Palo Alto service insertion for Cross Vcenter NSX-V References: Multi-site with Cross-VC NSX and Palo Alto Networks Security https://blogs.vmware.com/networkvirtualization/2016/09/multi-site-cross-vc-nsx-palo-alto-networks-security.html/ Cross Vcenter NSX design guide https://blogs.vmware.com/networkvirtualization/2016/07/nsx-v-multi-site-options-cross-vc-nsx-design-guide.html/ Palo Alto service insertion in a single vcenter hosted in single DC A brief about the Software Defined Data Center topology above: - A single vcenter.- A single NSX manager- … Continue reading Palo Alto service insertion for Cross Vcenter NSX-V
Category: Security
Troubleshooting Distributed Firewall in NSX-V – How to check firewall rules for a VM
Troubleshooting Distributed Firewall in NSX-V Blog reference: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.troubleshooting.doc/GUID-20234847-3E7A-4FE8-AEE1-31FFB3652481.html In my earlier post on Microsegmentation, we referenced the below topology and we put the workloads for different tiers - Web, App and DB on the same NSX Logical Switch.With NSX micro segmentation, firewall is applied at vnic level of each virtual machine. Topology Below firewall rules … Continue reading Troubleshooting Distributed Firewall in NSX-V – How to check firewall rules for a VM
VMware NSX Microsegmentation – Securing Collapsed Architectures
VMware NSX Microsegmentation - Securing Collapsed Architectures As depicted in above topology, NSX-V Distributed Firewall feature is enabled. And as shown in figure above, firewall is effectively applied at each vNic of virtual machine. In this topology: BGP is used as routing protocoliBGP is used within NSXeBGP is used between NSX edges and the physical … Continue reading VMware NSX Microsegmentation – Securing Collapsed Architectures
VMWare NSX Distributed Firewall
We tried to cover VXLAN and VXLAN traffic flow earlier. Every solution has three main components to it - Management, Control and Data Plane. NSX Manager is the management component of VMware NSX solution We now try to know more about Data Plane components of NSX. Data Plane of NSX has: · Logical Switch · … Continue reading VMWare NSX Distributed Firewall
DNS Sinkhole feature on Palo Alto Firewall
DNS Sinkhole feature on Palo Alto Firewalls References: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/60/pan-os/NewFeaturesGuide/section_3.pdf https://www.sans.org/reading-room/whitepapers/dns/dns-sinkhole-33523 Why use DNS Sinkhole? Picture this that you have infected hosts on your network that are connecting to malicious websites, websites and portals that are totally not secure. DNS resolution and DNS queries play a vital role here in such communication. When there is a … Continue reading DNS Sinkhole feature on Palo Alto Firewall
Content Filtering Techniques on Palo Alto Firewall
Content filtering techniques on Palo Alto firewall 1. URL filtering URL filtering allows you to block web browsing based on URL category. For example, you could block these categories available on Palo Alto - abused drugs, alcohol and tobacco, phishing, peer to peer. Palo Alto also allows you to check URL category for a particular … Continue reading Content Filtering Techniques on Palo Alto Firewall
Protecting passwords from brute force and dictionary attacks
Reference: Sybex Study Guide for CISSP Protecting passwords from brute force and dictionary attacks requires numerous security precautions and rigid adherence to a strong security policy. First, physical access to systems must be controlled. Second, tightly control and monitor electronic access to password files. End users and non– account administrators have no need to access the password database file … Continue reading Protecting passwords from brute force and dictionary attacks
Networking & Security 