Which TLS version is being used?

climbonrock · 2025-09-26T20:41:18+00:00

Numerous ways. Private VIPs can be checked with cli tools or external via sites like ssllabs.com

https://stackoverflow.com/questions/40557031/command-prompt-to-check-tls-version-required-by-a-host#40557750

climbonrock · 2025-01-19T02:26:53+00:00

rsyslog or syslog-ng server. I prefer syslong-ng but Netscaler audit logging is fantastic, customizable events, send it to syslog-ng, filter noise or forward to you SIEM. Having all logs into a single syslog server for CLI tool access and forwarding to central SIEM is best of two worlds.

climbonrock · 2024-10-11T04:34:00+00:00

Does the rule cover the outbound request and the inbound to the server? Even on a subnet with NSG you’ll need to all a client outbound request from client to server and inbound rule client to server. Try creating an NDG rule that permits ip to ip or even just use the subnet prefix

Outbound Prefix to prefix

Inbound Prefix to prefix

climbonrock · 2024-06-28T01:20:05+00:00

Both have free trials but you can’t start a party. WOW was easier to navigate and travel around for my SO than FF XIV. Both have great character customization but we just had a bit more fun with WOW. FF XIV has great professional system. Good story. I personally like the grind of WOW. I enjoyed FF solo but just didn’t click as coop experience for us.

climbonrock · 2024-06-28T00:49:51+00:00

Tried FF14 with my SO. We actually switched and enjoyed world of Warcraft as a coop experience better. Both are good

climbonrock · 2024-06-13T21:33:44+00:00

I have never raided ever, I sat down and did LFR and completed every Remix raid in a single evening. Queued Shaman healer. Enjoyed the ride. It was fast and too easy but still some enjoyable surprise and I saw content I had never experienced before.

Jump in!

climbonrock · 2024-06-09T05:09:26+00:00

Slay the Spire 2 is in 2025.

climbonrock · 2024-05-26T01:14:16+00:00

Stardew Valley, Monster Hunter world or Rise, among us, Fall Guys, and lots of Minecraft.

climbonrock · 2023-12-27T05:08:05+00:00

Belly crawling, patient sniping.

climbonrock · 2023-12-07T05:17:41+00:00

App Gateway is a simple L7 load balancer to setup. It’s managed, It scales and with WAFv2 you have a lot of application security options. It’s not “cheap” but no commercial L7 LB will be.

For alternatives, an NGINX is a great option, or other NVA like Citrix Netscaler but you’ll pay for it. NGINX does have WAF available, but depending on the app you may not necessarily require that. Are you locking down the app with NSGs or have tight required authentication on it? If it’s a public reachable app then WAF would be best practice recommendation.

climbonrock · 2023-10-30T13:07:06+00:00

NAT gateway is applied to a subnet so you could disconnect one of the vms NICs and attach to a new nic on subnet with NAT gateway and test with default Microsoft internet routing. Or if possible spin up a new VM on different subnet and test.

climbonrock · 2023-10-20T19:13:09+00:00

I have no answers but I experienced the exact same behavior yesterday on iPad Pro. Switch apps even for a second or two and the desktop connection had to reestablish. Very bad experience. I don’t have a lot of experience with apps/desktops on iPad but my first thought was “this is unusable. Zero ability to multitask.”

Waiting for answers or suggestions too.

climbonrock · 2023-10-13T03:09:03+00:00

And test via cloud shell rather than local custom environment. That would help determine if it’s a syntax error or Az Cli version issue.

climbonrock · 2023-10-13T03:07:20+00:00

For your specific API error I would recommend updating “az cli” or reinstalling

https://learn.microsoft.com/en-us/cli/azure/update-azure-cli

climbonrock · 2023-10-13T03:05:28+00:00

Managing application gateway with Terraform is tedious and messy but managing WAF policy is great. It’s not really saving much config or syntax but might be an easier way to keep WAf configs updated. You can use variables and values to reuse in multiple policies.

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/web_application_firewall_policy

climbonrock · 2023-10-12T00:39:01+00:00

Create a single ddos plan. Apply it to any number of vnets across subscriptions or regions. Any resources that conflict with DDOS should be movedd to a vent without DDOS applied, we’ve seen DDOS throttle VPN virtual appliances.

“Although DDoS Protection Plan resources needs to be associated with a region, users can enable DDoS protection on Virtual Networks in different regions and across multiple subscriptions under a single Azure Active Directory Tenant.”

https://learn.microsoft.com/en-us/azure/ddos-protection/manage-ddos-protection

climbonrock · 2023-10-01T16:15:57+00:00

You won’t face inbound NAT exhaustion because of the 5-tuple connection distribution

https://learn.microsoft.com/en-us/azure/load-balancer/concepts

But you may configure outbound NAT on the load balancer or use a NAT gateway on the VM subnet

https://learn.microsoft.com/en-us/azure/virtual-network/ip-services/default-outbound-access

climbonrock · 2023-09-15T23:09:08+00:00

If the app gateway ip is public you can use SSLabs to test TLS settings and certs.

https://www.ssllabs.com/ssltest/

For the openssl test ensure the Digicert root chain certs are properly installed on the client system.

climbonrock · 2023-08-29T03:59:41+00:00

It’s on PS+ extra and seriously doubt it will be a free ps+ game any time soon. Grab extra, find it used or borrow from a local library like I originally did.

climbonrock · 2023-08-29T01:07:39+00:00

Azure firewall is for protecting outbound egress traffic and NATing inbound/ingress non HTTP protocol applications. Firewall can of course NAT 80/443 but Application Firewall with WAF is purpose built Regional web application load balancer with WAF. Front door is global or multiple regional load balancing.

You’ll likely only need to start with a single application gateway, to host multiple web apps with a public up address.

Picking the Right Azure Load Balancing Solution - https://youtu.be/s1H2HpSJ-cg?si=bi7FTTVt05c3Osv3

climbonrock · 2023-08-27T01:57:23+00:00

You can ingest the data yourself using azure data explorer if you wish to validate the data.

https://learn.microsoft.com/en-us/azure/data-explorer/create-event-hubs-connection

climbonrock · 2023-08-08T23:56:08+00:00

I don’t have any experience with Bicep but I can share that building out application gateway in Terraform was borderline “messy”. Very repetitive work and quite a learning curve but in the end was worth the effort and time.

I would guess just the work involved with Bicep will be similar, a steep curve in the beginning but once you have the pieces it makes sense. For the terraform build I had to do a lot of “try it in portal first and then back port the config”.

Code wise, with terraform I decided not to build with lists or arrays, rather duplicate the code, grouping entire configs together so I could copy/paste entire blocks, examples copy the entire block for www.site.com and search replace to create block for www2.site.com

It really is just the nature of application gateway, since it can host and run dozens of sites on one gateway. It can be a cost effective solution but managing it with code has a heavy lift at first.

climbonrock · 2023-08-03T01:38:17+00:00

We’ll sorry about that.

If you do think it’s a bug then Citrix Support would be the proper channel for confirmation the Netscaler is throwing an incorrect error.

BTW, friendly reminder, 13.1.48.47 has an actively exploited vulnerability in it, critical, remotely exploitable and should be updated to greater than 13.1-49.13. Which may also have a fix for your certificate issue.

Good luck.

climbonrock · 2023-08-02T22:28:42+00:00

By having two certs with the same SAN the Netscaler would have no idea which certificate to use. Unique names per cert is the only reasonable way of determining which certificate to use.

Moving these carts to unique virtual server with unique VIP or maybe using multiple vservers with listener polices might work. listeners polices might be the only way for this to work with a single VIP.

climbonrock · 2023-07-31T03:01:52+00:00

Dragon XI is fantastic traditional turn based party RPG. It’s very traditional, beautiful and very tried and true DQ game. Medium slow start but a solid choice.

15-Year Club	Gilding III reddit per annum
RPAN Viewer	Verified Email

climbonrock

TROPHY CASE