Tag: Firewall

Posted on

Resources for Learning Azure from the Beginning

I can remember back when I first signed into the Azure portal. It was very overwhelming. I didn’t know where to click to even begin. Azure has changed a lot since then and still takes a lot of patience to learn, but once you get started it just kind of clicks.

When you’re starting to learn azure, one of the most important things is to have some great resources to use to get started! Having the right learning materials when you first sign into Azure can make a huge difference in your experience.

As tempting as it is to start learning the really fun stuff like AI, Cognitive services, Machine Learning, and other Azure services, you probably should start with learning the slightly more boring stuff first – Azure Infrastructure as a Service. These are things like Azure Networking, Azure Virtual Machines, and Azure Storage. Once you have these things down, you will have a much better understanding of the Azure basics. You will understand how Azure pieces things together and breaks things apart.

Below I am going to list some great resources for learning the very basics of Azure.

  • MoreAbout.Tech – Obviously this site in the Azure category would be my first stop 🙂
  • Pluralsight – Azure Fundamentals – If you haven’t heard of it, Pluralsight is a GREAT place to learn. It does cost some upfront, but they do usually offer a free trial. They have MANY courses on Azure and even courses specific to different sections of Azure. I would recommend starting with their Azure Fundamentals course.
  • Microsoft Learn – Azure Fundamentals – This is where I would recommend starting. Its a link to a certification test, but if you scroll down to Ways to prepare and click Self-paced, Microsoft links to several great learning paths where you can get started. It also even gives you a free lab environment. You can spin up resources and it doesn’t cost you anything at all! And at the end you can even try for the certification exam. The test was super easy, back when I took it, it was more on the theories of cloud computing rather than the specifics of Azure.
  • Azure Documentation – although not the best place to start with, this is by far one of the best places to learn once you understand the basics.
  • Azure for Student – If you can prove you are a student at a school or college, you can get free Azure credit and some of their most popular services for free. I would definitely sign up for this if you qualify!
  • Hands on experience is best! There are several ways to get hands on experience:
    • Use Microsoft Learn modules that offer a lab experience. These are free!
    • If you company has a MSDN license available, ask for one. This gives you $50 for free every month!
    • If your a student, you can get free credit
    • Ask you company if they use Azure. If so, ask for a walk around in Azure. Not only will this get you experience, but it will get you in with the Azure people. You could ask for some side duties if your company is open to cross training.
  • Azure Master Class on YouTube – a FREE YouTube playlist for an Azure masterclass
Posted on

Sophos XG Firewall Windows DHCP Server not getting IP Addresses

I recently setup Sophos XG Firewall in my Home Lab and setup vlans, firewall rules, DHCP relays to point to my Windows DHCP Server, etc. The whole 9 yards. After I had everything working, I decided to add in the rest of my VLANS and create relays so they all worked without a hitch. After doing this, something that should not have effected other already working VLANs, nothing was getting DHCP addresses. Not even ones that was working.

I spent MANY hours trying to figure out why. I tried changing all of my firewall rules to any-any, etc. Nothing was working. After looing in the logs, I noticed this:

Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port1.21" out_interface="" src_mac="68:b5:99:6f:b5:fe" src_ip="10.124.216.41" src_country="" dst_ip="10.124.219.254" dst_country="" protocol="UDP" src_port="67" dst_port="67" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature"

I was getting a block by the firewall rule 0 on Appliance Access as Denied. But why? A – it shouldn’t be a firewall rule blocking it because I put in an Any-Any rule. I tried changing everything. But it came down to one.. simple.. thing.. Here is my setup so you can understand the issue.

The Setup

  • VLAN 110 – 192.168.0.0/24 – Networking equipment
    • Sophos XG Firewall – IP 192.168.0.5
  • VLAN 111 – 192.168.1.0/24 – Servers
    • Windows AD/DNS/DHCP Server – 192.168.1.10
  • VLAN 112 – 192.168.2.0/24 Clients (No IP address)
    • Laptop
    • Cellphone

In Sophos, Windows DHCP, I setup DHCP subnets for all three vlans. Then in Sophos, I setup a DHCP relay just the Clients VLAN.

It worked! I was getting IP addresses assigned to the Clients.

The Issue

Then I decided to setup VLANs for every subnet and made quite a few other changes to get it to that perfect lab I was hoping for. I looked up and noticed all my Chromecasts was saying they couldn’t get an IP. I checked and sure enough, it was no longer dishing out IP addresses.

The Resolution

After much trial and error, I found that the fact I put a DHCP relay on the subnet the DHCP server was on, it was causing all the DHCP requests to fail.

Someone may have a better understanding of it and can explain better in the comments, but what my assumption is, when the DHCP request goes out, it gets blasted to the entire vlan to find a DHCP server by blasting out to port 67/68 UDP in search of a DHCP server. The gateway at 192.168.2.1 forwards this to the 192.168.1.0/24 vlan and it receives the blast on that subnet for the response, and blasts that back out to the requesting vlan.

If you put in a DHCP relay on the same subet as the DHCP server, then when it tries to “blast” the response back, the gateway takes that requests and tries to re-blast it in the same subnet. This causes a malformed loop and causes the request to fail. Thus removing the DHCP relay on the VLAN the DHCP server is in should fix this.

Please let me know if you have a better understanding of the cause or if this helps you!

Posted on

Change Default SSH Port Number

SSH Command line

By default, SSH runs on port 22, and most scripts attack that port by brute force to attempt to gain access to your server. One way to stop script kiddies from brute forcing your SSH server so often is by changing the default port that OpenSSH uses. You must remember this port number and change all your connections that use SSH to the new port number. Continue reading “Change Default SSH Port Number”

Posted on

Turn Windows Firewall Off or On By Command Line Or Script

I have run into a few times when I needed to turn off or on the Windows Firewall via command line or script. It is actually very simple to do!

To Turn Off:
NetSh Advfirewall set allprofiles state off

To Turn On:
NetSh Advfirewall set allrprofiles state on

To check the status of Windows Firewall:
Netsh Advfirewall show allprofiles

You can replace “allprofiles” with public, domain, or private and you can manipulate just that one profile. I used this in creating a script to test the firewall settings of a remote server. That way if I messed up the config, it would turn itself back off after a minute and I was able to reconnect to it. You can view that script on my other post Testing Windows Firewall Settings Safely From Remote Machine.

Posted on

Testing Windows Firewall Settings Safely From Remote Machine

A while back I got me a new crisp Windows Server. By default, the Firewall was turned off and of course I wanted to turn it on for security reasons. But what happens if I lose my connection to a server a few hundred miles away? How would I disable the firewall if I can’t connect to it anymore? I decided to write a script!

The function of the script is to enable the firewall for the public internet, wait 2 minutes, then disable it again. Here is my script:

@echo off
Netsh Advfirewall set public state on
timeout 120
Netsh Advfirewall set public state off

Save those lines as a batch file, then run it as Administrator. Keep in mind to use this at your own risk! It saved me, but never know about you! An explanation of the commands can be found on my other post Turn Windows Firewall Off or On By Command Line Or Script.

%d bloggers like this: