New Zealand Wood Pigeon – Kereru

Every year these large pigeons come and eat the new shoots from the trees around our house. Here’s a picture of a recent visitor.

Read the rest of this entry »

Restricting Management Access to Fortigate Firewalls

Sometimes it’s just unavoidable that you need to do in-band management of firewalls. This is particularly the case if the firewall is hosted externally – such as within AWS. Here’s a quick recipe on restricting management access to the Fortigate firewall.
Read the rest of this entry »

Juniper OSPF and Unexpected Features

I had an interesting situation in a lab environment the other day. It seems Juniper has been tweaking how OSPF works with their routers with some interesting consequences.
Read the rest of this entry »

Cisco ASA 5505 – Dual Internet Connections with a Base Licence

The client’s requirements were simple: they had an existing Cisco ASA 5505 with a base and unlimited users licence connected to the Internet with a PPPoE interface over ADSL. They wanted to add more bandwidth and redundancy so decided to add an additional 100mbps fibre link. Is it possible? Read on …
Read the rest of this entry »

Small Coffee Table

A recently-finished woodwork project.
Read the rest of this entry »

Juniper Filter-based VLANs

So during my efforts to study for the Juniper JNCIP-Ent ( Enterprise Routing & Switching ) exam, I happened to come across a Juniper switching feature called Filter-based VLANs.

In normal VLAN-based switching, a device’s assigned VLAN is configured on it’s access port and can’t be changed no matter what is connected to that port.

Filter-based VLANs work a bit differently – they allow the engineer to map the VLAN based on packet properties.
Read the rest of this entry »

A Quick Look at AlienVault USM Anywhere

The company I’m working for is ramping up capability to support AlienVault USM Anywhere. Here’s a few notes from what I’ve learned about the product.

Alienvault’s USM Anywhere is delivered as a VM image that can be deployed under VMware, or in a cloud environment such as Amazon AWS or Microsoft Azure. This VM is referred to as the “sensor”.

In brief, it’s a Security Information and Event Manager ( SIEM ). Yes, I know the market is awash with SIEM products ( Splunk, QRadar, etc. ) but Alienvault’s offering is well worth looking at. It’s also cheaper.

Read the rest of this entry »

Transparent Web Proxying with Cisco, Squid, and WCCP

I’ve re-published an old article on performing transparent web proxying with Cisco’s WCCP protocol and Squid.

Read more here.

Welcome to the new site, better than the old site

Welcome to my new web site.

I’ve done a fair bit of work to rebuild my web site from the old manually edited HTML site that was too difficult to maintain. I’ve create this new site as a hosted WordPress site which will allow much easier posting of regular blog entries, and much better formatting.

I’m still filling in old content and tweaking the user interface. Don’t be too surprised if things are a bit broken for a while, or even if the theme changes while you’re browsing – I’m still getting up to speed on using WordPress.