the worlds gone mad

we've lost the hope we had

Posted on 22 March 2018   6 min read

VSS Recovery mode

vss recovery mode scenario

Dual-active Detection (DAD) is designed to prevent a split-brain scenario where both VSS supervisors become active in the event of a VSL link failure. It uses a separate (from the VSL link) secondary communication link to communicate the devices state.
When the VSL link fails the standby switch becomes active and the current active switch is informed of this over the DAD links and goes into recovery mode to stop a split-brain situation occurring.

Posted on 13 January 2018   7 min read

Checkpoint Identity Awareness

identity awareness to identify users

The 3 main elements that run identity awareness under the hub are Active Directory Query (ADQ), PDP and PEP. They all intertwine in some way to allow the different blades of the Checkpoint to track and restrict access based on AD user and machine name. I tested these features as part of a POC and personally I would not consider them fit for purpose in a production environment. See the caveats at the end of the post for more details on this.

Posted on 13 January 2018   1 min read

Deleting Checkpoint Logs

cleaning up checkpoint logs

The directories that need to be emptied to delete all the logs on the Checkpoint managers.

Posted on 26 November 2017   11 min read

vCentre in Azure

vcentre in azure over ipsec and gre

A recent project I was working on involved the need to join a new office to our existing Data Centres and OSPF core using a Gig circuit over the Internet. To flesh out this idea and test its viability I thought I would try and solve an ESX capacity problem I have at home by moving vCentre into the cloud.

Posted on 3 September 2017   2 min read

Change VM Hardware Version

changing vm hardware version in cli

The VM hardware version designates the virtual hardware functions supported by a virtual machine, which relates to the hardware on the host server. A VMware product will not be able to power on a VM with a hardware version higher than what it supports.

Posted on 12 August 2017   3 min read

Checkpoint Portals

functions of all the checkpoint portals

All Checkpoint portals are configured under the Gateway properties.
The IP address of the portal must be that of an IP of an interface on the checkpoint (loopback or physical).
Can either use a different IP for each portal or the same IP for all portals. All portals with the same IP address use the same certificate.

Posted on 9 August 2017   3 min read

iSCSI ESX Datastore

using iscsi for the esx datastore

Due to close scare in my lab I decided to switch the datastore from a single onboard hdd to iSCSI. I use a WD MyCloud EX2 Ultra but there are a lot of more advanced NAS out there with a whole host of extra features. The WD is rather basic but is sufficient for my needs of partitioning it into a backup drive and an iSCSI drive. Since moving onto this I haven’t noticed any real performance degradation in my lab, its run over 1 Gig port.
FEATURED TAGS
ansible checkpoint cisco eve-ng firewall napalm narrowboat nornir palo-alto python routing sd-wan switching vmware vpn
ABOUT ME
about_me_image

old school + new school = no school

UNSOCIAL MEDIA
BOOKMARKS
ARCHIVES
2024 (5)
2023 (2)
2022 (10)
2021 (12)
2020 (2)
2019 (2)
2018 (5)
2017 (11)


fight_club