Too Many TCP Resets

So, recently we enforced some firewall rules on a new environment, we did testing of the environment and everything was working as expected. In about 24 hours a lot of traffic from the web infrastructure was being denied and it continued, at first glance it looked like return traffic was being dropped, the web servers were sourcing at port 443 and the destination ports were using dynamic ports (RFC 6335)

No user or application problems were reported when we enforced rules, and we waited additional days to see if anything came up. Nothing came up, the only thing was a spike in amount of syslog messages of dropped traffic coming from the web servers. So from that point it really wasn’t an issue, but I thought it would be interesting to see what was going on. Continue reading

Advertisements

Configuring Layer Three EtherChannel

When you want more speed all you need is EtherChannel, EtherChannel can be configured as a layer three logical interface instead of just sitting at layer two. This is very helpful if we are running layer three down to the access layer switches, instead of at the distribution layer. You also could see this in a collapsed core design, we also don’t have to worry too much about STP when we configure EtherChannel’s. The only requirements to use layer three EtherChannels is your switch need is support layer three “routed” interfaces, so with that let’s get started!

Continue reading

Private VLANs

network-cable-ethernet-computer-159304.jpegLet’s start out 2018 with private VLANs, with PVLANs the network gets a little more privacy added to it. When we have privacy on the network we can seclude certain parts of it. Essentially, “you can go about your business – move along, move along”. Private VLANs allow us to segment networks within a single VLAN. So in this post we’ll go over the types of PVLANs as well as setup a network topology with private VLANs, Let’s get started! Continue reading

Factory Reset Firepower 2100

In this short guide I wanted to walk through the steps to do a factory reset for the Cisco Firepower 2100 series. When doing these resets all configuration and the administrative password are removed, as well as the FTD (Firepower Threat Defense) app-instance. When the unit starts to boot it will reinstall the FTD app-instance to default configuration.
Continue reading

VLAN Access Lists (VACLs)

VACLs are another good layer of security to help control who can talk to who, much like  access control lists that are in firewalls and routers, however the difference is VACLs operate at layer two of the OSI model. There could be situations where you have multiple hosts on the same LAN and want to block traffic from reaching certain hosts within that same network, how would you go about blocking that type of traffic without using a router or firewall? (Hint: Create a VACL)

Continue reading