Too Many TCP Resets

So, recently we enforced some firewall rules on a new environment, we did testing of the environment and everything was working as expected. In about 24 hours a lot of traffic from the web infrastructure was being denied and it continued, at first glance it looked like return traffic was being dropped, the web servers were sourcing at port 443 and the destination ports were using dynamic ports (RFC 6335)

No user or application problems were reported when we enforced rules, and we waited additional days to see if anything came up. Nothing came up, the only thing was a spike in amount of syslog messages of dropped traffic coming from the web servers. So from that point it really wasn’t an issue, but I thought it would be interesting to see what was going on. Continue reading

Advertisements

Private VLANs

network-cable-ethernet-computer-159304.jpegLet’s start out 2018 with private VLANs, with PVLANs the network gets a little more privacy added to it. When we have privacy on the network we can seclude certain parts of it. Essentially, “you can go about your business – move along, move along”. Private VLANs allow us to segment networks within a single VLAN. So in this post we’ll go over the types of PVLANs as well as setup a network topology with private VLANs, Let’s get started! Continue reading

Enter Cisco Firepower CLI (Read-Only)

You have the FMC installed and connect to FTD device with configuration deployed but for what ever reason there is a problem and you need to enter the CLI on the Firepower device to troubleshoot the equipment and although you can’t configure anything you can do show and debug commands to troubleshoot via the CLI. Continue reading

TFTP & FTP Server on Centos 7

centos_logoIf you ever needed a TFTP or an anonymous FTP server to transfer files, logs, or crash debugs to and from your network devices it can be a little tricky if you don’t have anything setup. There are some free quick programs out there if you are in a pinch for one-time transfers but if you ever wanted to have something in infrastructure that is ready to go for this kind of stuff just follow this tutorial below. I’m using the latest version of Centos 7 minimal, we need to add some house keeping items first so let’s get started! Continue reading

New Problems, New Job, and a New Look

I still consider myself a rookie in this field even though I started my “official” career in the Network/IT space 5 years ago. Why is that? Is part of the reason because of the rapid push that applications are demanding from the infrastructure? For example if we want XYZ app to be ready for testing today and production in a week how would you be able to stand that up manually? You can’t, it really could take weeks to be ready for just testing and that doesn’t fly anymore. Continue reading