Hi, we use haproxy with round robin on a few servers which works amazingly well
However now we need to use it for tcp sessions from different ports

basically, gps iot devices create connections to our server via TCP
When I run a netstat, I see lots of devices sending data from same IP address but different port
here is a snap shot
TCP myServerIp:9001 141.86.25.16:60046 ESTABLISHED
TCP myServerIp:9001 141.86.25.16:62084 ESTABLISHED
These are not the same device, they are using a mobile/cell network with same IP but different ports

So I would need a configuration for HA proxy to route to different servers based on IP and PORT
All the examples I’ve seen so far just use IP, which would not work well for me as it would batch a bunch of devices to same server.
I guess it would work, but it may overload one server and under-load another (if that makes sense)

Something else i’m not sure about, some devices also send data using UDP, and these would also need to be routed to same server, not sure if this would work or if i would just have to route all UDP devices to 1 server

Any feedback, pointers and help appreciated
Thanks

I am visiting a client tomorrow (50 WAPs, 5 Switches) to assist them in their wireless dropout issues.
They have cordless wireless phones which were on 2ghz, they upgraded it 5ghz, it didnt resolve the issue.
They have meraki switches and waps, and cisco asa.
Meraki waps they are using are MR 42;
https://meraki.cisco.com/products/wireless/mr42 

I have worked on Meraki SWs and WAPs but never had any issues with them.
Should i start with disabling SSIDs and enable one by one?
Which tools / apps i can install on my computer to diagnose an issue like this?
Thanks.

I have a huge number of messages in my VPN router LAN access from remote. And I do not know where are they coming from. No email server is setup, it does not seems to have any games on it. the only thin I have created a port for RDP  and forward that port so I can access the server from ouitside

Please advice

I would like to know what caused this to happen? WMI usage was very high in task manager which resulted in extreme slowness in over all performance in my PC. When I rebooted the computer it went to 0% as it's supposed to be. What was the culprit and and how can I prevent that from happening in the future?

I need to analyze PCAP files and APIs for an MVNE I am working with.  I can definitely see some things in the PCAP files they sent, but I would like to be able to do a lot more and more deeply analyze it.  I have been using wireshark to break it down but what is the best way to attack analyzing these files.  Is there a resource out there, program, best practice, etc.

Plugged in two network switches to my LAN. They were being used for Comcast Voice previous to today. Now, I have workstations that are having their DNS server address changed to the firewall IP address. The DHCP scope tells them to go to 192.168.1.210, but they are changing to 192.168.1.1.
I can't find any rogue DHCP servers on the network.
Any ideas on areas I could check to see what is telling the computers to change their IP on the DNS server through DHCP?

When we connect via Wireless, those computers aren't impacted.
Only happening on the LAN (ethernet) segment from what I can tell.

Have a Fortigate Firewall
Have Fortiswitches
Have a Cisco SG300-24P
Have a TP Link T1600-52P switch

I checked both switches and both have DHCP server disabled
Both are set to DHCP to pick up a IP
I did have to login to change the IP on the TP-Link
It was defaulted to 192.168.0.1
I had to alter that to 192.168.1.1

Verified firmware is up to date.

The only thing I did yesterday was to plug the phone switches into the Ethernet LAN as the phones would now be using our LAN for IP Addressing and such.
Is there a way to see what's handing out or distributing the 192.168.1.1 for "DNS Server" setting to workstations?

The DHCP server has been 192.168.1.210
But now, on the clients (anything not statically assigned) its showing up as 192.168.1.1

I don't see any other DHCP servers on the network. I am trying to use Wireshark to examine the LAN to see if this is the …

I have an Extreme Switch that is capable of port monitoring.
I'll be using a laptop to connect to port 11 on this switch.  I'll be monitoring port 13 that has a VOIP switch plugged in to it.  The purpose is to capture the traffic of the VOIP switch because that VOIP switch is losing connectivity to our network at random.
On the Extreme switch, all I have to do is select port 11 as the "monitoring" port and select port 13 as the port I want to monitor.  This part is easy enough.
I'd like to use Wireshark as the utility to capture the traffic.  Installing Wireshark on the laptop I'll be plugging in to port 11 is no problem.  However, tutorials I've seen so far are not specific enough to tell me "how to" set up Wireshark to capture/store the traffic that's traveling across port 13.
Please advise.

How do you become certified/qualified to do SOC 2 audits? When I try to search this
on google the borg assumes I'm looking to pay someone to audit my company.
I'm looking for - if you wanted to be an auditor of companies to assure their
SOC 2 compliance, what process would you need to go through?

I am looking for  software solutions  that will allow me to Visualize Network Traffic .
The aim is to quickly pick up on network isssues .

What do you guys recommend?

I need to design a topology of our network for a meeting that shows all the network servers and communication appliances.  What software can I use that is simple or free to do so?

Thanks

Which can be a good software to monitoring the network, for example to know which computer is using alot of data in the network

Free or buy

I am setting up our infrastructure to enable remote phones on a new phone system we installed. The phone vendor requirements were fairly simple, port forward UDP 443 to a device on our DMZ(the virtual machine). Easy, or so I thought.



Everything looks good from the Firewall end. If I plug in the phone, I can see the traffic hit the firewall, and be forwarded to the device lets say is 11.11.11.11. No issues I can see from the firewall end. It's a Barracuda NG F280, I have gone over it over and over with Barracuda support and they see nothing from their end.



The issue is that traffic never hits 11.11.11.11. I have set up a monitoring VM on my DMZ with wireshark, never see the traffic. The VM has a packet monitor built in so I can create packet captures on the interface directly, never see the traffic. If I run a netcat cmd for UDP 443, I see nothing. I see other traffic. If I ping 11.11.11.11 from anywhere else on the network, I see it. There is nothing between this device and the Firewall, except the VMWare hypervisor.



I am at a loss at this point. My Firewall vendor says it isn't on their end, my phone vendor says it isn't on theirs. I believe that to be the truth, but I don't know what else it could be. Does anyone have any ideas? Only thing I can think of is something in VMWare, but I have never seen VMWare block traffic like that before.

Some more info:

Seems localized in some way to port number. If I change my forwarding rule to port 3300 instead…

Thousand Eyes seems like a really good software.  Helped me to figure out routing issues.  Love to deploy it our Data centers. Worth to have paid account?
Wonder what other forks are using?