We have set up IPsec site to site VPN using FortiGate firewall in web GUI, however sometimes, you may not have the access to the web GUI so the only option is to build the IPsec tunnel and route the traffic by using the command line interface (CLI). So how do we do that ? …
Saifudheen Sidheeq
If you’re new to MikroTik routers and eager to explore its functionality, the best way to learn is by using real hardware. However, investing in a router right away might not be ideal, and you’d prefer to test things out in a lab environment. So, what can you do? A great solution is to use …
We have looked at how you can set up an IPsec VPN between two FortiGate firewalls in our last blog article, and it works great. But sometimes you will have multiple subnets that you would want to route through the FortiGate firewall, so how do you route multiple subnets across the IPsec tunnel using the …
We have set up IPsec in one of our previous articles, and some readers reached out to me and said, yes the tunnel came up and I can initiate communication towards the other side, but what if I have multiple subnets how do I enable the communication to both sides? So, in this blog article …
PfSense is an open-source firewall that you can deploy in practically any network you have. There is a community version of the software, which is completely free, and there is also paid hardware you can acquire from Netgate. Compared to other firewalls, it doesn’t cost as much. In addition, you have another router called MikroTik, …
You’ve got a brand new MikroTik router and now you’re wondering how to set up IPsec between your headquarter’s FortiGate firewall and this new MikroTik router. For those of you new to MikroTik, it might feel somewhat overwhelming to understand its functionality, especially when you’re trying to configure the IPsec site-to-site VPN between the FortiGate …
When it comes to MikroTik, you can pretty much run everything out of the box using the Quickset option. However, sometimes you may want to override the initial basic configuration manually. So, in this blog article, we will start configuring MikroTik from scratch. You might be thinking where do I begin with the basic configurations, …
MikroTik is a popular router used by many home users, small businesses, and even branches of large enterprise networks. When it comes to connecting MikroTik to the internet, sometimes you may encounter a pppoe connection. Out of the box, MikroTik has ether1 configured as the WAN port and ether2 as the LAN port. If your …
We have setup MikroTik in different environments, its time for us to build IPsec tunnel between two sites where we have MikroTik routers. What is the IPsec tunnel in MikroTik ? An IPsec tunnel in MikroTik refers to a secure communication channel established between two remote sites or networks using the IPsec (Internet Protocol Security) …
The MikroTik router has gained popularity in recent times for home and small business branch deployments due to its support for firewall features and IPsec compatibility. One of the key advantages of this hardware is its affordability compared to other vendor products, which has contributed to its growing popularity. Another advantage of the MikroTik router …
If you have just acquired a MikroTik router and you’re unfamiliar with it, this blog article will guide you on getting started. Feeling a bit overwhelmed is completely normal when dealing with a new MikroTik device, especially if it’s your first time setting it up for a small branch office. In this blog article, we’ll …
In the previous blog post, we discussed how to set up different user permissions in pfSense. Now, we’re going to take it a step further and configure pfSense to communicate with the RADIUS server. This configuration allows for user authentication into the pfSense dashboard. If you’re planning to use OpenVPN on pfSense, you can use …
When introducing a pfSense firewall into your environment, you initially have complete control over the firewall by default. However, when granting access to the operations team, you need to implement different levels of permissions. This ensures that L1 engineers cannot inadvertently shut down critical components on the pfSense firewall. Unlike Cisco, where you can utilize …
The other day, I was trying to set up a radius client to talk to the NPS server in windows, and everytime when I try to authenticate against the windows NPS server, it fails. Finally I was able to find the issue, and it was related to the windows firewall blocking the radius request, hence …
When you deploy a cisco ios network infrastructure, we would set up the local account for the initial configuration, and later we would require some sort of centralised radius or tacacs + location that will help you authenticate the cisco devices. It is not ideal to use a local account, because, as in when the …
The Microsoft Active Directory (AD) is one of the most popular centralized domain controllers available today. In most enterprises, you will find Microsoft AD deployed as the primary system. Sometimes, you may want to manage your VPN or network infrastructure using the same centralized server to act as a RADIUS server. To accomplish this, you …
When I first delved into Ansible automation, my curiosity led me to explore the process of backing up my entire infrastructure. However, I couldn’t help but feel overwhelmed by the amount of work it entailed, causing me to hesitate for quite some time. Eventually, I mustered up the courage to give it a try, and …
In our latest blog article, we successfully set up a control node for network automation. If you haven’t followed the outlined procedure to set up the control node, I highly recommend going back here and reviewing it. Now, in this new blog article, we will embark on creating our very first playbook for Cisco IOS …
Ansible is a powerful automation tool used by many organizations worldwide. Initially, it gained popularity for managing Linux and Windows machines, but network automation was a trend that took some time to catch up. However, in recent times, even networking teams have started adopting the infrastructure-as-code strategy. There are numerous automation tools available for network …
This is the continuation of the last blog article, where we have taken a look at how you can set up redundant IPsec tunnels between two palo alto firewalls with dual ISPs. So if you have not set up the IPsec tunnels yet, I would suggest you go back to the article here, and set …
You got a palo alto firewall at the edge of your branch network and the headquarters, and you are planning to run IPsec with a dynamic routing protocol on top of it. But you are confused with all the IPsec and BGP configurations, even if you get everything up and running how do you manage …
You have been working with KVM and heard about the Proxmox hypervisor which is a greate alternative to KVM. Mainly because of the nice web GUI it provides, similar to the one found in vmware esxi. At the same time, in KVM, you are missing out on the GUI experience that you get with vmware …
Proxmox is one of my favourite hypervisors out there, though it does not support all the features that ESXi provides, it is still a great alternative to ESXi and moreover it is open source and free for anyone to use it. Only when you need to get a support you need to pay, other than …
The other day I was trying to install Proxmox in VMware workstation, which requires me to do nested virtualisation, and all of the sudden at the start of the installation, I got an error ‘Virtualized Intel VT-x/EPT is not supported on this platform. Continue without virtualized Intel VT-x/EPT?’ If I click on Yes, I would …
Palo Alto Networks is a leading provider of next-generation firewalls, and in my previous blog article, I have covered several topics related to the Palo Alto Firewall. In this article, I will provide a step-by-step guide on how to set up a basic DMZ configuration in the Palo Alto Firewall. By the end of this …
The pfSense firewall is a great open-source product that you can set up in your home network. If you would like to use it in an enterprise network, you can use a different version of the same product called pfSense Plus. Both products are identical, but the enterprise derivative receives the latest feature upgrades and …
The Sophos firewall is a powerful next-generation firewall commonly used by enterprise networks. As a network administrator or engineer, you may want to set up a test environment where you can make changes without impacting the production network. The best and cost-effective way to do this is by setting up a virtual lab. In this …
Two important aspects of networking are documentation and consistency in following standards. Once you have both in place, it will help you in the long run when it comes to managing, troubleshooting, configuring, planning, and expanding your network. There are many network documentation tools available, but one popular open-source software among network engineers is NetBox. …
You followed the steps here to install windows 11 on your KVM environment. Now, you want to access the virtual machine for your day-to-day use. how do you go about and access the windows 11 guest virtual machine from your host operating system? There are two ways you can connect to the guest windows machine. …
There are several firewall vendors, and Sophos is one of them, when it comes to network security. Many Enterprise customers utilize Sophos Firewall at the network’s edge, and it can also be used in a home lab. But not many of us have the resources to purchase expensive equipment and install it in our home …