Tag Archives: firewall

Install FreeBSD into a headless machine using serial console cable

I have received a checkpoint firewall that has 2GB of ram and running a D525 CPU. I was thinking what can i do with it. Then i start doing the project that has been in my mind for a long time, which is to use FreeBSD as a firewall.

There is a main purpose of using FreeBSD is I want to use it as a bandwidth control device. Therefore, I start setting up the FreeBSD firewall before I get into the bandwidth control. Long story short, let s dive into the headless FreeBSD installation.

Continue reading

Convert Cisco FTD to ASA firmware

The Cisco firewall comes with the FTD firmware by default, and there are several reasons of using the ASA firmware on this Cisco new firewall. I have attached the steps below to let the Cisco firewall to run the ASA firmware by re-imaging it.

This is the same way to change from ASA firmware to FTD firmware.

Continue reading

IPv6 over IPv4 in SRX

IPv6 is another up coming trend on the internet. Since most of the ISPs do not provide the IPv6 service, how do we enjoy or experience the IPv6 benefit??
There are some IPv6 brokers on the internet that we can use IPv6 service over the existing IPv4 service. Some of the brokers are Hurricane Electric, Hinet, and etc….
There are some sample setup guide are already included in their website already, but their guide makes the SRX to route the IPv6 packets without policy restrictions capability. So I will attach mine as a reference for using IPv6 in flow mode.
SRX-IPIP
Continue reading

Cisco ASA – simple 1 to 1 NAT and firewall policy setup

For those who had been working with Cisco routers, setting up a Cisco ASA stateful policy is as simple as setting up an ACL.  By default, ASA would drop any TCP connection that doesn’t have a session record created with a sync packet. In that case user doesn’t require to a setup ACL for return traffic like working with routers.
In this example, we have 192.168.104.250/32 as the server in the DMZ and have the have NAT 1 to 1 incoming traffic mapping applied to allow internet user accessing the http service only.
The IP address of the firewall is 10.50.2.10/29, and we will assign the mapping of the server to another external IP address of 10.50.2.11
20161215-vasa-lab-nat Continue reading

Cisco ASA – routing sample

In this post, I will show you guys how to setup a Cisco ASA firewall serves as a layer 3 packet transfer device. The example will be demonstrate with 192.168.3.10/32 machine accessing to 9.9.9.92/32 via IPerf. There is only simple routing and has no NAT involve.
In this setup, the ASA is acting as the gateway between office network and the internet. The 192.168.3.0/24 is the internal subnet and 10.0.0.20/30 is the internet. There are couple areas we have to handle, and they are routing, and policy. Since ASA is a stateful device, we have to apply policy to allow internal network to access external network, but not vise versa.
Continue reading