Say whaaaatttt???????? Ok, so you have a Checkpoint firewall with a whole lotta NATed addresses. The router won’t find these NATed addresses though unless you go through a painful procedure to enable proxy-arp on the Checkpoint or you have to add static host entries to the router pointing to the interface IP on the Checkpoint.
What year is this because I seem be in the 90’s.
I know some people really love Checkpoint but every exposure I’ve had has left me scratching my head wondering if they could have done things any more atypically.
So yes, Checkpoint administrators, have no fear. The router jockeys will fix your broken crap again.
scott Cruft, Networking, Security
I’ve had a TC1100 for a while now. I just decided to get a new battery since the old one wouldn’t hold any charge. So as I sit here using it with Win7 it occurs to we that this is pretty much the exact same size as the iPad. Sure its a little thicker but the screen is the same. Even down to the bezel. So whats different? For one thing this requires a pen. This is a good thing and bad. The handwriting recognition isn’t too bad but I do have to fix things sometimes. Plus everything requires the pen. Sometimes it would be nice to just flick something with my finger. So, despite being a really cool form factor I can see how the iPad would be alot easier to use.The lack of camera really annoys me but maybe I can live without that after all. maybe…
scott Cruft
Ran across this tonight. Someone had entered a prefix-list with the name “at& ;t” instead of “at&t” (wordpress didn’t like it either so I added the space between the p and the ; but they should really be together.
Oddly enough, IOS wouldn’t allow the bad line to simply be deleted. The “;” had to be removed so that the no command included “at&t”
Probably some sort of a regex problem or an ascii escape character but it’s still kind of strange.
scott Cisco Routing and Switching, Cruft, Networking
I’ve been trying to figure out why a pair of Cisco IPS (AIP-SSM in this case) wouldn’t auto-update signature files or connect to the new Global Correlation feature. The management interfaces were located on a subnet that was between the firewall and the internal L3 switch. The internal LAN’s are on the other side of the switch.
I’ve known for a long time that Cisco ASA’s don’t support sending ICMP redirects. Because of this the IPS’s default gateway couldn’t be set to the FW interface. If I did that they would never be redirected to reach the internal networks. I’ve never had a problem with IOS doing ICMP redirects though, so the IPS’s have been using the switch VLAN interface as the default gateway. The switch sends ICMP redirects when the IPS needs to get out to the internet and the traffic goes direct to the firewall.
Except it doesn’t. I could swear it did at one time in the past. Either my memory is faulty or an image update on the IPS broke it. Now, it seems the IPS tosses ICMP redirects. My guess is it worries about man in the middle attacks and and ICMP redirect is a possible sign of that. So even though the switch is doing the correct thing the IPS disregards it.
Moved the IPS management interface to one of the internal LAN’s and all is happy now.
scott Cisco Routing and Switching, Cruft, Networking, Security
Seems they don’t play well together. Sure, basic mouse functions work, including the scroll wheel. All of the extra buttons don’t seem to work at all though. I’ve been keeping an eye out for drivers and nothing yet. Also, I have yet to find anyone else crying about this. It seems strange to me that I’d be the only one with a nice Microsoft gaming mouse on OS X.
scott Cruft, Home and Hobbies
As a fan of flavorful beer I often find myself facing stares of revulsion when I’m enjoying a nice glass of Guinness. What few people realize is that “dark” isn’t supposed to mean harsh, bitter or high in alcohol content. Found this great article:
http://www.nytimes.com/2009/10/28/dining/reviews/28wine.html
All you doubters should read it! You know who you are!
scott Cruft, Home and Hobbies
I’ve gotten a look at a powerpoint with the technical details now. Nothing too earth shattering. More of a natural progression of capabilities and performance.
I’m such a geek. The one cool new feature is that they have finally put in a USB console port. Actually mini USB. I’m not sure of the wisdom of using that over the already present regular USB ports, but that’s ok. I can’t find anything about how that’s going to work. I expect you’ll have to install a driver for USB to COM on windows just like you do with the USB to Serial dongles but this should be Cisco provided.
How cool would it be if there’s a hidden driver for that in Windows 7 already.
Now all we need is a wireless USB KVM and you could manage a whole data center of routers without running more cables. Better have some good security on that!
scott Cisco Routing and Switching, Cruft, Networking
Just stumbled across this post describing why Wave is such a big deal. I think he does an excellent job of describing it, including his follow up post. The idea behind the protocol really is liberating and solves a number of problems. Read it!
scott Cruft, Networking
Reading about Google Wave today as I wait impatiently for my invite. It better come.
I was reading the latest (I think) developer blog update and near the end is this gem:
“We’re also working on larger changes like providing anonymous read-only access to embedded waves — so anyone in the world will be able to see content of published waves.”
I know this was a “want” for me…but wow…
Once this gets enabled you’ll have a forum software killer.
Build a widget that shows “followers” and Twitter is dead. After all, that’s a large part of Twitter’s success. Showing how big your….follower group is is very important.
Facebook features are just a hop skip and a jump away. You can be sure there will be many developers working on that.
Pretty exciting stuff!
scott Cruft, Networking
