Authentication Firewalls
13 November 2024

Palo Alto Admin authentication with Entra ID and Duo MFA

I wanted to try out Cisco Duo MFA using SAML and loyal readers of this blog will know in posts passim I set up authentication for a Palo Alto firewall administrator using SAML and ADFS so it seemed a natural progression to try this using Microsoft’s Entra ID (formerly Azure AD) with Cisco Duo. Microsoft Entra ID, which will act as the SAML primary authentication […]

Networking
27 July 2024

SONIC and Leaf and Spine

If that title makes you think of a pixelated hedgehog who has acquired two new sidekicks then you’re probably as old as me. However, SONIC is an open source networking operating system originally developed by Microsoft and its command line will be familiar to anybody who has worked with Cisco. I used it to play with leaf and spine networking. This fine gentlemen provides a […]

Encryption Firewalls
21 July 2024

An Image Problem II

Cyberratings.org, a non-profit technical testing organisation, recently released a report on eight NGFW firewalls. Seven of the vendors’ products tested received a recommended rating and one, Cisco, received a caution for their Firepower Threat Defense product . CyberRatings Announces Enterprise Firewall Test Results – CyberRatings The full report is behind a paywall but more insight is provided here: https://www.sdxcentral.com/articles/analysis/ciscos-enterprise-firewall-receives-caution-rating-from-cyberratings/2024/06 I happened on this through an […]

Cloud
13 June 2024

Palo Cloud Event

The cloud in question was literal as I recently attended a SASE event at Palo Alto’s London offices which are in the cloud(s). Loyal readers will remember my picture of the view from Fortinet’s London office but Palo’s office is even higher. I have a smart phone which could have probably filtered, cropped and improved the quality of these images but needless to say I […]

Firewalls
4 May 2024

An Image Problem

They say write about what you know. Even if what you know about is reimaging Cisco firewalls? They probably didn’t mean write about that but never mind we’ll press on and not hold our breaths for the movie to come out. For reasons I won’t go into I recently had to re-image a Cisco FMC 1600 and two 3100 series FTDs. My main takeaway from […]

Op-ed
14 April 2024

What do those three dots do?

I have suppressed the urge to write an ‘is it just me?’ piece for some time now. However, what’s the point of having a barely-read blog if you can’t indulge yourself once in a while? When did GUIs stop being practical portals to the functions you need and become abstruse hieroglyph-strewn gateways? Do GUI designers hark back to happy days playing D&D where a treasure […]

Firewalls Networking
21 March 2024

FortiGate SDWAN – Out of the Lab

I was recently involved in a project to roll out FortiGate SDWAN on what sounded like an almost text book scenario: two Hubs and two Branches. Obviously, I won’t post the client’s configs in this post but I will attach some configs from a lab that I created to generate configurations and test generally. (Please review with caution. I did a lot of tweaking and […]

Firewalls Networking
18 July 2023

BFG, BGP and BFD

If you were a Big Friendly Giant and wanted fast BGP convergence,you might well investigate BFD. (OK, now I have justified my alliteration we can move on) In the previous post, we had a resilient BGP topology which I will remind us of here: When the FG1 Fortigate was shutdown it took BGP between two and three minutes to re-route traffic through FG2. Popular wisdom […]

Firewalls Networking
28 June 2023

Fortigate and BGP

Last week I attended an event at Fortinet’s offices in London which are on the 26th floor of a building in the City. With a view like this you’d be forgiven for spending a lot of time looking out of the window Today, I’d like to tinker with BGP on Fortigates. (I have to declare an interest I got a couple of pens, a nice […]

Encryption Firewalls
26 April 2023

IKEy no Likey NAT-T

I was recently drafted into help fix a VPN between a Fortigate in Azure and a good old fashioned on-prem ASA. The former had been deployed by some ARM templates and the latter had some config in place but ,it transpired, not enough. Fixing it brought to light two issues. The first is my offering to the Googlesphere: Issue One Do you know that happy […]