Firewalld alike iptables relies on Netfilter service that is responsible for packets filtering.The difference is that iptables works based on “chain of filter” rules, alike ACLs on the router, firewalld based on “zones” similar to ASA. The idea that stands behind the firewalld is that interfaces and networks are grouped into zones. Each zone has different level of trust.

vrfDiagramIf you use VRFs, sometimes you may want to use something what is being called “route leaking”. Route leaking consists in importing and exporting prefixes between VRFs or between VRF and global routing table. In this article I’ll show you how to implement route leaking in 5 different ways.

dmvpn2smallDual Cloud DMVPN failover solution is the most reliable way to achieve reachability in any case of failure. If one of the routers get fail we still have another one, if one of the ISPs links has died we have the second one. In the scenario I assumed there are only 2 Hubs and 2 Spokes but this solution is very well scalable.

NAT on ASA differs to NAT on IOS routers regarding configuration.At first glance may seems to be very confusing, but as we see in a while the crucial is understanding where particular types of NAT take place, then configuration is not so hard.

Regarding Fault Tolerance ASA provides 2 solutions: Active/Standby and Active/Active. Whereas Active/Standby is simple in use Active/Active provides not only redundancy but load sharing as well. On the other hand, requires more expansive license. Anyway, in this article we will compare them and see how to configure. 

GRUB – GRand Unified Bootloader plays crucial role in proper and stable work of a Linux system. Thanks to its the Linux is able to load  the system in different modes but also enables us to recover the OS if something went wrong or the system got crashed.

Multiple Context on ASA provides the highest level of virtualization, within one single chassis we get 2 virtual firewalls. Each with separate Data and Plane Control. Idea similar to VRF but in Multiple Context we may share one interface between 2 contexts what makes its more sophisticated.

Dealing with freshly added hard drives to the system is not difficult, but as every system manipulation in Linux requires a CLI knowledge. This article allows you adding seamlessly hard drive to the system, partitioning and mounting its permanently thanks to fstab file.

mpfsmallACLs can filter traffic at layer 3 and 4. Usually it will be enough, but sometime we need to  subject the trafic to more granular inspection before we reject any host ? Then filtering on access lists will not work and Modular Policy Framework has to be used. But as you see for yourself MPF can do for us much much more.

Nothing happens in Linux without udev knowledge when you connect any device. When you plug USB stick to the computer with Linux OS the really interesting things happen behind the scene where udev and dbus comes to play to provide  recognizing and loading appropriate modules to the kernel.