Image Swap: ASA to FTD

Firewalls are a necessary component in any network environment, especially in an enterprise. Take a look at your front door, would you remove it permanently? Firewalls have evolved over the years from simple gatekeepers to complex security solutions that integrate with the rest of the network. Imagine if you could program your front door to only allow people in who wore green shirts. Once inside they would only be able to walk into the living room…on a Tuesday. My own firewall journey started years back on Juniper SSG350s then onto ASA and Palo Alto. I am currently looking into Cisco’s Firepower Threat Defense (FTD). As a fan of most things Cisco (ASA CX anyone?), FTD adds visibility to the rest of the ecosystem that might include AMP, ISE and Stealthwatch. With an ASA 5512-X in hand, my mission is to replace its ASA image with FTD. Continue reading Image Swap: ASA to FTD

New Location, Who Dis?

Building a network for a new site from the ground up is great experience for engineers and administrators. However, if you are not organized it can also be a nightmare. Companies all over the world handle the “New Site” process differently. The way you maneuver through the project depends on the size of the organization as well as the teams involved. Some places have a complete Project Management Org that will take your project, organize it, shine it up and help you complete it. Project Managers can be a big help by following up with vendors, partners and making sure the teams are meeting deadlines among other things. However, sometimes you might not have a team of PMs helping you. You might be the PM for your particular “New Site” project. Whether or not you are the one doing everything or just the racking of equipment the following items or milestones are just reminders of tasks to keep in mind. Continue reading New Location, Who Dis?

Do it Live: Cisco Umbrella

Can you give me a list of all the destinations employees at your company are browsing to on the internet in the office and out? Would you know if all of those sites are safe? Are they clicking on those “Free Tablet Just For You!!!!!!” email links? The internet can be a dangerous place. DNS helps users easily reach destinations. Who is going to remember the IP addresses to hundreds of sites? However, DNS can lead users to malicious destinations as well. You might have a need to protect users or enforce company policies at the DNS level.
This post will be a review of Cisco Umbrella. We’ve been using it in production. This will by no means serve as deployment instructions. Please refer to Cisco Umbrella’s documentation for those. These are just my thoughts on how the process went. Continue reading Do it Live: Cisco Umbrella

Beyond Engineering

So you are interested in networking? I don’t mean attending gatherings, handing out business cards, shaking hands and kissing babies. I mean being a network engineer or administrator? Perhaps you just started the journey at a company and feel slightly lost. If you are, then the following paragraphs are meant for you. This is not only meant to be a motivator to continue learning and applying, but here you will find three things to look for or try to work on that can push you upwards in the work place.

Whether you are part of a small team, large team or riding solo there is much more to network engineering. Sure, there are days where it seems like everyone needs a port configured, but there will be times where you can bring forth your ideas into fruition. There will be times where you look around and figure out ways to improve existing infrastructure. You might be interested in pursuing certain software that can improve a process or provide valid insight. You might want to create or update documentation. You might just want to improve certain aspects of a network, such as routing or security. These are all good things to do, time-permitting and team-willing. If you have good ideas bring them up to your team or your manager. This will not only be a good way to learn, but you can excel career-wise by getting involved and pursuing ways to improve your company. Continue reading Beyond Engineering

Data Center Move: A Perspective

Have you ever had a work-related dream that you’ve woken up from and were thankful it was just a dream? Designing and executing the network for a new data center will definitely give you a few night terrors. I recall the night before our data center move, I dreamed that I woke up late on the day of the move. That’s not too bad right? Well for some reason, in my dream the data center was in another state instead of an hour away. Then my car did not start; I had to “borrow” a car and I got lost on the way there. Again, I was thankful it was a dream. The actual move went a bit smoother. However, these types of projects can be real nightmares for teams. The main thing to do is plan. You the follow this with a few healthy doses of additional planning. Continue reading Data Center Move: A Perspective

Network Devices: Easy Config Tips

If you work in networking, you probably take care of the switches and routers in your environment or have some input on what happens with them. Switches are the doorway to the network. Even if you have a wireless device, the access point you connect to is probably connected to a switch. This is where your PCs, TVs, appliances and many other wired devices connect. Routers can manage connections in and out of your environment along with a plethora of other services. Everyone should have a template or standard config they use on any network device. With today’s tools and services like Prime Infrastructure or DNA Center, you can spread that configuration around or deploy it to new sites; however, you still need a config to apply. Different scenarios and environments call for different configuration, but there are always those sets of commands you can use everywhere. The goal of this writing is to share a few commands that are helpful and I typically apply. Most of these are commands you spot all over certification studies and others I’ve seen other engineers use.
Yes, you probably memorized every single command from the CCNA and even the CCNP…but did you apply them all on every single port? Sometimes, unless there is a need you might not have to. I call it, situational configuration. Apply what you need and what will keep the environment secure. The important piece is to be consistent. On switches, VLANs might be different for each interface, but why would some of your switches have “enable password” and others have “enable secret”? Continue reading Network Devices: Easy Config Tips

The Importance of Network Documentation

You just purchased a fancy new bookshelf from your favorite store that gives furniture funny names. You carefully place the gigantic box for this bookshelf, or as they call it a “bookenspiel” in your living room and cut the box open. There are a so many parts! The manufacturer seems to have crammed in half the world into the box. Building this bookshelf looks a bit daunting now. At the store, the bookshelf did not look like it would be this complicated to build. You continue taking bags of parts, boxes of parts and pieces of wood out. If it was not for the instruction manual you would have flung everything out of a window. The instruction manual lets you build the bookshelf. It takes half a day, but you get it done. However, imagine for a moment if there was no instruction manual. This half a day build becomes a full day or much longer. As a matter of fact, it might be so frustrating you give up. That instruction manual makes a huge difference. Documentation matters. Continue reading The Importance of Network Documentation

MPLS: Creating an Internet Off-ramp

Yes, MPLS circuits are still being used by companies out there. Shocking! Well, actually it’s not. Even though there continues to be growth in low-cost broadband connections, some companies still utilize MPLS circuits back to their data centers from their branches around the world. Companies continue to use these circuits to connect their sites to each other. The reasons for this varies from company to company. Perhaps it is security, stability or even just a long provider contract that keeps them out there. Either way, MPLS will still be in play for some time. Many companies have not fully embraced the cloud. They host important applications in-house in a data center. Some companies funnel their branch traffic through their data center as its heads out to the internet. This has its benefits. You might only need centralized firewalls or other appliances since all traffic exits via the same egress. Companies still do this as it does save money; however as the adoption of cloud grows, this method starts to see issues. Continue reading MPLS: Creating an Internet Off-ramp