Skip to main content

Posts

IPv6 - Can We Turn the Global Network into a Firewall Protecting All End Users?

One recurring argument against implementing IPv6 in campus networks is the absence of Network Address Translation (NAT). While NAT is perceived as a security mechanism in IPv4, we need to rethink our approach when working with IPv6. Instead of relying on NAT, we can leverage firewalls to safeguard endpoints. In IPv6, every device receives a routable address. To protect endpoints effectively, we require firewalls to filter unwanted traffic.   But what if we could stop such traffic at the source?   Could this approach convince more people toward adopting IPv6?   According to RFC 7381: “In a /48 assignment, typical for a site, there are then still 65,535 /64 blocks.” and “All user access networks should be a /64.”   Can we use then bit 63 to convey a message: “I don’t want any incoming traffic initiated towards me!!!”? Of course response would be accepted.   We could divide the /64 allocations into two groups: one for servers, and these accept incoming traffic (bit 63 = 0):   for example
Recent posts

CompTIA Security+ SY0-601

    In November last year (2020) CompTIA released a new version of Security+ course. I had a chance to deliver the training recently and I would like to share with you my thoughts.    Before I dive into details it is good to know the prerequisites and its objectives. There are many security trainings out there and before attending it, you should know, which one is for you.    CompTIA Security+ is entry level training in the cybersecurity domain. There are no strict prerequisites but you are encourage to know topics covered in A+ and Network+. You do not need to attend the course or pass the exam, knowledge and experience are more important. Before planning the exam you should review A+ and Network+ exam objectives:   https://www.comptia.org/training/resources/exam-objectives   The updated version has 21 lessons which cover basics, threats, cryptography, risk assessment,  identity management, network security appliances, secure network protocols, incident response, digital forensics, ph

FortiGate - Guía de resolución de problemas

by Efren Teruel Dominguez     He tenido la suerte y el privilegio de poder trabajar, primero como asesor técnico, y luego como traductor al español, de la obra de un colega y amigo mío: https://lnkd.in/gbkqjTT FortiGate - Guía de resolución de problemas Fortigate, a Troubleshooting Guide es un excelente trabajo de Hubert Wisniewski , aprovechando sus muchos años de experiencia en el sector de la seguridad y la formación. Conté con su confianza para este proyecto, que llevó bastantes horas y muy contento de que esté ya disponible a la venta a través de la plataforma de Amazon. Se aceptan críticas constructivas! :D ---------------------------------------- I have had the privilege and luck of being able to work, first as technical reviewer, and then as translator, for my friend and colleague Hubert's guide: https://lnkd.in/gbkqjTT FortiGate - Guía de resolución de problema Fortigate, a Troubleshooting Guide is an excellent work by Hubert Wisniewski , using his many year

SD-WAN on FortiGate (6.2)

SD-WAN is very hot topic and as you may know the functionality is available on FortiGate platform for free. There are huge differences between versions as new features are added or modified. You need to check documentation for a particular version as sometimes the object names are different. The post is valid for version 6.2.  I already published one post about the same topic but it was for version 5.6. Since then, adding VPN has changed and I would like to show the main differences. As per below diagram, we have 2 sites with 2 FortiGate firewalls: FGT1 and FGT2. There are two servers on the left site: - Linux - 10.0.1.20 (ssh) - Windows - 10.0.1.10 (http) There is a requirement to separate traffic to these two servers, but in case of any service degradation or failures, we can use all available links.   We start by enabling SD-WAN (remember - you can have 1 SD-WAN interface per device/VDOM!):    Click "+Create New" and then select "+VPN":     You do not need to pr

FortiGate – Troubleshooting Guide Quick Reference

After many years of working and teaching FortiGate technology I decided to share my knowledge. I focus on troubleshooting. FortiGate – Troubleshooting Guide Quick Reference presents easy to understand techniques of troubleshooting on FortiGate platform. There are many debug command examples, which explain, how to read and understand the command output. The intention of the book is not to teach you how presented technologies work. I do not explain configuration examples but if you do not feel confident to perform troubleshooting effectively, the book is for you.   https://www.amazon.com/dp/B087F95WFT