASA5506 is configured with xconnect, how do I integrate between these two as xconnect interface has no ip address configured.

Appreciate if you guys could give some ideas. Thank you

New-Picture--3-.bmp
0
I have a cyberoam backup file in the form .config file extension. I want to view it in a human readable text that i can compare with others and document. What can I do to have that.
0
Hi All,

We got Linksys LGS552p switch, and TZ400 Firewall.
behind a "AT&T Modem"  , but we have external IP for the TZ 400.

I need to setup VLANS, 90 for workstations, 20 or servers and 50 for voice.

am I missing any hardware to route between the VLANS?
where should I start with first?


thanks
Jason
0
We have two sites each with a SonicWall on the perimeter.

I have written out the site settings for each location.  In the document I have prepared they are referred to as Main Site and Remote Site.
Every now and then the VPN will stop working.  We go in and check it, change nothing then check the other end, check and change nothing, then at some point it will start working again.
We could be down for a long as 30 minutes.  We are getting frustrated with SonicWall support as they cannot tell us what is causing this problem.    

Would anyone be able to review our setting if I attach them to this question?
Is there an alternative to VPN?  

HELP!

Kevin
0
I have a list of about 100 IPs I want to block on a SonicWall NSA 240. I see that one can create "Address Objects", but they appear to be either single IPs or ranges of sequential IPs. Is there a way to upload/add a list of IPs even if they are not sequential, and make the one address object? Thanks!
0
my asa 5510 is unable to run post. i am tryping to configure it using putty but it is showing nothing with just a blank screen
0
The product will come with its' operating system only , for training, does palo alto offer the service 30 days evaluation (like Microsoft) when expire you have to re-install it again.
0
Looking for the Wi-Fi vendor that's right for you?
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

my zyxel usg every time that I reboot charge in config one .zysh(I can read this in my logs),never I setup into it a script,then I am worried about this,nothing in the gui appears,I do not see nothing in start up config but couple of moths ago my cpu was working with 70%, it's not usual(no more than 25%, And now after finish configurate again start up config bad appears and the usg use the lastgood config, and l2tp doesn't work at all 'peer connection failed',

Many thanks
0
I need some help. I have a client that has moved into an office and is sharing their space. There is cat5e structured network around the building. There is a router with DHCP turned off providing the buildings owners with an internet connection to their network. What I want to do is connect my client's existing switch and windows server 2012 essentials r2 server (which is both a domain controller and a DHCP server) to the existing router (building owner's router) so that I can share the internet connection to my client. Essentially I will break out all of the ports on the network that my client will be using and connect to my client's switch. That switch then connects to my client's windows server. The existing network and all settings work just no internet connection. The server has two NIC cards if that helps at all. The building owner runs their own windows DHCP and domain controller server. Essentially the only physical connection between the two networks would be through the building owner's router. The router does have available ports. Any suggestions?
0
Dear Experts,

We configured the management ip address for the firepower.

We can see the tab appearing at the top but the button did not appear.

We restarted the firewall and the tab also disappeared.

When we go back to view the ip of the sourcefire, it is there.

How do we get the firepower tab and button to reappear.

Do we need to configure the access-list?
0
Hello.

I got this issue: When I log out of any account, the computer stops pinging. That's probably why I got this error message: "There are currently no logon servers available to process your logon request." After I log in back, it starts pinging immediately.

I am able to log on local and domain admin. I cannot log on any account with cached credentials. We use Windows 7 + Windows 2008.

So is there any setting to make this PC pinging after it logs off?

Any help appreciated.
0
Dear Experts,

I want to activate the FirePower license but how do I do so?

I know I have to configure the IP address but somehow when I did that, it somehow factory resets the whole ASA 5516-X firewall.

How do I get the FirePOWER tab to appear and activate the license?
0
Hi, My concern is that Can i use SRX series Firewall as a Router
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.