Later in this document: Setting up the database servers Setting up the Zabbix servers Setting up the frontend (web) servers Edmunds Vesmanis had a presentation in Zabbix Summit 2019 about Zabbix HA setups (video in Youtube), and he also wrote a post in Zabbix blog titled High Availability cluster building with Zabbix for continued service: […]
Category: Networking
Zabbix Protocol Dissector for Wireshark
While troubleshooting a Zabbix communication problem I realized that there was no Zabbix protocol dissector in Wireshark. Long story short: I wrote my own dissector in Lua as an exercise. Actually, I wrote two dissectors, one for Zabbix passive agent communication (port 10050, the not-so-json-style protocol) and one for other Zabbix components (port 10051). You […]
Linux Routing Memos
These are just small hints and memos what to do on a Debian Linux setup. This is not a complete guide on doing a secured routing environment with Linux. /etc/sysctl.conf: net.ipv4.ip_forward=1 Configure /etc/network/interfaces iptables -t nat -A POSTROUTING -o <upstream_interface> -j MASQUERADE apt-get install iptables-persistent apt-get install iftop apt-get install conntrack conntrack -L -s 10.11.1.10 […]
Zabbix Components and Ports
Zabbix monitoring system consists of components that communicate with each other. Here is a summary of the TCP ports and some configuration characteristics of various connections. Active agent: The Zabbix agent periodically asks the Zabbix proxy (or Zabbix server, if configured to use the server directly) for the list of items that should be collected, […]
Wireshark and 802.11 Data in Capture Files
Once again I was asked to get involved when a customer had problems with an application. I won’t go into application or problem details here but the process eventually involved capturing traffic on a customer laptop to see what was actually happening. The consultant doing the capture was not using Wireshark as I would have […]
Junos Default Applications
From Junos 12.1X47-D25.4 on SRX240H2: markku@srx> show configuration groups junos-defaults applications # # File Transfer Protocol # application junos-ftp { application-protocol ftp; protocol tcp; destination-port 21; } # # Trivial File Transfer Protocol # application junos-tftp { application-protocol tftp; protocol udp; destination-port 69; } # # Real Time Streaming Protocol # application junos-rtsp { application-protocol […]
majornetwork.net Is Now TLS-Enabled
I just enabled TLS in majornetwork.net. Everything seems pretty normal, and old http links should still work, redirecting to https. If you notice anything breaking up, let me know. Oh, and don’t report “not working with IE 6 on Windows XP”: It’s not me, it’s you.
IPsec VPN Tunnel between F5 BIG-IP and Juniper SRX
This post is an example of configuring an IPsec tunnel with F5 BIG-IP. In the diagram below the IPsec tunnel is configured between SRX210 (Junos 12.1X47-D20.7) and F5 BIG-IP (11.6.0 HF5-ENG11). F5 BIG-IP is connected here in one-arm setup. The SRX240 is not “an interesting device” in this demonstration. It is just a firewall and […]
SoftEther VPN with a VPN Address Pool
For replacing a physical remote access VPN implementation with a VPN server in a virtual machine, one of the options is SoftEther. There is a lot of documentation in the site but somehow I felt the material was hard to absorb. In this post I describe the reference implementation I managed to complete with SoftEther. […]
Juniper SRX IPsec LAN-to-LAN VPN Part 2
This is the part 2 of my Juniper SRX IPsec LAN-to-LAN VPN posts. In part 1 we had a simple LAN-to-LAN VPN with only one subnet in each site. In this post we have two subnets in Their Site to illustrate the VPN configuration options. Here is the topology for this post. Their Site is […]