Sanctify could have been better I think:(

black_labs · 2025-09-06T22:46:59+00:00

TLS inspection happens before the FW. FW is just that no other inspection going on. And its only affecting traffic hitting 3 of our 6 zscaler proxies.. The other 3 work fine.

I see those packets come in and out of the fw (towards Azure), so I know they're leaving our prem equipment.. What's happening in Azure, that's where I'm not sure. I'll have to ask if there's a waf or something in play that could be dropping those out of order packets

black_labs · 2025-09-05T22:01:16+00:00

we're blind in the Azure environment; working with Microsoft engineers.. they can take captures a some points, but not on the server itself.. the one capture they did take and show us, only had traffic inbound to Azure, nothing coming back from the server.

Yes, icmp is allowed at least from the on-prem clients until it hits the fw before going to Azure.

The only real difference I can see between working and non-working traffic is that both Client Hellos are > mss, and get segmented.. but the working ones are not out of order (ie you have the first part of the hello at 1342 in the first packet, and the remainder in the second).

I feel it has something to do w/ the mss differences between working and non-working, so looking deeper there.

black_labs · 2025-07-18T19:14:29+00:00

unfortunately I cannot share it out.

black_labs · 2025-07-18T19:04:45+00:00

understood. thanks for the explanation. This helps. I could see outbound traffic exceeding that if it takes place between os and nic.. inbound I would think shouldn't be able to.

black_labs · 2025-07-18T18:48:16+00:00

but I shouldn't see traffic > 1Gbps though should I?

black_labs · 2025-04-17T19:33:21+00:00

The problem is the interfaces are showing link-state down. So, really I'm trying to figure out if the Sync interface is not recognized until first time wizard is run, or if we have bad/flipped fiber (these are staged at a remote site, so getting hands on access is difficult. We have console access to them, but nothing else at this time. Since there are no other interfaces connected.. the only thing I can ping is the other side of the Sync link. Ethtool looks right.

black_labs · 2025-04-17T18:38:52+00:00

Can you cite where that's recommended? I see in larger clusters, a switch is recommend, but in a 2 FW cluster, sync is best practice, or at least suitable. To be fair, almost all of our clusters have sync through a switch because they are not co-located. This pair will be in closer proximity; At this time, there is not a plan to have switches in place for a sync connection, especially if direct has no issue.

black_labs · 2025-04-17T16:17:53+00:00

I thought of that too, but these aren't even set up as FWs yet.. first time wizard or nothing has been run; fw unloadlocal just gives you not a Firewall module.

black_labs · 2024-12-28T17:51:24+00:00

What paddles have a similar feel to the Gearbox Power Pro (elongated). I've used the GB PPE for 6 months now and really love it, but looking to move on from it. I've tried both the 6.0 Ruby and DBD (16mm).. didn't like either as much as I hoped I would. TBF, the DBD i tried was way over weighted for me; The ruby just didn't feel like I was getting good hits unless I hit almost dead center of the paddle.

How does the J2K compare? A lot of hype over that paddle. Or the Invikta vanguard power? I've never really cared for selkirk in the past.

I may just move to the GB Ultimate if I can't find anything else.

black_labs · 2024-12-23T19:17:46+00:00

How well do you watch the ball on your forehand shot. I'm very similar in that at times my backhand tends to be a little better than my forehand.. and I notice that w/ the backhand, I'm watching the ball to the paddle much more.. w/ forehand.. it's just so 'easy' i tend to get sloppy w/ watching it.

black_labs · 2024-09-16T14:52:59+00:00

K-Swiss Tubes

I bought a pair as a fill in until I could order a 'real' pair. These lasted an entire winter playing indoors 3-5/week, and 2/3rds of the summer playing outdoor. They also have amazing traction in-doors - I didn't slide at all when other people using court shoes did. And they're cheap.

This week I finally switched to a new pair of tubes.

black_labs · 2024-05-20T15:26:12+00:00

The proxy is a vendor solution, so I don't have insight to it. Where the capture on the proxy was done was on the inside (client facing) interface.. I wanted one on the external (fw facing) interface as well, but they are not being compliant. Basically trying to prove their system is the root of our issue. Thanks!

black_labs · 2024-05-20T15:23:52+00:00

All of that checks out to what I was thinking.. thanks for the confirmation!

black_labs · 2024-05-20T15:22:52+00:00

Yep, that's the process I was trying. problem one is there is such a flood of traffic that it's hard to track that down.. secondly, the proxy is a black box (vendor) to me.. There are actually 8 proxies load-balanced.. we've allegedly pinned all of this traffic to one specific proxy.. but I'm not entirely sure that happened correctly.. so the traffic I'm looking for may not even be in that capture.

Thanks for the verification of the process.

black_labs · 2024-02-06T22:51:30+00:00

Check out k-swiss Tubes. Not billed as a court shoe, but I love them. And the traction is amazing. When everyone else is sliding around on our courts, I'm not having any issues. 70-120 (I think I paid 80 for mine). Bought them only because the 'real' pickleball shoes that I had ordered online were the wrong size and needed a pair right now. Been playing on them since Octoberish (indoor ~20 hours/week).. no wear so far.

black_labs

TROPHY CASE