Configuring a fallback for default-route on a Cisco router

This was a wish from one of my customer and I was investing a lot of time to connect the site2site VPN on both WAN uplinks with EIGRP metric and so on… but there is another simple way to configure an automatic default-route fallback which solves all our problems in case the primary WAN links … Read more

Export logfiles before new Installation of Sophos UTM v9

In case that Sophos still has no update for going from Version 8.306 to v9 within an UTM-cluster, I need to reinstall one of the clusternodes at my customers and restore the license file and configuration . In this procedure you are losing all your log files on the device so you need to copy … Read more

Enabling passive FTP through Cisco ASA

As I explained 1:1 NAT (with example for PPTP passthrough) in this post you can also add more PAT just based on your access-list. I recognized a problem at one customer that FTP needs an inspection firewall entry. The customer runs a passive FTP server on tcp port 3002 which I forwarded to inside: object … Read more

Enabling World of Warcraft Installer/Updater

Behind a Sophos UTM or Astaro ASG, the World of Warcrafter Installer or Updater brings always the error message BLZPTS0000J at start. In most cases this is a problem with the http-proxy. So if you want to enable the Blizzard Updater to connect, you need to skip AntiVirus for the following URLs: ^https?://[A-Za-z0-9.-]*\.battle\.net/ ^https?://[A-Za-z0-9.-]*\.edgesuite\.net/ ^https?://[A-Za-z0-9.-]*\.blizzard\.com/ … Read more

Using parent proxies with Sophos UTM or Astaro ASG

One of my customers has several attached branch offices connected via MPLS. Branch Office UK is using the webproxy from the german location (central ASG cluster). They had problems using www.google.co.uk or other websites with geo-IP-filters so we need a the usage of parent proxies based on some URLs. To do this, just use web … Read more

Wireshark with Windows 8

Today I wanted to sniff broadcast packets within a customer network, so I download and installed Wireshark (Wireshark-win64-1.8.2.exe) on my new Windows 8 x64 Installation. WinPcap couldn’t be installed. I only got the message “This version of Windows is not supported by WinPcap 4.1.2. The Installation will be aborted”. To resolve this, just download the … Read more

Cisco ASA NAT examples with software version 8.4

I know that they take LSD (yes Lysergic acid diethylamide) at Cisco like Kevin Herbert but can they consume less? Every release of a new 8.x software version of the Cisco ASA has new NAT statements and logic. This week I replaced an old Cisco PIX 6.x with a new Cisco ASA 8.4(4)1 (asa844-1-k8.bin) and … Read more