What is iRule in F5 Load balancer

An iRule basically is a script that executes against network traffic passing through an F5 appliance. iRules can write simple, network-aware pieces of code that will manipulate network traffic in a variety of ways. Regardless of whether you’re looking to do some form of custom persistence, setting custom settings for the TCP/UDP protocols or rate-limiting [...]

F5 101 Application Delivery Fundamentals-Study Notes-OSI Layer

Explain, compare, and contrast the OSI layers http://www.tcpipguide.com/free/t_OSIReferenceModelLayers.htm  7 – Application Interacts with the user (FTP/HTTP/SMB/SSH/etc.) 6 – Presentation Converts information into data structures that are understandable by/useful to the system (XML/TLV/JSON) SSL/WEP/WPA 5 – Session Allows two endpoints to exchange data for a period of time. NetBIOS, TCP/IP Sockets, RPCs Not necessarily the length [...]

PCNSE Study Notes: Global Protect

Overview GlobalProtect: Solution to VPN Issues Extends NGFW to endpoints Deilvers full traffic visibility Simplifies Management Unifies policies Stops Advanced Threat Components Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal Gateways – Provide Security Enforcement for traffic External gateways provide security enforcement and VPN Access [...]

PCNSE Study Notes: Decryption

Decryption Concepts Encrypted traffic is growing every year PAN’s can decrypt SSHv2 and SSL/TLS inbound and outbound traffic SSL Establishment includes: Client – requests SSL connection Server – sends server public cert Client – Verifies Cert Client – sends encrypted session key Server – begins encrypted communications session When an SSL session is first established [...]

PCNSE Study Notes: Content-ID

Overview Scans traffic for/offers protection against/can do: Software Vulnerability exploits – detects attempts to exploit known software vulnerabilities Viruses – detects infected files crossing the firewall Spyware – detects spyware downloads and already infected system traffic Malicious URL’s – blocks URL’s known to be locations that host or assist any of the content scanned with [...]

PCNSE Study notes: App-ID

Application ID Overview An application is a specific program or feature who’s communication can be labeled, monitored and controlled App-ID does additional work beyond just port Port-based rules use ‘Service’ Application-based rules use ‘application’ Application rules will allow only the application traffic that is allowed (ex: FTP) and not other traffic using that port. Zero-day [...]

PCNSE Study Notes: Platforms and Architecture

Here is the datasheet for the hardware platforms, has some good information to look over! https://www.paloaltonetworks.com/resources/datasheets/product-summary-specsheet Security Platform Overview Recon, Weaponize, Deliver, Exploitation, Installation, Command & Control, Act on Objective NGFW: Identifies and inspects all traffic Blocks known threats Sense unknown to cloud Extends to mobile and virtual networks Threat Intel Cloud: Gathers potential threats [...]

F5 LTM Troubleshooting- Things to check if Pool member is down

Check if the server is reachable from the F5 Load balancer [[email protected]:Active:Standalone] config # ping PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=255 time=3.83 ms 64 bytes from icmp_seq=2 ttl=255 time=2.88 ms ———————————————————— If you want to ping from particular vlan you can specify vlan name after –I [...]

What is Cisco ISE (Identity Services Engine)

Today’s enterprise network is rapidly changing, especially when it comes to employee mobility. Employees are no longer tethered to desktop workstations, but instead access enterprise resources via a variety of devices: tablets, smartphones, and personal laptops, just to name a few. Being able to access resources from anywhere greatly increases productivity, but it also increases [...]

IP address and Subnetting

IP ADDRESS & SUBNETTING Private IP addressing – Subnet Mask calculation – If the CIDR value is /25 then subnet mask will be – In binary – 11111111.11111111.11111111.10000000  (8+8+8+1 = 25) Same way if subnet mask is – the CIDR value will be /18 (8+8+2) Wild card calculation – Whatever the subnet mask [...]