• Best VPN Service for 2017

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

OSPF LSA Types - Purpose and Function of Every OSPF LSA

Posted in OSPF Routing Protocol

OSPF LSA Types - Purpose and Function of Every OSPF LSA - 4.8 out of 5 based on 6 votes

Our previous article explained the purpose of Link State Update (LSU) packets and examined the Link State Advertisement (LSA) information contained within LSU packets. We also saw the most common LSA packets found in OSPF networks. In this article we’ll be diving deeper to analyse all eleven OSPF LSA Types using network network diagrams and examples to help understand when each LSA type is used and how they keep the OSPF network updated.

LSA Types - Quick Overview

Before we begin, let’s take a quick look at the different type of OSPF LSA packets we’ll cover:

  • LSA Type 1: OSPF Router LSA
  • LSA Type 2: OSPF Network LSA
  • LSA Type 3: OSPF Summary LSA
  • LSA Type 4: OSPF ASBR Summary LSA
  • LSA Type 5: OSPF ASBR External LSA
  • LSA Type 6: OSPF Group Membership LSA
  • LSA Type 7: OSPF Not So Stubby Area (NSSA) External LSA
  • LSA Type 8: OSPF External Attributes LSA (OSPFv2) / Link Local LSA (OSPFv3)
  • LSA Type 9: OSPF Link Scope Opaque (OSPFv2) / Intra Area Prefix LSA (OSPFv3)
  • LSA Type 10: OSPF Area Scope Opaque LSA
  • LSA Type 11:OSPF AS (Autonomous System) Scope Opaque LSA

The LSA payload varies in size according to the LSA type and the information it includes. The diagram below clearly shows how LSAs are contained within LSUs:

OSPF LSA Types

Figure 1. LSA Types contained within an OSPF LSU packet

As mentioned, OSPF currently supports 11 types of LSAs. Each LSA is used within specific boundaries of an OSPF network.

OSPF concepts, including router roles such as Designated Router (DR), Area Border Router (ABR), Autonomous System Border Router (ASBR), OSPF Areas and more, are analyzed in great depth in our article OSPF Basic Concepts – OSPF Areas – Router Roles. This article assumes the reader has a good understanding of basic OSPF theory and is comfortable with OSPF concepts.

LSA Type 1 – OSPF Router LSA

LSA Type 1 (Router LSA) packets are sent between routers within the same area of origin and do not leave the area. An OSPF router uses LSA Type 1 packets to describe its own interfaces but also carries information about its neighbors to adjacent routers in the same area.

LSA Type 1 Packets exchanged between OSPF routers within the same area

Figure 2. LSA Type 1 Packets exchanged between OSPF routers within the same area

LSA Type 2 – OSPF Network LSA

LSA Type 2 (Network LSA) packets are generated by the Designated Router (DR) to describe all routers connected to its segment directly. LSA Type 2 packets are flooded between neighbors in the same area of origin and remain within that area.

 LSA Type 2 Packets exchanged between OSPF DR and neighbor routers

Figure 3. LSA Type 2 Packets exchanged between OSPF DR and neighbor routers

LSA Type 3 – OSPF Summary LSA

LSA Type 3 (Summary LSA) packets are generated by Area Border Routers (ABR) to summarize its directly connected area, and advertise inter-area router information to other areas the ABR is connected to, with the use of a summary prefix (e.g 192.168.0.0/22). LSA Type 3 packets are flooded to multiple areas throughout the network and help with OSPF’s scalability with the use of summary prefixes.

 LSA Type 3 - An OSPF ABR router advertises the summarized route 192.168.2.0/24 to Area 0

Figure 4. LSA Type 3 - An OSPF ABR router advertises the summarized route 192.168.2.0/24 to Area 0

Looking at the diagram above, ABR router R2 creates a Type 3 Summary LSA and floods it into Area 0. In a similar way, ABR router R3 creates a Type 3 Summary LSA and floods it into Area 2. Type 3 Summary LSAs appear as O IA entries in the router routing table.

LSA Type 4 – OSPF ASBR Summary LSA

GFI OneConnect – Stop Ransomware, Malware, Viruses, and Email hacks Before They Reach Your Exchange Server

Posted in GFI Network Security

GFI OneConnect – Stop Ransomware, Malware, Viruses, and Email hacks Before They Reach Your Exchange Server - 5.0 out of 5 based on 2 votes

gfi-oneconnect-ransomware-malware-virus-datacenter-protection-1aGFI Software has just revealed GFI OneConnect Beta – its latest Advanced Email Security Protection product. GFI OneConnect is a comprehensive solution that targets the safe and continuous delivery of business emails to organizations around the world.

GFI has leveraged its years of experience with its millions of business users around the globe to create a unique Hybrid solution consisting of an on-premise server and Cloud-based solution that helps IT admins and organizations protect their infrastructure from spam, malware threats, ransomware, virus and email service outages.  

GFI OneConnect not only takes care of filtering all incoming email for your Exchange server but it also works as a backup service in case your Exchange server or cluster is offline.

The solution consists of the GFI OneConnect Server that is installed on the customer’s premises. The OneConnect server connects to the local Exchange server on one side, and the GFI OneConnect Data Center on the other side as shown in the diagram below:

Deployment model of GFI OneConnect (Server & Data Center)

Figure 1. Deployment model of GFI OneConnect (Server & Data Center)

Email sent to the organization’s domain is routed initially through the GFI OneConnect . During this phase email is scanned by the two AntiVirus engines (ClamAV & Kaspersky) for virus, ransomware, malware etc. before forwarding them to the Exchange Server.

In case the Exchange server is offline GFI OneConnect’s Continuity mode will send and receive all emails, until the Exchange server is back online after which all emails are automatically synchronised. All emails received while your email server was down are available to users at any moment, thanks to the connection to the cloud and the GFI OneConnect’s Datacenter.

Deployment model of GFI OneConnect (Server & Data Center)

Figure 2. GFI OneConnect Admin Dashboard (click to enlarge)

While there is currently a beta version out (Free download and Trial) - our first impressions show that this is an extremely promising solution that has been carefully designed with the customer and IT staff in mind. According to GFI – the best is yet to come – and we know that GFI always stands by its promises so we are really looking forward seeing the final version of this product in early 2017.

If you’ve been experiencing issues with your Exchange server continuity or have problems dealing with massive amounts of spam emails, ransomware and other security threats – give GFI OneConnectBeta a test run and discover how it can help offload all these problems permanently, leaving you time for other more important tasks.

Enforcing ICT Policies - How to Block Illegal & Unwanted Websites from your Users and Guests

Posted in GFI WebMonitor: Web Security & Monitoring

Enforcing ICT Policies - How to Block Illegal & Unwanted Websites from your Users and Guests - 5.0 out of 5 based on 3 votes

Enforcing ICT Policies - How to Block Illegal & Unwanted Websites for your Users and GuestsEnsuring users follow company policies when accessing the internet has become a real challenge for businesses and IT staff. The legal implications for businesses not taking measures to enforce acceptable user policies (where possible) can become very complicated and businesses can, in fact, be held liable for damages caused by their users or guests.

A good example, found in almost every business around the world, is the offering of guest internet access to visitors. While they are usually unaware of the company’s ICT policies (nor do they really care about them) they are provided with free unrestricted access to the internet.

Sure, the firewall will only allow DNS, HTTP and HTTPS traffic in an attempt to limit internet access and its abuse but who’s ensuring they are not accessing illegal sites/content such as pornography, gambling, etc., which are in direct violation of the ICT policy?

This is where solutions like GFI WebMonitor help businesses cover this sensitive area by quickly filtering website categories in a very simple and effective way that makes it easy for anyone to add or remove specific website categories or urls.

Protect your company and enforce internet access policies on any AD user, guest user, IP address and more.

How to Block Legal Liability Sites

Enforcing your ICT Internet Usage Policy via WebMonitor is a very simple and fast process. From the WebMonitor web-based dashboard, click on Manage and select Policies:

Note: Click on any image to enlarge it and view it in high-resolution

Adding a new Policy in GFI WebMonitorFigure 1. Adding a new Policy in GFI WebMonitor

At the next screen, click on Add Policy:

 Click on the GFI WebMonitor Add Policy buttonFigure 2. Click on the GFI WebMonitor Add Policy button

Palo Alto Firewall Configuration Options. Tap Mode, Virtual Wire, Layer 2 & Layer 3 Deployment modes

Posted in Palo Alto Firewalls

Palo Alto Firewall Configuration Options. Tap Mode, Virtual Wire, Layer 2 & Layer 3 Deployment modes - 4.3 out of 5 based on 6 votes

Our previous article explained how Palo Alto Firewalls make use of Security Zones to process and enforce security policies. This article will explain the different configuration options for physical Ethernet and logical interfaces available on the Palo Alto Firewall.

It’s easy to mix and match the interface types and deployment options in real world deployments and this seems to be the strongest selling point of Palo Alto Networks Next-Generation Firewalls. Network segmentation becomes easier due to the flexibility offered by a single pair of Palo Alto appliances.

Below is a list of the configuration options available for Ethernet (physical) interfaces:

  • Tap Mode
  • Virtual Wire
  • Layer 2
  • Layer 3
  • Aggregate Interfaces
  • HA

Following are the Logical interface options available:

  • VLAN
  • Loopback
  • Tunnel
  • Decrypt Mirror

The various interface types offered by Palo Alto Networks Next-Generation Firewalls provide flexible deployment options.

Tap Mode Deployment Option

TAP Mode deployment allows passive monitoring of the traffic flow across a network by using the SPAN feature (also known as mirroring).

A typical deployment would involve the configuration of SPAN on Cisco Catalyst switches where the destination SPAN port is the switch port to which our Palo Alto Firewall connects, as shown in the diagram below:

 Palo Alto Next Generation Firewall deployed in TAP mode

Figure 1. Palo Alto Next Generation Firewall deployed in TAP mode

The advantage of this deployment model is that it allows organizations to closely monitor traffic to their servers or network without requiring any changes to the network infrastructure.

During the configuration of SPAN it is important to ensure the correct SPAN source and SPAN Destination ports are configured while also enabling Tap mode at the Firewall.

The VIRL Book – A Guide to Cisco’s Virtual Internet Routing Lab (Cisco Lab)

Posted in Cisco Technologies

The VIRL Book – A Guide to Cisco’s Virtual Internet Routing Lab (Cisco Lab) - 4.8 out of 5 based on 5 votes

cisco-virl-book-guide-to-cisco-virtual-internet-routing-lab-1Cisco’s Virtual Internet Routing Lab (VIRL) is a network simulation tool developed by Cisco that allows engineers, certification candidates and network architects to create their own Cisco Lab using the latest Cisco IOS devices such as Routers, Catalyst or Nexus switches, ASA Firewall appliances and more.

Read Jack Wang's Introduction to Cisco VIRL article to find out more information about the product

Being a fairly new but extremely promising product it’s quickly becoming the standard tool for Cisco Lab simulations. Managing and operating Cisco VIRL might have its challenges, especially for those new to the virtualization world, but one of the biggest problems has been the lack of dedicated online resources for VIRL management leaving a lot of unanswered questions on how to use VIRL for different types of simulations, how to build topologies, how to fine tune them etc.

The recent publication of “The VIRL Book’ by Jack Wang has changed the game for VIRL users. Tasks outlined above plus a lot more are now becoming easier to handle, helping users manage their VIRL server in an effective and easy to understand way.

The introduction to VIRL has been well crafted by Jack as he addressed each and every aspect of VIRL, why one should opt for VIRL, what VIRL can offer and how it different from other simulation tools.

This unique title addresses all possible aspects of VIRL and has been written to satisfy even the most demanding users seeking to create complex network simulations. Key topics covered include:

  • Planning the VIRL Installation
  • Installing VIRL
  • Creating your first simulation
  • Basic operation & best practices,
  • Understanding the anatomy of VIRL
  • External Connectivity to the world
  • Advanced features
  • Use VIRL for certifications
  • Running 3rd party virtual machines
  • Sample Network Topologies

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup