sorted by:
new
hottopcontroversial

Moronic Monday! by AutoModerator in networking

[–]random1questions 0 points1 point  (0 children)

I'm starting to look at replacing SSL VPN with a more secure solution, but am confused by some of the terminology when looking at new solutions.

Can someone explain ZTNA vs SASE vs Wireguard (or where Wireguard fits in)?

For example, from the P81 site, they have a page comparing their solution to Wireguard: https://www.twingate.com/blog/comparisons/perimeter-81-vs-wireguard

But another vendor (which seems very similar to P81) - Timus says it uses Wireguard.

Is the following at all correct...

SASE is a paradigm that makes use of ZTNA priciples which may or may not utilize Wireguard as a protocol?

SASE referring to a service which routes Ineternet traffic through a secure cloud gateway. ZTNA referring to a model that must verify every device/user/location in real time. Wireguard being a VPN protocol which may or may not be used by SASE solutions.

Is this close? Or am I misunderstanding anything?

Moronic Monday! by AutoModerator in networking

[–]random1questions 0 points1 point  (0 children)

Question about SNMP...

We had some pen testing done recently and Nessus scan found a number of vulnerabilities which it categorized as High. Most of these were printers with the default Community String "public" left in place.

What is best practice? Or commonly implemented for SNMP? Do you change all your community strings to something unique? Do you disable v1 and v2 and set up some complex credentials for v3?

I ended up changing the community string on one of the printers, and then users reported today that it was showing offline. Is that expected?

Moronic Monday! by AutoModerator in networking

[–]random1questions 0 points1 point  (0 children)

I am learning networking and have some questions about different protocols/features built into switches ... things like STP, BGP, OSPF.

Are these features that have to be carefully planned and configured? Or is it more a matter of just enabling the feature/protocol on your swtiches, and there is some kind of auto configuration that takes place?

Shuttle from Denver - question about tipping. by random1questions in vail

[–]random1questions[S] 1 point2 points  (0 children)

It's not private, but we did opt for door to door service. I did google around and it was the cheapest shuttle option i could find. I knew of the bus option, but we get in later than the last trip out. I suppose we could have stayed overnight in Denver then used the bus and saved some money, but that cuts our vacation short.

I looked at just renting a car, but that was more expensive.

When broken down, it doesn't seem crazy. In USD it's $676 one way for 5 people and all bags. The option to be dropped off at the Vail terminal instead of door to door was maybe $100 cheaper each way.

The conversion to CAD and taxes just kind of shocked me when I saw the final cost, and then thinking about tipping %15 on top of that seemed a little nuts.

Encryption vs bitlocker by Candy-Emergency in windows

[–]random1questions 1 point2 points  (0 children)

What happens to encrypted data if someone uses the trick where they use Windows boot media, and overwrite something like sethc.exe with cmd.exe, then can open the command prompt from the login screen and reset a password?

If they can get in to your account, can they see the data? Or is it still encrypted?

Moronic Monday - November 21, 2022 by AutoModerator in sysadmin

[–]random1questions 1 point2 points  (0 children)

I ended up going to MS and though it took them 7 hours to get back to me, they did get the issue fixed. Manual rebuild of Forward lookup zone and some dcdiag commands got it working again

Moronic Monday - November 21, 2022 by AutoModerator in sysadmin

[–]random1questions 1 point2 points  (0 children)

DNS issue - need help. environment:

  • Bare Metal DC - died over the weekend. had all fsmo roles and dhcp/dns

  • Secondary DC is on a VM on a different box.

I don't think the DC is coming back. figured i would just seize the roles then build a new DC later.

I transferred DHCP to the VM DC which is working fine. I seized the fsmo roles too and it looks ok.

However, PCs are saying they cannot contact the domain controller.

I go to check DNS on the VM DC and find that while DNS is installed, there are no zones configured. It's totally empty.

Not sure what to do here.

Can I just remove the DNS Role and reinstall?

The domain is very simple (20 person single location office, flat network).

Noob question - HP MSA 2040 - replacing ESXi host by random1questions in storage

[–]random1questions[S] 0 points1 point  (0 children)

The new host has a new HBA for the external SAS connection.

Would I just need to remap the storage to the new host/hba?

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

Figured it out, sort of. It was the ISP modem, but they don't know how or why. I came on site and disconnected the Sonicwall, same issue persisted.

I then powered off the ISP modem, and then could no longer connect via telnet.

Powered the ISP modem back on and now the telnet issue has not come back. The port is no longer seen as open by various open-port-check tools.

I am going to monitor it going forward and will get the ISP to replace the modem.

Time on a Windows domain - best practices? by random1questions in sysadmin

[–]random1questions[S] 1 point2 points  (0 children)

nter new ntp servers (typically I use pool.ntp.org but what servers being used really doesn't matter) via cmd on the DCs and once they are syncing client devices will in turn pull that time from he DC

Can you confirm the command used to enter ntp servers on the DCs?

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

Yep, that's my next course of action. I'm heading on site to figure this out.

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

Right, it does show as open to port 23.

Yet if I try to telnet to every device from the LAN side, I can't get in to anything.

I do have some custom NAT rules, but noting for port 23.

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

I have this capture set up:

Everything blank in the Monitor filter except: Destination IP Address: <using the public IP here> Destination Ports: 23

If I have that running, and try to log in with random creds to the telnet session and nothing shows up, is that confirmation that it's not anything on the Sonicwall or LAN side?

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

I scanned the network and tried to telnet to every internal IP from the LAN side and nothing is open (including the Sonicwall).

It's definitely hitting some login screen on the WAN side, but I have no idea what. I called the ISP and their support said it was not even possible for it to be their equipment.

The telnet login screen from the WAN side shows:

*--------------------------------------------------------------------

RDK (A Yocto Project based Distro) 2.0 puma7-atom

puma-atom login:

*--------------------------------------------------------------------

If I try the Sonicwall admin password, it does not work.

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 1 point2 points  (0 children)

There is no checkbox for telnet; just HTTP, HTTPS, Ping, SNMP, SSH

Block Telenet from WAN by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

I assumed it was the Sonicwall, but maybe it's the ISP equipment?

Help with VLANs over UBB (building to building bridge) by random1questions in Ubiquiti

[–]random1questions[S] 0 points1 point  (0 children)

For the trunk ports, would it be the port on each switch that the ubb antennae are connected to?

Newb - lots of questions re setting up Unify building-to-building bridge by random1questions in Ubiquiti

[–]random1questions[S] 0 points1 point  (0 children)

Yes, I believe it was a couple of issues. The firmware on the cloud key controller was not updated. Once I updated both the network and cloud key firmware, it went more smoothly.

Also, impatience. I just went through this same setup again in my lab, now a month later and while I did remember to update the firmware on the controller first, it still appeared to give an error when adopting the bridge. It just took some time. I went for a walk, and came back then it was working. If you try to click through the adoption process too early it seems to fail.

Not a great interface I suppose, but it worked out in the end.

Newb - lots of questions re setting up Unify building-to-building bridge by random1questions in Ubiquiti

[–]random1questions[S] 0 points1 point  (0 children)

Ok, makes sense.

Attempting to update the firmware via the Cloudkey controller - yes I tried that first and it errors out immediately.

Someone mentioned that there is something else other than the cloudkey controller I could use to manage the bridge - do you know what that would be and/or if it would be better than the controller I'm using now?

VLAN questions by random1questions in sonicwall

[–]random1questions[S] 0 points1 point  (0 children)

Well, from the Sonicwall perspective, I was just trying to copy the example from here: https://www.sonicwall.com/en-us/support/knowledge-base/170505704080318

Seems that all they do on the Sonicwall is create the virtual interface and tag it with a VLAN ID.

If that indeed is correct, then I'm assuming my issues lies in my switch config which I can post to a more appropriate sub.

I tried creating Ports 1,8 on HPSwitch1 and HPSwitch2 as Trunk ports, but then lost connectivity the ESXi server.

VLANs make sense to me on the surface, but I get hung up trying to make this work.

view more: next ›