What is the difference between Firewall and ACL?

ACL is part part of  Firewall. And Firewall is a whole security package. 

Firewall is a complete network security device or software that monitors and filters incoming and outgoing network traffic based on the security policies applied. 

An access control list (ACL) is a list of rules that specifies which users/systems/IP's are allowed or denied access to a particular system resource or network. 

What is Redistribution in Routing Protocols?

It is a concept by which two different routing protocols can communicate and exchange routing information with each other. 


Note: In below command OSPF shares routes learned from BGP Protocol with its OSPF neighbor. 

router ospf 100

router-id 2.2.2.2

redistribute bgp 10 route -map iBGP2OSPF


What is the Difference between Classless and Classful Routing?- Ask a network expert to learn in simple words

Classful routing do not advertise the subnet mask information along with the network prefix, while classless routing do advertise subnet information. Hence by this in classless routing VLSM will not be supported, even if added or advertised it will still consider the default class of the subnet. 

Packet Flow in Checkpoint Firewall

How Does the Pakcte Flow in Checkpoint Firewall?

SAM Database (Suspicious Activity Monitoring)

Address Spoofing

Session Lookup

Policy Lookup

Destination NAT

Route Lookup

Source NAT

Layer 7 Inspection

VPN

Routing.


Above is the various activities the cpaket is subjected to once a packet reaches a Checkpoint firewall. 

HPE Aruba Switch DHCP Server Setup Commands.

I will try to put the commands for Two vlans, One is a normal vlan - Test1 and the other a voice vlan so that I can include the voice command as well.  Bold characters are the commands and rest are descriptions. 

vlan 3  (vlan number)

   name "Test1" (vlan name)

   untagged 20-30 (untagged/access ports should be unique, 2 ports cannot be in same vlan as untagged)

   tagged 1 (Tagged ports/trunk for the vlan)

   ip address 10.10.10.1 255.255.255.0  (Ip address and subnet for the vlan)

   dhcp-server  (To enable DHCP Server for the VLAN)

   exit


vlan 5 (Vlan number)

   name "Test2" (Vlan name- Voice vlan)

   untagged 10-20 (Unatgged Ports)

   tagged 1-10 (Tagged Ports)

   ip address 10.20.20.0 255.255.255.0 (Ip address and subnet for the vlan)

   dhcp-server  (To enable DHCP Server for the VLAN)

   voice (Enable as Voice Vlan)

   exit


Above are the 2 vlans setup now we will see the commands to setup the DHCP Server, note both commands are to be setup on the same switch. The DHCP Server is setup compared based on the network ip address of vlan and not by name or anything else. 


dhcp-server pool "Test-1" (Changes name and added a - to prove that it will still work and not compare on name )

   authoritative (When DHCP server is configured as authoritative, the server will respond to all the received DHCP REQUEST packets belonging to the subnet. In Non-authoritative DHCP Server, DHCP INFORM packets received from the clients on a non-authoritative pool will be ignored.)

   default-router "10.10.10.1" (Default Router for the Pool)

   dns-server "10.10.10.20, 8.8.8.8" (DNS Servers you use or have)

   lease 08:00:00 (Lease duration this should be in Days-hours-minutes format)

   network 10.10.10.0 255.255.255.0 (Network Ip address and subnet)

   range 10.10.10.100 10.10.10.200 (Range you wanna configure the dhcp clients)

   exit

dhcp-server pool "Test-Voice"

   authoritative

   default-router "10.20.20.1"

   dns-server "10.10.10.20, 8.8.8.8"

   lease 08:00:00

   network 10.20.20.0 255.255.255.0

   option 150 (if you wish to add a additonal option to be considered- option <type> <value>)

   range 10.20.20.100 10.20.20.200

   exit

dhcp-server conflict-logging (Log any conflicts)

dhcp-server enable (Command to enable the DHCP Server- if you want to later change any above values you will have to disable DHCP server by dhcp-server disable command go to the pool and change values and enable again DHCP server by dhcp-server enable command for the changes to take effect)


Please leave comments if you have any questions. 

Chrome how to delete a Auto Fill Suggestion

You might have entered a wrong value in username or address or any field you have to fill in a website in Chrome. And once filled and moved to next page, every time you go back to the same page it always suggests the wrong or previously filled value which you might not need now. 

I encountered this issue where I was not knowing my AWS website login username,  so I had tried many combinations and I used AWS website not so frequently and had many times tried using different usernames and all had been stored in history. So after few months if I come back to the website the suggested usernames were many, I again landed at square one where I had to again remember or search through emails to identify my correct username. Tried many ways to delete the auto fill suggestions, previously used usernames so that it does not show it again and should only show the one that is correct. 

I got lot of suggestions to delete the Autofill form data from History, option shown below. However this would delete entire suggestions and I wanted only tweaks or remove only few of them. I had to remove address suggestions as well which I wrongly entered earlier and as the length was huge I was not be able to guess which one is correct from the suggestions as the wrong word was at the end and the suggestions showed up only few words at the starting and that was same for both the suggestions. 


Somehow was lucky recently and found a solution for the same online. And found below steps easiest to follow and remember. 

1. Open a web page in which a data field showing the problematic value appears. 

2. Double-click (Select) the field to make it show its drop down (Auto Fill Suggestions).

3. Highlight the problematic value with your mouse or scroll up and down.

4. Once highlighted Press Shift+Delete

Now the deleted values will not appear as suggestions and AWS only showed me the correct username and was able to get rid of the hassle. 

Let me know if this was able to resolve your issue or if you are looking for something else. 




Google Pixel and Moto and Android 11 Phones WIFI Connection issue with Corporate Enterprise Aruba WIFI.

We have seen since some time that with Aruba WIFI infra in offices Google Pixel phones basically above Pixel 3a and Moto phones with Android 11 and also Moto G4 Plus running Android 8.1.0 are unable to connect to WIFI. We receive the error message as “Authentication problem" or “Access Point Temporarily Full”. 

Why the issue is caused is  explained in the below articles. 

https://www.xda-developers.com/android-11-break-enterprise-wifi-connection/


The solution to these issues are given in below article by google. 

https://support.google.com/pixelphone/answer/2844832?hl=en 


The usual step we follow is to select DO Not Validate in the CA certificate option while trying to connect to Corporate WIFI from other phones. However this is grayed out in these phones. 

Steps to be followed. Download the certificate from Aruba central, you can do the same by following the steps in below article. From GUI, I did not see the download option. You can further research and let me know in comments if you find a way. 

https://www.arubanetworks.com/techdocs/Instant_41_Mobile/Advanced/Content/CLI_commands/download-cert.htm

Next on the Phones download the same certificate and follow below steps to install the same on Phone. 

Install a certificate

  1. Open your phone's Settings app.
  2. Tap Security And then Advanced And then Encryption & credentials.
  3. Under "Credential storage," tap Install a certificate And then Wi-Fi certificate.
  4. In the top left, tap Menu .
  5. Under "Open from," tap where you saved the certificate.
  6. Tap the file.
    • If needed, enter the key store password. Tap OK.
  7. Enter a name for the certificate.
  8. Tap OK.


Once the certificate is installed and you have mentioned a name for the same. Select the Corporate WIFI SSID to connect and choose options as below and try connecting. In CA Certificate option choose as Use system certificates and as we have already saved the certificate on your phone this should work. 


Hope this helps. Let me know for any concerns.