VCP5 Passed

 VCP5, VMware  3 Responses »
Feb 212012
 

I’ve been a VCP3 (VMware Certified Professional) for awhile, and was reminded by VMware that if I wish to become a VCP5, I could do so by sitting a 2 day “What’s New” in vSphere 5 course and taking the exam before the 29th of Feb. If you leave it any later, you must sit a 5 day course all about the wonders of vSphere 5. This costs a fair amount of money.

There are some phenomenal resources out there to aid you in your studying, and I can highly recommend the following sites which helped me out no end:-

Continue reading »

 Posted by Harry at 11:29 PM  Tagged with: , , ,

CCIP/CCIE Studying

 Personal  No Responses »
Jan 122012
 

As I mentioned previously, I’ve recently started a new job, and its given me a spur to get back into studying. There are some weird and wonderful technologies covered at my new work place, and getting to grips with them is going to be my immediate priority in the coming months.

I hope to be able to write about them as I study them, so watch this space. Continue reading »

 Posted by Harry at 11:19 PM  Tagged with: , ,

JNCIS-SEC Passed!

 Juniper, Personal, SRX  No Responses »
Dec 182011
 

Last week I passed my JNCIS-SEC. I’ve already done my JNCIA-FWV and JNCIS-FWV (though I’ve let them expire now…) so I’m familiar with a lot of the concepts from the ScreenOS world.

This was quite different though… Lots of questions on UTM and IPS which I’m not too hot on. And of course, the SRX does things in quite a different way to ScreenOS. Having had a few weeks experience working with the SRX, but quite a lot of time working with Junos and Netscreens in the past, I decided to follow the excellent fast track study material on the Juniper site and try and get this one under my belt.

Word of warning though – don’t even think about just doing the video! There is a lot, lot more in the study guide, including UTM – which there was quite a lot of in my exam.

Having passed I’m keen to do more Juniper certs – I’m looking for cheap SRXs to build a lab at home, but not many seem to have found their way onto eBay yet… If you have some to sell, drop me a comment! Continue reading »

 Posted by Harry at 9:14 PM  Tagged with: , ,

SRX Destination NAT through Zones

 Juniper, SRX  No Responses »
Dec 182011
 

I was at a customer site last week, and was asked to do something that I didn’t think was possible, having come from a ScreenOS background. I was wrong!

They are a large organisation and have multiple data centres, each adhering to the rule of having separate firewall clusters for the perimeter and the core of the network. The firewalls in the core of this data centre are a clustered pair of SRX 3600s, with different zones for different services – different server groups being separated out from communicating with each other except via the firewalls.

All traffic destined for the outside world went into a DMZ shared with the outer firewalls, called the secure DMZ. There is no direct route out to the internet for the majority of the servers, for security purposes. However, some servers need to access some things on the internet, as is always the way.

Continue reading »

 Posted by Harry at 8:33 PM  Tagged with: , ,

A Fresh Start

 Personal  No Responses »
Nov 262011
 

Having been experimenting a bit with my blog over on blogger, I’ve decided to move lock stock and barrel over to WordPress. Hopefully it will give me a bit more control, and incentive to post more!

I’ve also moved jobs, and moved countries, so this is a fresh start for me and this blog. Previously I was working for a medium sized ISP, and now I’m working for a consultancy company, who cover all kinds of different technologies and vendors I had previously never had any exposure to. Continue reading »

 Posted by Harry at 11:25 PM  Tagged with:

Juniper SA IVS Setup

 HA, IVE, Juniper, SA  2 Responses »
Oct 052011
 

There are a number of ways you can deploy your SA units, and in this example I’m going to go over using IVSs. These are Instant Virtual Systems, which are typically used by service providers to split a single or clustered SA unit into separate, independent logical units. Note that this is a licence activated feature, so you must purchase the ability to run IVSs from Juniper.

In this example I’m going to go over a deployment of an IVS on an Active/Passive cluster, of SA4500 devices.
Firstly, a quick diagram of how the setup will look:-
 Posted by Harry at 4:09 PM  Tagged with: , , ,

Juniper SSL VPN Appliance Clustering

 HA, IVE, Juniper, SA  No Responses »
Sep 202011
 

There are some pretty amazing things you can do with these boxes, and I wholeheartedly recommend them.

For redundancy, you can run them in clusters. These can be Active/Active, or Active/Passive, but for an Active/Active setup you need to use an external load balancer. We use both in my network.

Shortly I’ll post some thoughts on the different ways to cluster the boxes… watch this space!

 Posted by Harry at 3:42 PM  Tagged with: , , ,
© 2011 Technical Support Speaking... Suffusion theme by Sayontan Sinha
Easy AdSense Lite by Unreal