Say whaaaatttt???????? Ok, so you have a Checkpoint firewall with a whole lotta NATed addresses. The router won’t find these NATed addresses though unless you go through a painful procedure to enable proxy-arp on the Checkpoint or you have to add static host entries to the router pointing to the interface IP on the Checkpoint.
What year is this because I seem be in the 90’s.
I know some people really love Checkpoint but every exposure I’ve had has left me scratching my head wondering if they could have done things any more atypically.
So yes, Checkpoint administrators, have no fear. The router jockeys will fix your broken crap again.
scott Cruft, Networking, Security
I’ve had a TC1100 for a while now. I just decided to get a new battery since the old one wouldn’t hold any charge. So as I sit here using it with Win7 it occurs to we that this is pretty much the exact same size as the iPad. Sure its a little thicker but the screen is the same. Even down to the bezel. So whats different? For one thing this requires a pen. This is a good thing and bad. The handwriting recognition isn’t too bad but I do have to fix things sometimes. Plus everything requires the pen. Sometimes it would be nice to just flick something with my finger. So, despite being a really cool form factor I can see how the iPad would be alot easier to use.The lack of camera really annoys me but maybe I can live without that after all. maybe…
scott Cruft
Ran across this tonight. Someone had entered a prefix-list with the name “at& ;t” instead of “at&t” (wordpress didn’t like it either so I added the space between the p and the ; but they should really be together.
Oddly enough, IOS wouldn’t allow the bad line to simply be deleted. The “;” had to be removed so that the no command included “at&t”
Probably some sort of a regex problem or an ascii escape character but it’s still kind of strange.
scott Cisco Routing and Switching, Cruft, Networking
I’ve been trying to figure out why a pair of Cisco IPS (AIP-SSM in this case) wouldn’t auto-update signature files or connect to the new Global Correlation feature. The management interfaces were located on a subnet that was between the firewall and the internal L3 switch. The internal LAN’s are on the other side of the switch.
I’ve known for a long time that Cisco ASA’s don’t support sending ICMP redirects. Because of this the IPS’s default gateway couldn’t be set to the FW interface. If I did that they would never be redirected to reach the internal networks. I’ve never had a problem with IOS doing ICMP redirects though, so the IPS’s have been using the switch VLAN interface as the default gateway. The switch sends ICMP redirects when the IPS needs to get out to the internet and the traffic goes direct to the firewall.
Except it doesn’t. I could swear it did at one time in the past. Either my memory is faulty or an image update on the IPS broke it. Now, it seems the IPS tosses ICMP redirects. My guess is it worries about man in the middle attacks and and ICMP redirect is a possible sign of that. So even though the switch is doing the correct thing the IPS disregards it.
Moved the IPS management interface to one of the internal LAN’s and all is happy now.
scott Cisco Routing and Switching, Cruft, Networking, Security
Seems they don’t play well together. Sure, basic mouse functions work, including the scroll wheel. All of the extra buttons don’t seem to work at all though. I’ve been keeping an eye out for drivers and nothing yet. Also, I have yet to find anyone else crying about this. It seems strange to me that I’d be the only one with a nice Microsoft gaming mouse on OS X.
scott Cruft, Home and Hobbies
Well, I guess I better get a post in for the month of November. Ugh, it’s been a long month. Anyway, fiddling with free podcasting tools and methods and I discovered some updates in Snow Leopard that are pretty cool.
I little while ago on Leopard I found out that with iLife 09 you could use GarageBand to record a voice chat using Bonjour in iChat. That’s cool but kind of limited. I’m not certain but I think this was not extended to non-Bonjour voice chat’s. That’s not the case with Snow Leopard. Not only can you record your Jabber and GTalk sessions but it’s smart enough to create the right number of tracks if you have a group chat going on with multiple users. And yes, it’ll adjust the title picture track based on the users avatar from GTalk for whoever’s talking.
I’m a little shocked that it works as well as it does.
One thing I haven’t been able to figure out is how to start recording a voice chat and then add in additional local mic’s. It doesn’t seem to be possible so all recording must be done with the group voice chat participants. And I haven’t tried this but I’m guessing that adding users to the group voice chat will not start new tracks in GarageBand. That would be slick if it did.
scott Home and Hobbies, Networking, VoIP
As a fan of flavorful beer I often find myself facing stares of revulsion when I’m enjoying a nice glass of Guinness. What few people realize is that “dark” isn’t supposed to mean harsh, bitter or high in alcohol content. Found this great article:
http://www.nytimes.com/2009/10/28/dining/reviews/28wine.html
All you doubters should read it! You know who you are!
scott Cruft, Home and Hobbies
I’ve gotten a look at a powerpoint with the technical details now. Nothing too earth shattering. More of a natural progression of capabilities and performance.
I’m such a geek. The one cool new feature is that they have finally put in a USB console port. Actually mini USB. I’m not sure of the wisdom of using that over the already present regular USB ports, but that’s ok. I can’t find anything about how that’s going to work. I expect you’ll have to install a driver for USB to COM on windows just like you do with the USB to Serial dongles but this should be Cisco provided.
How cool would it be if there’s a hidden driver for that in Windows 7 already.
Now all we need is a wireless USB KVM and you could manage a whole data center of routers without running more cables. Better have some good security on that!
scott Cisco Routing and Switching, Cruft, Networking
Just stumbled across this post describing why Wave is such a big deal. I think he does an excellent job of describing it, including his follow up post. The idea behind the protocol really is liberating and solves a number of problems. Read it!
scott Cruft, Networking
