Hello, everyone. I am in my first month at new job and trying to fix some problems. One of them is that we have 2 WSAs those working in Forward mode. Browsers get WPAD.dat file from Citrix load balancer so that part of workers access internet through first WSA and another part from the second. The problem is that the previous worker uploaded https proxy certificate to secon WSA not correctly. The common name is wrong and this cause some users to get error when accessing the internet. I Security Services -> HTTPS Proxy -> Edit Settings -> and  generated new CSR with correct name. Then I signed it with our internal CA server and uploaded into WSA. The ironport accepted it. I submitted and committed changes. The problem is the users still get the old certificate and error. How I can apply my changes?   Thanks in advance.     ... View more

Hello everyone. I have started new job and I previously worked as Network and Security administrator. I have studied Voice and here it is my first experiences with Telephony world. Today, i faced one interesting problem. One worker`s phone was working perfectly but suddenly she called and said that she cannot receive calls even from internal numbers but can make calls. I dialed her number and she was right. The problem is last two days no one touched the CUCM. I checked up her phone and DN configurations and everything was okay. Last thing i tried changed her number and now she can get call with new DN. I brought the old DN back and again she cannot get calls. What can be reason for this? The phone is Cisco 8841   Thanks in advance. ... View more

Hello, everyone. I nee clarification about one thing. We are using FTD devices on out corporate network for RA ans S2S VPNs. FTD has one interface for internet and one WAN interface leased from SP for 3rd Party companies. Currently we have one site-to-site vpn with another company. The problem is that IPsec configurations are okay but internal endpoint cannot see each other until i make NAT exception for them. I do know understand why i need exception when i do not have any other NAT configured on that WAN interface. Only lots of Exceptions. Other Internet NAT cons are facing other internet interface. Is there any point forcing me making exceptions for VPNs?   thank in advance! ... View more

Hello all. I have a question about the enterprise network design. I have changed my job and here i have seen a couple of new design implementation which was done by previous worker. I do not have to much experience so i haven`t seen so much enterprise networks. I mostly worked in ISP. Here, we use 3750 swtiches stacked as Core-Distribution then Access switches. Moreover, we have 2 Nexus switches which are working as DMZ switches. The unusual thing for me is that Nexus switches and Core-Distribution switches are directly connected by L3 and L2 channels. So workers and users get to ASA trough DMZ Nexus switches but not directly from Core-Distribution switches. I have searched and https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/IE_DG.html here in Figure 8 it also designed similarly. I did not understand what is pros of this design. Previously, in out projects we always separated DMZ and Internal switches and no direct connection. Sometime used some L2 direct connection to WAN switch for L2 Data channels from providers but having L3 connection between these switches...   Hope someone will clarify this...   Thanks in advance! ... View more

Hello everyone. I changed my job couple of days ago and getting familiar with system here. I do not have to much experience with email security appliances. What I saw in current ESA deployment that previous workers here added sender with Global IP address in Private Listener port that is using internal subnet. Is that a normal thing? I can be sure whether they misconfigured this or did it mindly. There is proper documentations showing all data flows so I am confused a bit whether I can download this or not. What I know from my experience that in private listener port HAT only contains internal mail server or other sub company mail servers. However adding Public IP address into HAT of private interface seems a bit weird to me.   Thanks in advance! ... View more

Hello, everyone. I would like to change the web interface https certificate of my WSA because previous workers issued the certificate with wrong URL and therefore although everything is installed it still gives an error. I changed through CLI however nothing changed. WSA still uses old one. My question do I have to reload the ironport for changes to take effect? I haven`t tried it because I cannot stop the users system. I wanted to be sure.   Thanks in advance. ... View more

Hello, Everyone. I almost finished my study of working with CUCM in beginner level. I learned how to configure route (dial-peer) with 3 level architecture RouterGoup -> RouterList -> RouterPattern. I understood that different route group can be used as fallback, backup way for destination (If WAN is down, using PSTN connection for branch office, etc.) My question how do I configure class of control for backup channel. I mean if WAN is working, everyone can use both WAN and PSTN connections with with given CSS to them. But if WAN is down, only certain persons can use PSTN connection for calling branch office numbers.   Thanks in advance ... View more

Hello everyone. I need some advice from Network Security Experts. I am Network administrator in one of the best Service Provider companies of my country for almost 3 year. I have CCNP R&S certificate and because i daily work in this area i feel myself confident and experienced with network services. However see my future in Network Security and want to expertise in this area. Unfortunately, my company does not have many projects with security subjects therefore i do not know how to get knowledge on security technologies. I have CCNA Security certificate but i think that is not enough for working as security engineer. I see a lot of job offers but they require knowledge on different technologies that are not covered in CCNA SEC and CCNP SEC such as working WAF,NAC, IDS/IPS, Proxies, Content Filtering systems and etc. I want to know, which books or online courses may help me?    Thanks in advance! ... View more

Hello everyone. Our ISP company is going to migrate to dynamically servicing Internet subscribers for both DSL and Fiber connections. We have just brainstormed about several technologies such as Pppoe, IPoe, AAA servers, Billing systems and etc. However now, I have to start deeply studying all possible solutions. I googled a lot but could find proper documentations maybe because I used wrong terms. I would be thankful if anyone provide me with references. Thanks in advance. ... View more

Hi everyone, I am working at service provider company that runs Metro Ethernet network with lots of catalyst switches. In one branch I see total output drops and this branch is for IPTV which send multicast traffic and therefore output drops immediately affect the quality of stream. The design is so: DATA Center <--TE Uplink--> Switch A <--1G Uplink--> Switch B I see output drops on Switch A`s interface looking at Switch B. Although average rate on the interface is 500Mbps and this is half of real bandwidth of port, I understood that it is because of burst and the reason is packets coming from higher interface to lower one.  So is there any QOS configuration that I can implement on Switch A`s TE interface and limit burst packets?   PS: Switch A is cisco ME-3600X-24TS-M   Thanks in advance ... View more

Hello, everyone. I would like to clear one question in my head. My friend is a intern in one IT company and he has been given a task to perform by working show commands in lan devices. As soos as he logged into devices with his username&pass, i understood that it was "parser view" username so "show running-conf" and etc was restricted. However, one thing got my attention. When i typed "show cdp neighbor" i saw 3 entries and after that i typed "show cdp neighbor detail", the information for one of the entries was missing. Nothing totally. I wonder whether it is possible to restrict a particular part of the output of any show command?   Thanks in advance ... View more