Author: admin@labtinker.net

Herein is the last in the series of how firewalls can be configured to block applications running on non-standard ports, specifically ssh. Today’s firewall vendor is the venerable Checkpoint and once more for the purposes of the lab I will reluctantly direct more moolah to Jeff Bezos’ bulging coffers by selecting the appropriate device from the AWS marketplace. Initially, I chose this… …and it took […]

In a series only midly less compelling than GoT we see how the Cisco ASA firewall fared in stopping ssh over non-standard ports. (Spoiler alert: this lab did not go well) SPOILER ALERT: I didn’t get this working and this post descends into a mild rant on ASAs in AWS. I did get it working in this post: Cisco Once again I headed to the […]

In the previous post we saw how a Palo Alto fared in blocking applications running on non-standard ports and in this one we’re going to try the same exercise with a Fortigate firewall. Once again, I don’t have a physical Fortigate firewall to hand so used one in the AWS Marketplace: On the following firmware version: I used the same topology as I did with […]

Initially, I wanted to explore the ways that different models of Next Generation firewalls defeat (or not) the simple tunnelling scenario of the previous labs (see ‘SSH forwarding’). In fact, I didn’t really get much further than looking at running applications on non-standard ports but it shows a little of the application awareness abilities of a next-gen firewall, in this case a Palo Alto. As […]