Viewing palo statistics
Useful commands to see general information on the firewall resources been used, interface and traffic statistics, and traffic counters.
Announcing Networking and Advanced Security Enhancement in NSX 4.0.1.1
We’re thrilled to announce the general availability of VMware NSX 4.0.1.1, another exciting release with updates in networking, security, and operations for private, public, and multi-clouds.
With this release, VMware NSX customers will be able to leverage accelerated NSX networking and security performance, enhanced network observability, and new network monitoring and troubleshooting features for increased flexibility.
NSX 4.0.1.1 will also deliver enhanced threat detection and prevention capabilities, helping customers bolster network defenses to block advanced threats from moving laterally across multi-cloud environments.
Read on to get the details on our latest NSX release.
Distributed Malware Prevention
The NSX Distributed Firewall has added malware detection and prevention support for Linux guest endpoints (VMs). Linux has become the most common operating system across multi-cloud environments, powering more than 78% of the most popular websites. With the recent emergence of more Linux-specific threats, and current malware countermeasures being mostly focused on addressing Windows-based threats, there is an imperative to address the specific security needs of Linux machines. Adding Linux to our prevention solution enables the NSX Distributed Firewall to provide more effective prevention coverage and fewer false positives across multi-cloud environments.
In addition, we expanded the Continue reading
Enhanced NSX Edge and Networking Services in NSX 4.0.1.1
VMware NSX 4.0.1.1 introduces exciting new capabilities and enhancements for virtualized networking and security for private, public, and multi-clouds. Check out the release blog for an overview of the new features.
Among these new features is NSX Gateway Stateful Active/Active Services. This feature delivers a key security enhancement, giving you the full power of the NSX Edge cluster for your services without worrying about bandwidth and CPU limitations. In this blog post, we’ll cover all the terminology you need to know for this new feature, as well as configuration and architecture, and design considerations.
Stateful Active/Active Services
Prior to VMware NSX 4.0.1.0, configuring NSX using any of the variety of NSX services offered by VMware required you to set up NSX Edge Gateways in Active/Standby High Availability mode. Under this configuration, traffic is forwarded through a single (Active) NSX Edge Node. So, when designing the architecture, you needed to be aware of the limits imposed by the Active/Standby mode on the bandwidth and CPU (Central Processing Unit) utilization of the node.
With the NSX 4.0.1.0 release of NSX Stateful Active/Active Services, this consideration no longer applies. This new feature makes it Continue reading
Tech Bytes: Why SASE Is An Architecture, Not A Product (Sponsored)
Today on the Tech Bytes podcast, we’ll be investigating Secure Access Service Edge, or SASE, including the current state of the market and how SASE is evolving. We’ll also look at how sponsor Juniper Networks is moving into the SASE space. Our guest is Kate Adam, Sr. Director of Security Product Marketing at Juniper Networks.
The post Tech Bytes: Why SASE Is An Architecture, Not A Product (Sponsored) appeared first on Packet Pushers.
Tech Bytes: Why SASE Is An Architecture, Not A Product (Sponsored)
Today on the Tech Bytes podcast, we’ll be investigating Secure Access Service Edge, or SASE, including the current state of the market and how SASE is evolving. We’ll also look at how sponsor Juniper Networks is moving into the SASE space. Our guest is Kate Adam, Sr. Director of Security Product Marketing at Juniper Networks.Network Break 406: Gluware Adds API Modeling To Network Automation; Arista Revenues Rise
This week's Network Break covers new features in Gluware and Aviatrix, new servers from HPE, and new partner specializations from Cisco. We also cover financial results from Fortinet and Arista and Russian threats against commercial satellites.
The post Network Break 406: Gluware Adds API Modeling To Network Automation; Arista Revenues Rise appeared first on Packet Pushers.
Network Break 406: Gluware Adds API Modeling To Network Automation; Arista Revenues Rise
This week's Network Break covers new features in Gluware and Aviatrix, new servers from HPE, and new partner specializations from Cisco. We also cover financial results from Fortinet and Arista and Russian threats against commercial satellites.Adventures in Upgrading Netbox
I’ve been using Netbox for a while now, and, frankly, I can’t live without it. If you’ve never heard of it, it’s a Source of Truth for your network automation tasks started by Jeremy Stretch. I use it to document my networks (hardware inventory, subnets, physical connections, etc.), which provides my automation tasks a place to pull and push all sorts of information like management IPs, rack locations, power connections, network drops…the list goes on. In better words, your automation tools can ask Netbox what the state of your network is, and send it an update if that tool discovers something different. There are plenty of better places to discuss the benefits of a Souce of Truth, so just do the Googles for it.
My production instance is running Netbox 2.7.6, which is very old. The latest version of Netbox as of today is 3.3.7, so that should tell you how far behind we are. I’ve had mine running for over two years, and, in the meantime, the world has moved forward. If I update the server it’s running on (Ubuntu 20.04), then Netbox breaks. Yes, it’s so far behind Continue reading
Continuity is Not Recovery
It was a long weekend for me but it wasn’t quite as long as it could have been. The school district my son attends is in the middle of a ransomware attack. I got an email from them on Friday afternoon telling us to make sure that any district-owned assets are powered off until further notice to keep our home networks from being compromised. That’s pretty sound advice so we did it immediately.
I know that the folks working on the problem spent the whole weekend trying to clean it up and make sure there isn’t any chance of getting reinfected. However, I also wondered how that would impact school this week. The growing amount of coursework that happens online or is delivered via computer is large enough that going from that to a full stop of no devices is probably jarring. That got me to thinking once more about the difference between continuity and recovery
Keeping The Lights On
We talk about disaster recovery a lot. Backups of any kind are designed to get back what was lost. Whether it’s a natural disaster or a security incident you want to be able to recover things back to the way Continue reading
Adventures in Upgrading Netbox
I’ve been using Netbox for a while now, and, frankly, I can’t live without it. If you’ve never heard of it, it’s a Source of Truth for your network automation tasks started by Jeremy Stretch. I use it to document my networks (hardware inventory, subnets, physical connections, etc.), which provides my automation tasks a place to pull and push all sorts of information like management IPs, rack locations, power connections, network drops…the list goes on. In better words, your automation tools can ask Netbox what the state of your network is, and send it an update if that tool discovers something different. There are plenty of better places to discuss the benefits of a Souce of Truth, so just do the Googles for it.
My production instance is running Netbox 2.7.6, which is very old. The latest version of Netbox as of today is 3.3.7, so that should tell you how far behind we are. I’ve had mine running for over two years, and, in the meantime, the world has moved forward. If I update the server it’s running on (Ubuntu 20.04), then Netbox breaks. Yes, it’s so far behind Continue reading
Understanding the Power Benefits of Data Processing Units
The use of hardware acceleration in a DPU to offload processing-intensive tasks can greatly reduce power use, resulting in more efficient data center.Tier 1 Carriers Performance Report: October, 2022
The post Tier 1 Carriers Performance Report: October, 2022 appeared first on Noction.
netlab Release 1.4.0: EVPN Asymmetric IRB, Anycast Gateways, VRRP
The big three features of the netlab release 1.4.0 are:
- EVPN asymmetric IRB on Arista EOS, Cumulus Linux, Dell OS10, Nokia SR Linux, Nokia SR OS and VyOS
- Anycast gateway on Arista EOS, Cumulus Linux, Nokia SR OS and Nokia SR Linux
- VRRP on Arista EOS, Cisco IOSv/CSR, Cisco Nexus OS, Cumulus Linux and Nokia SR OS
We also added tons of new functionality, including:
netlab Release 1.4.0: EVPN Asymmetric IRB, Anycast Gateways, VRRP
The big three features of the netlab release 1.4.0 are:
- EVPN asymmetric IRB on Arista EOS, Cumulus Linux, Dell OS10, Nokia SR Linux, Nokia SR OS and VyOS
- Anycast gateway on Arista EOS, Cumulus Linux, Nokia SR OS and Nokia SR Linux
- VRRP on Arista EOS, Cisco IOSv/CSR, Cisco Nexus OS, Cumulus Linux and Nokia SR OS
We also added tons of new functionality, including:
Integer handling is broken
Floating point can be tricky. You can’t really check for equality, and
with IEEE 754 you have a bunch of fun things like values of not a
number, infinities, and positive and negative zero.
But integers are simple, right? Nope.
I’ll use “integers” to refer to all integer types. E.g. C’s int,
unsigned int, gid_t, size_t, ssize_t, unsigned long long, and Java’s
int, Integer, etc…
Let’s list some problems:
- You can’t parse unsigned integers in C/C++ with standard functions.
- Casting between types silently discards information (C, Java, Go, Rust, Haskell).
- Casting between some other types changes the semantic meaning of the number, even when technically no information is lost.
- The state of integers in Javascript is its own mess.
What’s wrong with casting?
Casting an integer from one type to another changes three things:
- The type in the language’s type system.
- Crops values that don’t fit.
- May change the semantic value, by changing sign.
The first is obvious, and is even safe for the language to do implicitly. Why even bother telling the human that a conversion was done?
But think about the other two for a minute. Is there any reason that you want your Continue reading
Hedge November Update
November update on upcoming shows and training. My upcoming training on Safari Books Online is here.
Must Read: Routing Will Never Be a Solved Problem
Mark Seery wrote a fantastic must-read article explaining why routing will never be a solved problem.
You might want to enjoy it as a relaxing antidote after a painful exposure to SD-WAN (or SD-something-else) brainwashing.