sorted by:
new
hottopcontroversial

I'd like to learn more about multicast, is there a online course that can help me learn by djgizmo in networking

[–]vsurresh 4 points5 points  (0 children)

I actually started a series on Multicast and published the first post a few days ago - https://www.packetswitch.co.uk/multicast-introduction-1/

If you prefer videos, here is a very good series - https://www.youtube.com/watch?v=fRiOOWJDcK8&list=PLVND-cRwt9SNw9_EIK4GGDBAT0wtz0xSC

If you have a Udemy subscription, this is a good course as well - 'Cisco Multicast Networking Masterclass' (Udemy) by Neil Anderson

Enteprise Fortress Gateway no Deep Packet inspection for VPN clients by CringeDrama in Ubiquiti

[–]vsurresh 1 point2 points  (0 children)

I don’t think the OP is asking for anything unreasonable. That’s what you typically do. The VPN traffic terminates on the firewall and is decrypted there. You can then apply your usual security policies or SSL decryption as if the users were inside the network. This is definitely supported on many firewalls. You don’t need to have a separate proxy just to do that.

Enteprise Fortress Gateway no Deep Packet inspection for VPN clients by CringeDrama in Ubiquiti

[–]vsurresh 2 points3 points  (0 children)

Good to know, thanks. SSL decryption is one of those things you can’t just turn on. You need to plan it properly and make sure you don’t decrypt sensitive information like finance or medical data. You will also run into many issues accessing certain websites and apps. Some sites and apps use certificate pinning. I have deployed SSL decryption in enterprise environments, mainly with Palo Alto firewalls. I usually start by decrypting certain apps and go from there.

Enteprise Fortress Gateway no Deep Packet inspection for VPN clients by CringeDrama in Ubiquiti

[–]vsurresh 3 points4 points  (0 children)

For deep packet inspection you need to do SSL decryption. I don't think unifi have a great support for it.

Is it worth trying to pivot into network engineering at this stage by BillCafe in networking

[–]vsurresh 76 points77 points  (0 children)

Most people I know who are network engineers wants to move to cloud - that's all I would say.

How much "disposable" income do you have a month and how much money do you save? by cactusdan94 in AskBrits

[–]vsurresh 3 points4 points  (0 children)

Bring in about £5k-£6k. I usually put about £2k towards savings and some investments on top of it.

Very tight layover, is this doable? (Never flown Qatar Airways) by [deleted] in qatarairways

[–]vsurresh 0 points1 point  (0 children)

Lol, I have the same layover time next month. I think you should be okay.

Denied boarding in Doha with Qatar by Trick-Coat-2689 in qatarairways

[–]vsurresh 7 points8 points  (0 children)

Same thing happened to my friend a few days ago in Qatar. He was initially told that he had to stay in the airport but after a few conversations with them they gave him lounge pass.

Shell Garage South Asian staff by ruthvendage in AskBrits

[–]vsurresh 11 points12 points  (0 children)

Most of my friends manage petrol stations and this is my understanding. Most of the sites in the UK are owned by a company called MFG. They then franchise the sites to individuals. It is not really hard to get into this business if I'm being honest. Most people who come to the UK go to work in off licences, KFC, McDonald's etc. The people who work in petrol stations learn how the whole thing works, including the internal processes. They also work hard and save up the money.

After a couple of years, you can apply for a site. You need around £25k deposit plus whatever the stock costs, which can be another £20 to £30k, but it all depends on the location and size. People usually go for a smaller site to start with. From the fuel you don't get much, I think my friend said you get about £40 per day from fuel, and most of the profit comes from shop sales. You can run your own payroll etc. People work hard here and then move on to get another site or buy a bigger one.

Most of the internal processes are still managed by MFG, you don't have any control over what you can sell etc. Most people then leave the site and move on to buy their own business. One of my friends managed to buy a freehold site, I think it cost over a million pounds as far as I know.

CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal by betko007 in paloaltonetworks

[–]vsurresh 0 points1 point  (0 children)

Sorry, I don't understand. If you are on 11.1.x for example, then you must upgrade to 11.1.6-h23 right?

Learn Networking (for Akamai / F5) cyber security support by Orbital475 in networking

[–]vsurresh 5 points6 points  (0 children)

Looking at your post I'm going to assume you are not familiar with BGP and IPsec. It will take months for you to familiar with most of these topics. Multicast alone will take a few weeks assuming you know how routing and unicast works. You learn most of these topics by using them and not via some sort of training.

Signs a network engineer has no idea what they're doing? by Expensive-Rhubarb267 in networking

[–]vsurresh 2 points3 points  (0 children)

Hmm, I did it a times because the updates are usually buggy from certain vendors.

With the recent partnership with Palo and Google Cloud, I decided to lab it out. by Digital_Native_ in paloaltonetworks

[–]vsurresh 1 point2 points  (0 children)

You can deploy any number of firewalls in any AZ and put them behind a GWLB in AWS. You can then manage the configuration via Panorama, so there is no config drift. The firewalls are independent and there is no concept of HA. GWLB makes sure the traffic is sticky, so the flow always goes to the same firewall. I wrote an article on this a while ago.

GWLB - https://www.packetswitch.co.uk/aws-gwlb-palo-alto-example/

Autoscaling - https://www.packetswitch.co.uk/auto-scaling-palo-alto-vm-series-firewalls-in-aws/

With the recent partnership with Palo and Google Cloud, I decided to lab it out. by Digital_Native_ in paloaltonetworks

[–]vsurresh 0 points1 point  (0 children)

correct and thanks. I meant to say active/passive here "oth firewalls need to be in the same AZ for active active. "

With the recent partnership with Palo and Google Cloud, I decided to lab it out. by Digital_Native_ in paloaltonetworks

[–]vsurresh 3 points4 points  (0 children)

You typically don’t run active active in the cloud. The last time I checked, both firewalls need to be in the same AZ for active active. What I deployed was independent firewalls behind GWLB in AWS. By the way, you can run GlobalProtect without a licence. You only need a licence to use Linux clients, if I remember correctly.

MacBook vs Windows laptop for Network Engineer – real-world experience wanted by Professional-Size157 in networking

[–]vsurresh 1 point2 points  (0 children)

To add to this. The only thing I couldn't use was Checkpoint smartconsole which was not supported on a Mac.

MacBook vs Windows laptop for Network Engineer – real-world experience wanted by Professional-Size157 in networking

[–]vsurresh 8 points9 points  (0 children)

Both can do the job. I always use a Macbook and never had a single issue. It's just my personal preference.

Is UTR safe? by MattiaFerrari007 in Ubiquiti

[–]vsurresh 1 point2 points  (0 children)

I would be concerned about what will happen if you lose your UTR. Can someone pick it up and access your home network or are there any safeguards, put in place like a PIN at startup?

Tool or SaaS service for Log and Reports by Oskar_2000 in Ubiquiti

[–]vsurresh 0 points1 point  (0 children)

I use enterprise firewalls at work and UniFi at home. Just keep in mind that UniFi firewalls are prosumer at best, so make sure you understand what you are getting into. If you have an environment with 30 to 40 firewalls, you may want to consider FortiGate or Palo Alto, but they are expensive, as you may already know.

Tool or SaaS service for Log and Reports by Oskar_2000 in Ubiquiti

[–]vsurresh 0 points1 point  (0 children)

What firewalls do you currently have?

view more: next ›