Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have a site to site VPN tunnel which has been performing well for 4 years.  We are seeing increased traffic this week and are seeing select devices unable to reliably access the tunnel for periods of several minutes to several hours while other devices are able to connect across the tunnel.

The VPN tunnel is used to access a terminal server in a remote site using handheld computers running Windows CE.  We typcially have 12 devices deployed.  Currently we have 18 devices deployed for a 2 week project.

We are seeing that during peak times (more users connected to the RDP server) select devices will be unable to connect.  Pings from the affected device will range from 100% loss to 0%.  The ping failure rate fluctuates.  Users may sometimes connect to the RDP server for a few minutes before being disconnected again.

This problem seems to last between 10 - 120 minutes.

I have taken packet captures at the ASA and see that both ICMP and RDP packets are arriving on the inside interface - the portable computer having the problem is transmitting correctly.

My problem is how do I ensure the ASA is encapsulating these packets and sending them out the Outside interface reliably.  I have taken packet captures on the outside interface but do not know of a way to match these encapsulated packets up to those originating from the problem computer.

I have reviewed: Show crypto ipsec sa

 #pkts encaps: 9228711, #pkts encrypt: 9228711, #pkts digest: 9228711
      

Open in new window

0
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I am using Freepbx 14 and working fine but I got thousands of attacks and in Intrusion Detection, my public ip  has been blocked sometimes and because of this calls are not working. I am using fortigate firewall and opened the 5060 to 20000 ports for the FreePBX so My question is 1. are ports forward mandatory for inbound route ( if I change the sip registration port from 5060 to other and do same with the trunk provider ) . Please let me know how I can make this FreePBX more secure so call disturbance would not occurred in future.
0
I am upgrading our Network and wanted to see if I am thinking properly.  I want to utilize 2 Different firewalls with a shared DMZ Zone.  Below is the configuration I am thinking about deploying.  I am using fictious IP's.

Internet
---------------------------------------------
Router IP - 50.50.50.1
--------------------------------------------
Firewall 1 WAN IP - 50.50.50.2
Firewall 1 DMZ IP - 10.0.0.1
---------------------------------------------
Server with Dual NIC's
Firewall 1 DMZ Server IP - 10.0.0.2
Firewall 2 DMZ Server IP - 10.0.1.2
---------------------------------------------
Firewall 2 DMZ IP - 10.0.1.1
Firewall 2 LAN IP - 192.168.0.1
---------------------------------------------
LAN Network

Firewall Rules
Firewall 1 WAN Allow Firewall 2 LAN
Firewall 1 WAN Allow Firewall 1 DMZ
Firewall 1 DMZ Block Firewall 2 LAN

Firewall 2 LAN Allow Firewall 1 WAN
Firewall 2 LAN Allow Firewall 2 DMZ
Firewall 2 LAN Block Firewall 1 DMZ


What do you think?
2-FW-DMZ-Diagram.pdf
1
Dear Experts,

I need your assistance regarding 40net/40gate firewalls, i need to know a list of CLI commands that are commonly used for daily operations to troubleshoot end users issues.

Thanks for your attention to this question.
0
I often get "You won a $100 bonus gift card" emails which I promptly report (because Hotmail has a report phishing menu item).
But I also have email accounts where there are no ways to report clearly fraudulent messages.
Are there any places I can forward fraudulent emails to?
It seems like the wrong thing to do is nothing. I'd like to do something. There's not even a topic here on EE which covers "Fraud" or "Phishing" or "police"
0
Hello Experts,

I have ASA firewalls and when I putty to them I get this message, I like to use SSH Version 2 and want to know how to configure that on the ASA with out disturbing the production environment.
ssh_ALERT.PNG
0
How to configure Radius accounting forwarding to Fortinet  firewall .
0
I am running into an issue with our Cisco 5506 ASA and Websense web security.  

I have been blocking all internet traffic on our firewall for around 100 machines because they have no need for internet access, but now we are in the process of moving to Trend's Worry Free Services A/V, which is a cloud based A/V.  Obviously this wouldn't work on machines with no internet, so I allowed all the URLs needed for WFS by adding fqdn objects and allowing them on the firewall.  

This presented a problem in Websense though because we were now exceeding our subscription limit because of the new traffic logged in Websense.  I then configured Websense to ignore all Trend traffic that was allowed through the firewall.  That worked to ignore that traffic, but machines with 'blocked' internet (everything but Trend URLs blocked) seem to randomly be able to make between like 1 and 10 connections to random Microsoft related URLs.  Seems to mostly be windowsupdate.com, but I know I've seen other microsoft sites.  I'm sure it's things that these machines are just constantly trying to connect to, but how/why the firewall is allowing it through, even once... I can't figure out.  

The times seem to be pretty random, anywhere between 2am and 7am from what I just checked, so it's not like they are all coming in at 2am or something like that.

Sorry for the rambling, just want to make sure I include as much info as possible to hopefully explain it well.  I am really hoping I can figure out …
0
Can't ping external IPs from behind Firewall from a juniper switch that is behind a foritgate 60d

Can't ping/telnet/ssh to 2 of 3 External IPs that are a member of an address group.    

I have 3 fw policies in place:

1) Outbound- allows for all traffic/all sources/all destinations from internal switch interface to internet interface.
 
2) Inbound- allows for ssh traffic/the External IP address group as sources/the switch VIP (xxxxxx mapped to 22.) as destination
 
3)Inbound -  allows for all traffic/the External IP address group as source/the Switch VIP (xxxxx mapped to port 23) as destination

I can SSH and Telnet to the switch from the external IP addresses just fine.
I can ping the 2 of the 3 external IPs from the firewall just fine, but not from the switch.  I can ping all other addresses just fine from the switch (even google), just not the 2 external IPs in question.    When I traceroute the 2 external IPs from the switch nothing happens at the gateway hop: ****
I am baffled because the outbound policy allows for all traffic.

When I pull a config an search in notepad, there is no other references to the External IPs in question except from what is mentioned above.  

Could someone assist as to why communication to the 2 External IPs is blocked?
0
Hi

When new user is created in our on-prem Active directory server and when a Delta Sync is run on the AD connect server PowerShell, the new users gets synced to 0365 successfully.
Recently, any user located on our AD server and when their password is changed, their password is not syncing with the 0365.
 
On the Azure AD connect server I opened the event viewer and on the administrative events, I can see the following error. Please see the attached snapshot and complete description of the error.  
Log name: Application
Error: Server Down
Source: Directory Synchronisation
Even ID :611
Status-Failed connection

We have 3 domain controllers, ADC-001, ADC-002 and ADC-003.
Our firewall is hosted outside with another company .

Experts please go through these attached errors and any help to resolve this issue would be great.

Thanks in advance!!
Event-ID-611-.txt
AD-connect-server-Event-ID--611--Sna.png
0
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

I have an oracle HTTP server 12.3.1 which is based on Apache 2.2 running on RHEL 7.4 machine.

I use it to run a web oracle database application via mod_plsql.

It has been running fine for years.

Last week users started reporting outage and very slow reponse time.

I found out that this happens when the number of connections goes from 50 to several hundreds. See attached list.
This was as a result of foreign IPs running a scanner or Sync DoS attack. Security does not admit this is
a DoS attack but more of a public scanner that always run on most sites.

The traffic coming to my web server goes through an IDS, Load Balancer, Palo Alto Firewall, WAF and then my web server.

We added a rule on firewall to block all internation Ip but a few hours later I found a scan started from an IP in california.

Security claims they cant prevent these scanners to scan the public site and that I should fix the issue on web server by hardening or tuning the Apache server.

MY web server has 16 GB RAM. I upped the MaXCLients for Apache from 150 to 450 and added SYN_COOKIES to the linux machine.
I dont know if this will provide protection yet or not.

My questions,

1) Is what security say correct? Should not the SYN flood attacks be blocked on the IDS or firewall device?


2) what can i do for tuning in Apache to solve this problem and prevent of connection overload to hang the server?

3) Could it be that RHEL or Oracle web server is not killing open connections …
0
We presently started a managed detection and response service for our IT security and wanted to know what is available as far as getting a clean bill of health for our organization?  

I know pentesting is available, but is there another service or anything we can do internally to create some type of baseline within our IT security group?  If pentesting is our only alternative, is there a specific pentest we need to produce or look into?  

We have a 3rd party that does our PCI and we presently produce a low level internal pentest which is more of a segmentation access test.  My company is looking for more of a firewall testing, I was told.  If such a thing exists, what type of training would be needed to begin or complete this testing?  Presently have both Cisco and Palo Alto in our environment.
0
Not getting ASDM to open up in web browser.

Not able to open up the ASDM web page to download the ASDM console. I can ping the router and gateway. I have the image of ASDM on the router when I did sh run boot

ciscoasa#sh run boot
ciscoasa#boot system disk0:/asa951.1fbff-k8-SPA
ciscoasa#boot system disk0:/asdm-7122.bin

I open up Internet Explorer to get to the management console and download the ASDM console but nothing happens. Internet Explorer just says "Page Can't be displayed". I even turned off my Wi-Fi and turned off the Firewall. This is a Cisco ASA 5508-X. Any suggestions??

Thanks,
0
Appears this is an issue with SonicWall TZ series. Anyone have any in site on this. SonicWall TZ400 model simple port forwarding from WAN to LAN connecting an application running on an offsite server to an internal server running the same app to generate ports.  
SonicWall
0
Connecting Meraki MX 250 firewall to the internet that has RJ45 ends.  My Internet Provider has cat6 coming into the building and the MX 250 shows fiber, how do I connect these?  the only cables that shipped are the MS Switch stacking cables?
0
Need help setting up a Sonicwall TZ105 to use multiple IP addresses.  The block of 5 IP's come from the carrier come off of port X1 currently.  We have 1 IP assigned, but I am not sure how to break out the other 4?

Realistically, I would like to just pass a few ports (80) from a 2nd IP address to a device on the internal network. (192.168.0.9) Does anyone know how this can be done easily on the old OS for the TZ105 or is this not capable of this device?

Thank you
0
We have a client that has recently deployed Cisco ASA5512x Firewalls, Cisco Umbrella and SourceFire IPS and is looking for Best Practice Implementation advice.  Our Cisco engineer recently left the company and we are looking for some direction for evaluating their current deployment.
0
Hi experts
I would like to know how  setup mx record or any other required records  in both email server and firewall and host site of records
so that  will be correct configured at exchange server or any email server to permit outbound and inbound emails to be forwarded to email server
known that  AD server is 2012 and  email server is exchange 2013 and  we have checkpoint firewall  and go daddy website  site hosting for records

waiting for your kind advice  as  please to be in detailed steps as points to follow
0
I have a Meraki MX64 firewall in the office. I am trying to connect to my office via client VPN from my relative's home. The LAN subnet is the same for both networks and the router IP is the same for both. I cannot connect to my Meraki network resources (Windows Server or my desktop via RDP), but I am connected to the VPN successfully. However, when I am at my own home, I can connect to the VPN and access resources. My home network also has the same setup - same IP subnet (same ISP and same router). Home router and MX also have the same IP. But it works there (from home) and not from my relatives house where I often stay. So my own home and my relative home has an identical setup - same ISP, same modem, same IP subnet. But I cannot connect to resources from my relative's home and I can connect from my home.

Any insight/help will be appreciated.

ES
0
Fundamentals of JavaScript
LVL 13
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

Office 365 is slow on fast connection

I have a 100Mb/100Mb business Ethernet circuit, around 30 users and everything is just fine except O365 which is very slow and sluggish to respond. Everything else is just fine on the net and there are no bandwidth hogs.

The firewall is NAT with some inbound rules but very little blocking outbound and no web filtering / VPN / Encryption. The location is UK. Any tools or ways to look for what might be causing the speed issues, any optimisations. I have looked at some of the Microsoft stuff but that seems to be specifically allowing IP through filters to reduce latency.

Any helps appreciated!
0
Hello,
 I have two ASA 5525-X firewalls (in HA configuration) with Firepower. I'm asking for help on whether we'd be able to establish Traffic Shaping to guarantee bandwidth for FTP traffic.  We have a 1Gb connection recently added and would like to guarantee 900Mbs for FTP when needed, but allow other traffic to utilize the connection otherwise.
0
Hi,

I'm in the process of moving my radius server used for authenticating VPN clients from my local network to Azure. I've migrated the IAS settings and added the new server in System -> Servers, but when I test the authentication against the server in Azure, I get this error:

"The following input errors were detected:
Authentication failed."

I can authenticate against the local radius server.

Setup:
OPNsense firewall
v. 18.7.10_4-amd64
IP address 172.16.12.2

Radius
Windows Server 2012 R2
IP address 10.100.10.11

I can't ping 10.100.10.11 from the firewall, so it must have something to do with the communication from the local firewall to Azure and maybe a missing firewall rule, but what am I missing in the process? Should I create a new server here VPN: OpenVPN: Servers with another IPv4 Tunnel Network pointing to the 10.100.11.x network? I'm also uncertain if it has something to do with certificates.

There is no problem communicating from my local machine and servers to the network in Azure.

Thanks in advance,
Ronnie
Firewall_rules_OpenVPN.JPG
VPN_OpenVPN_Servers.JPG
Firewall_Rules_WAN.JPG
0
Hello,

What would be the best/economical approach to test Firewall configuration (sort of a pen test) ?

Best regards,
Chanaka
0
translating nat coming into the network from an outside network on an ios router.
translating from the internal network egress to the secondary network (which uses an ASA) and returns works ok.
so, the IOS translator translates inside local to inside global, and on the return trip reverses this process successfully.

ive seen it said that this is an automatic process .. and it seems it is.

but, from the secondary network, initiate a standalone ping (or web request) .. the IOS translator doesn't translate from the ???inside global??? to what i want it to translate into the inside local ... i may very well be using incorrect nat terminology.. i apologize

this is done in packet tracer

i believe i don't want to use ip nat outside source local cuz that seems to be translating the outside local and global addresses.. i want the router to convert to the local networks addressing scheme, perfomr an action (ping or http) and go back to the router and translate (as the policy if the ping was initiated from within the network, back out to the remote (secondary) network

thanks

-dave.j
0
I am a small business owner and having issue with server 2012 R2 and Cisco Firewall ASA-5506. URGENTLY need HELP.
so whats happening with this location is, DHCP is configured on Server however workstations, printers are unable to get ip address from the server. here are few snipped of server errors.
ipconfig.PNG
bad_ip.PNG
0

Hardware Firewalls

23K

Solutions

20K

Contributors

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.