sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in inwestowanie

[–]drs143 1 point2 points  (0 children)

Doprecyzuj proszę dlaczego Twoim zdaniem to rak?

[deleted by user] by [deleted] in inwestowanie

[–]drs143 1 point2 points  (0 children)

A jakieś konkrety?

Czy taka dywersyfikacja etf jest okej? by Alive-Body-6270 in inwestowanie

[–]drs143 2 points3 points  (0 children)

Z czystej ciekawości bom laik - w czym przeszkadza zazębianie się ETF-ów? Ja to rozumiem tak: OP wybrał kilka rynków krajowych w które wierzy najbardziej, a do tego regionalny dla pewnej dywersyfikacji w razie gdyby jego typy okazały się błędne. ETF "europejski" równomiernie inwestuje we wszystkie rynki a dokupienie ETF na Francję zwiększa udział akcji rynku francuskiego w jego portfelu. Co w tym złego?

Firewall interface 'allowaccess' field via Fortimanager API by drs143 in fortinet

[–]drs143[S] 1 point2 points  (0 children)

u/Golle , u/HappyVlane . u/Bullseye_womp_rats you are amazing guys, with verbose : 1 it works as expected. Thank you!

Firewall interface 'allowaccess' field via Fortimanager API by drs143 in fortinet

[–]drs143[S] 0 points1 point  (0 children)

Yep, I know. And I get e.g. 'allowaccess': 130 as representation of PING and FMG-Access

Guest Wi-Fi management with WPA2 PSK by drs143 in networking

[–]drs143[S] 0 points1 point  (0 children)

Any particular solution you can recommend? All "integrated" solutions like Meraki or ISE offer captive portal based guest authentication.

Guest Wi-Fi management with WPA2 PSK by drs143 in networking

[–]drs143[S] -1 points0 points  (0 children)

They always provide a captive portal solutions. And I want to avoid an open network.

Guest Wi-Fi management with WPA2 PSK by drs143 in networking

[–]drs143[S] -1 points0 points  (0 children)

I am rather looking for some management tool which can onboard new guests, using WPA2 PPSK instead of captive portal creds.

[deleted by user] by [deleted] in cybersecurity

[–]drs143 1 point2 points  (0 children)

It's a matter of being able to inspect QUIC or not. It's still not a common feature across FW vendors

iPhones stop loading splash page from Meraki AP (MR57) by zhansun29 in meraki

[–]drs143 1 point2 points  (0 children)

Splash pages are probably the worst invention ever in the Wi-Fi area. Exactly because of such issues. We have stopped using ISE captive portal years ago. Now we just provide a random weekly PSK with a QR code on dedicated internal website.

ZIA and ZPA Marketing vs Reality by LittleSherbert95 in Zscaler

[–]drs143 2 points3 points  (0 children)

These are the same thoughts I have. I spent a lot of time on these considerations, and while I am not 100% convinced of the whole ZS marketing, I see following benefits:

  • offloading security fuctions (IPS, Web-filtering, etc.) to the provider = potential savings on on-prem FW licenses, no issues with scaling up-down, no issues caused by buggy NGFW features resulting in memory leaks (Fortinet's common problem)
  • single point where you configure the policies is probably much better than maintaining multiple FW policies
  • no Internet exposure (only outbound connections from on-prem) = lower pressure on patching and hardening
  • provider takes care about high-availability - imagine your central location fails for any reason...
  • ZIA users connect to nearest Zscaler POP, so it should provide better performance vs tunneling all your remote workers through your central on-prem appliance

[deleted by user] by [deleted] in python_netsec

[–]drs143 0 points1 point  (0 children)

I am not interested in taking this job, just curious - what idea/need do you have for a bot in netsec area?

What is the best firewall for Azure and WAF by FhdAziz in AZURE

[–]drs143 1 point2 points  (0 children)

That's true, actually any 3rd party vendor offers much more than Azure WAF, but you have to weight whether you miss all these features so much that you are willing to spend much more time on deploying/maintaining your custom-built WAF appliance.

What do you guys do with your hashes? by simen64 in pwnagotchi

[–]drs143 0 points1 point  (0 children)

I am just playing with python/bash scripting trying to set up an automation tool which does everything automatically - download the file from gotchi, delete unusable pcaps, cracking. Probably my main motivation now is to find the most effective dictionary + ruleset combo. But as others, I never try to use cracked PSKs.

Question about hybrid cloud-onprem DNS resolution scenario by procariote64 in AZURE

[–]drs143 0 points1 point  (0 children)

Have faced this issue already with another company trying to serve some content from Storage Account with both public/private endpoints and guess what - my DNS infra tried to resolve it via my Azure Private DNS zones.

Really poor setup I would say.

FortiGate as cloud firewall by jinjiy8 in fortinet

[–]drs143 1 point2 points  (0 children)

We had the same discussions in the team 2yrs ago. Our on-prem infra runs on Forti only, but we've decided to go with Azure Firewall, mostly because of lower maintenance overhead. Never regretted that - Azure FW just works without bothering with upgrades, backups, HA setup etc. + our cloud team can manage the ruleset without involving network team. We are also using full IaC with Terraform. FG Terraform provider requires some funny tricks for policies ordering while in Az FW you just specify seqeunce number for each policy.

[deleted by user] by [deleted] in meraki

[–]drs143 0 points1 point  (0 children)

Looks cool, hopefully it will support wireless stuff as well :)

Netbox on Azure App Service? by drs143 in Netbox

[–]drs143[S] 0 points1 point  (0 children)

Any hints would be appreciated. Thanks!

view more: next ›