Deploying vSRX on Microsoft Azure

LINK

Vyatta OS from Brocade

vSRX Virtual Firewall

vSRX Overview

Organizations are increasingly moving workloads to the cloud to capitalize on virtualization benefits—but with that move comes new security requirements. Enter the vSRX Virtual Firewall, providing scalable, secure protection across private, public, and hybrid clouds.

The vSRX offers the same features as our physical SRX Series firewalls but in a virtualized form factor for delivering security services that scale to match network demand. It offers the same features as the SRX appliance, including core firewall, robust networking, full next-gen capabilities, and automated life-cycle management. Handling speeds up to 100 Gbps, the vSRX is the industry’s fastest virtual firewall.

It supports Juniper Contrail, OpenContrail, and third-party software-defined networking (SDN) solutions and integrates with cloud orchestration tools such as OpenStack. Junos Space Security Director with Policy Enforcer enables automated security enforcement, giving you unified management and visibility for physical and virtual assets through a common interface.

Private Cloud

Deployed in your private cloud, vSRX protects against the lateral spread of advanced threats between virtual machines within your network borders. It provides scalable application security for dynamic workloads and protects mission-critical applications from known and unknown threats. It supports VMware ESXi and NSX and KVM/OpenStack (Ubuntu, Centos, Redhat) private clouds.

Public Cloud

The vSRX Virtual Firewall helps you seamlessly extend your private cloud into public cloud environments, securely moving data and workloads with ease. As a VPN gateway, the vSRX provides remote users with safe access to their workloads. As a segmentation gateway, the vSRX protects public-cloud workloads by blocking lateral threats using application policies that help maintain security and compliance. The vSRX is available on Amazon Web Services (AWS) Marketplace, AWS GovCloud (U.S.), Azure Government Cloud, and Microsoft Azure Marketplace.

LINK

sdn

5 SDN Concepts You've Gotta Know

13oct

789

Bidirectional Forwarding Detection (BFD)

https://www.networkworld.com/article/2222648/cisco-subnet/bidirectional-forwarding-detection--bfd----a-beginning-and-an-introduction-------.html

789

456

RawCap and Wireshark: How to capture and analyze local traffic from host machine to itself

Wireshark is an incredible resource when it comes to capturing and analyzing network packets or traffic. 

Unfortunately, on Windows, Wireshark is unable to capture packets or traffic sent from a host machine to that same host machine. This is due to the fact that such local traffic is not sent over a real network interface, but instead (in many cases) is sent over a “loopback interface”. Loopback traffic can be captured on a variety of operating systems including Linux, BSD (including MacOS), however loopback traffic cannot be captured on Windows, Solaris, and HP-UX. 

In this post we will address how to capture local traffic on Windows and how to analyze that traffic using Wireshark.

Before we get started, it’s worthwhile to point out that Wireshark uses libpcap to capture live network data. libpcap is a library present on most modern UN*X platforms. 

On Windows, Wireshark uses WinPcap which is a version of libpcap for Windows. WinPcap is not present in vanilla Windows installations, but fear not, the Wireshark installation simplifies this by prompting to also install WinPcap. 

Packet capture tools like Wireshark also typically allow you to save packet capture data to a file. These files have general have the extension .pcap, although .cap and .dmp are also common extensions.

The reason Wireshark cannot capture loopback traffic on Windows, is in part due to the fact that Winpcap relies on the network driver stack. On Windows, this stack does not expose localhost calls.

So, What do we do?

We can use a raw packet analyzer, for example RawCap. RawCap can sniff any interface that has an IP address, including 127.0.0.1 (localhost/loopback). RawCap also enables you to save captured traffic as .pcap file! This means we can still use Wireshark to analyze our captures! Awesome!!

Using RawCap is easy simply execute C:\> RawCap.exe

DONE...We can then analyze the pcap file using Wireshark:




123

123

Port forwarding illustration

Before you understand what is port forwarding, you need at least basic understandings for below concept:

#1 IP addressing

#2 What is switch and router

#3 Inside network and outside network

Basically when you sign up a Home Internet plan with your service provider, you are provided with a router a.k.a router or gateway.

This device connects you to the Internet. You can either connect yourself to the router using LAN cable or WIFI method.

Everything works fine until you want to access your Home IP Camera remotely. You may be at office or travelling at foreign country. For example, you can still accessing to the IP Camera as long as you have internet connection, 4G or broadband connection.

Be default, due to the security, the router will not allow you to access inside network when you are at outside network. You can only access Internet (outside) when you are at home (inside) OR you want to access the IP Camera (inside) when you are at Home (inside).

To overcome this problem, you need to configure Port Forwarding in the router.

Below is a detailed diagram that shows the overall progress when you want to access the IP Camera via the Port Forwarding method.

Copyrights Axis

CCNA

1. Please tell me how many questions in the real CCNA exam, and how much time to answer them?

Until now, you have 90 minutes to answer 50 questions in the real CCNA exam but if your native language is not English, Cisco allows you a 30-minute exam time extension. But there are a few requirements to get this extension, so the best way is asking your teacher or mentor before taking the exam.

2. How much does the CCNA Exam 200-125 cost? And how many points I need to pass the exam?

It now costs $325 (big money, right?) :)

The passing score is 810/1000.

3. How many ways can I get the CCNA certification?

There are 2 ways to achieve this certification:

• By taking two exams ICND-1 100-105 and ICND-2 200-105
• By taking only one CCNA 200-125 exam

4. I got the CCNA certification, will this certification expire?

CCNA certification is valid for three years. To recertify, pass the ICND2 exam, or pass the current CCNA exam, or pass a CCNA Concentration exam (wireless, security, voice), or pass the current CCDA exam, or pass any 300 – XXX professional level or Cisco Specialist exam (excluding Sales Specialist exams), or pass a current CCIE or CCDE written exam.

5. After completing the INTRO exam (ICND 1), students currently have a three-year window in which to complete the ICND exam (ICND 2) to earn CCNA certification. Will this option still exist?

Yes, students will still be able to take and pass the first exam (INTRO or ICND1) and have a three-year window to pass the second exam (ICND2), before the first exam expires.

6. If students fulfill the exam requirements for the CCNA certification, will they also receive CCENT certification?

No, students who certify at the CCNA level will not earn CCENT certification. The purpose of the CCENT certification is to provide an option for those who aren’t ready for CCNA.

(Information from http://www.cisco.com/web/learning/le3/le2/le0/le9/learning_certification_type_home.html)

7. Which sims will I see in the CCNA exam?

The popular sims now are RIPv2 Troubleshooting, DHCP Sim, Access-list 2 , EIGRP TroubleShooting, OSPF Neighbor sims but no one can guarantee you will not see other sims in your exam. So the best way is practicing all sims on this site.

8. How many points will I get for one sim?

Well, Cisco doesn’t tell how many points you will get for each correctly solved sim but from my experience, you will get from 80 to 100 points for each sim. Cisco maybe is a bit rude for sims because you will just get a few points if you can’t solve the sim completely. So be careful with the sims and try to write all the commands on paper many times before taking this exam.

9. In the real exam, I clicked “Next” after choosing the answer, can I go back for reviewing?

No, this is a very important thing about CCNA exam. You can just go forward! You can visit http://www.cisco.com/web/learning/wwtraining/certprog/training/cert_exam_tutorial.htmlto be familiar with the exam interface.

10. What is the key to pass CCNA?

The CCNA exam covers many aspects of networking and most of the topics will be asked. But the most important topic is subnetting so make sure you understand how to subnet. Of course other topics are important too so you shouldn’t bypass them.

11. Can I use short commands, for example “conf t” instead of “configure terminal”? Will I get full mark for short commands?

It is another big question in the CCNA exam. Some reports said that you can use the “Tab” and short commands but some said they didn’t work. Sometimes the simulator in the exam doesn’t accept short commands and marks as “incomplete command”. Besides, no one can guarantee it will cost points or not if you use short commands so my recommendation is you should learn the full commands.

12. What are your recommended materials for CCNA?

There are many options you can choose, but below are materials used and recommended by many candidates:

Books:

• Sybex CCNA 6th edition by Todd Lammle
• Cisco Press ICND1 & ICND2 Certification Guide
• CCNA Networking Academy 1-4 (used in Cisco Academy so there is no link)
• Cisco 640-802 CCNA Portable Command Guide
• Cisco Discovery and Cisco Exploration study guide (used in Cisco Academy so there is no link)

The difference between CCNA Discovery and CCNA Exploration is “CCNA Discovery is designed for students with basic PC skills and can be delivered as an independent curriculum or integrated into broader courses of study at secondary schools, technical schools, colleges, and universities. CCNA Exploration is designed for students with advanced problem solving and analytical skills, such as those who are pursuing degrees in engineering, math, or science”. (Reference from “new CCNA faq”).

Video Training:

• CBT Nuggets
• Train Signal
• Testout

From my point of view, these video are just optional materials and they cost much, you can definitely pass the CCNA exam without buying them. If you have strong budget and want to learn in a more comfortable way then buy them! (but it is difficult to pass if just listening to them without reading books, believe me!)

Simulators (luckily, they’re the best and free):

• Packet Tracer (and you can get real exam labs on my site here)
• GNS 3

GNS 3 is really good and it uses real IOS so all the commands are available but these IOS are copyrighted so it is hard to get. Besides, GNS 3 needs much RAM to run so from my experience you should use the Router c2600 with 64MB RAM to run if your labs are simple (like assign IP addresses, hostname, RIP…). If you need to configure OSPF or EIGRP, use higher router. These two simulators are enough to practice labs for CCNA but if you want to learn about other simulators, check out my Free Router Simulators article. Packet Tracer is light, quick and convenient for common tasks but sometimes it doesn’t act like real devices. A good point of Packet Tracer is that Cisco has many good labs (.pkt files) to practice with.

Websites & Forums:

• Cisco website
• certcollection.org/forum
• examcollection.com
• sadikhov.com/forum
• networking-forum.com
• certforums.co.uk/forums
• mcmcse.com/forums
• proprofs.com/forums
• 9tut.com, 9tut.net of course :)