well, here it is - May. so much for a good start on posting. I will do better. I kept waiting for some profound thoughts to type out and I realized that most of them have been said by others better than me. So I thin I will just post some random things that float through my head and maybe some tech notes for work. As a good friend said, google has saved my ass at work many times. I think it is time I return the favor. Here is a good tidbit -
The Juniper Intrusion Detection and prevention systems lie. Thats right, they lie. I have an IDP1100 inline and set to accept all traffic while I am baselining the network activity that flows through it. Do not ever put an IPS or a firewall inline and actively prevent traffic until you have a solid traffic baseline. There are a lot of false positives. At any rate, these bad boys are actively dropping traffic that is heavily fragmented. There are hidden logs that are not displayed by default. Once you view them you can see the traffic getting knocked down even though you specifically exempted all blocks. The only solution I have found is to make an explicit exemption from source to target and allow all traffic. Pretty weak at this point as far as a solution, but still working with Juniper to get it ironed out.
Subscribe to:
Post Comments (Atom)
2 comments:
Now that's interesting. Why so much fragmented traffic?
Im not sure. It could be because of all the traffic coming in over the WAN gets fragmented in transit over the MPLS cloud. Or it could be because our Core Switch (Extreme Black Diamond) is annhilating the traffic - but I doubt the latter. It is a network mystery.
Post a Comment