firewall

Site to Site VPN behind router (ADSL)

In most cases, a branch (remote) office uses a static outside IP address to connects to a main office and we covered that in a previous post.

We configured a site-to-site IPsec VPN between two Cisco ASA firewalls with static IP address on both end, and also we covered site-to-site VPN with Dynamic IP on one end.

What if one of the remote ASA firewall at branch office is behind provider router (ADSL) and have a dynamic public IP from the ISP?

In this post I will take you through the steps to configure a PPPoE, IPsec/GRE VPN tunnel behind provider router (ADSL) with dynamic IP in the remote office.

more …

 

Advertisements

Cisco Site to Site VPN (Dynamic to Static)

In most cases, a branch office uses a static outside IP address to connects to a main office by configuring a site-to-site IPsec VPN between two Cisco ASA firewalls with static IP address on both end, But what if one of the remote ASA firewalls has a dynamic IP address?

more …

Palo Alto Layer 3 deployment

pa_00

Layer 3 is the classical deployment method for the PA firewall, and it is always considered the standard and most powerful deployment method because it has all of the functionalities, while other deployment methods have some limitations (example of the other deployment methods are virtual wire, layer 2, etc …)

In this tutorial, I will explain Layer 3 Interfaces deployment.

more …

The Concept of PaloAlto configuration management – P1

The concept of configuration management

PA configuration management has powerful functions to manage configuration, but at the same time it can be very confusing if you are used to other firewalls vendors. So, let me explain the concept of configuration management, and how to set it up in the right way in order to be effective to make a full use of it.

I would like to share my experience with you. Let’s start with configuration management; on a Palo Alto firewall, there is a dedicated Management plane and Data plane.

more … concept of Palo Alto configuration management

Forefront Threat Management Gateway

forefront_tmg

Forefront Threat Management Gateway (TMG) 2010 is an integrated edge security gateway from Microsoft. It is a Common Criteria certified (EAL4+) enterprise-class application-layer firewall that includes support for proxy services (forward and reverse proxy), content caching, and VPN (both site-to-site and remote access). Forefront TMG is licensed per processor; no client access licenses are required. It can be deployed in all of these roles, or any subset of them.