4 Articles Troubleshooting Asymmetric Routing

• Common Scenario
• Automatic Fix
• Manual Fix
• Alternate Causes

9 Articles Troubleshooting Authentication

• DN and Related Settings
• Bind Credentials
• Active Directory Group Membership
• Extended Query
• Connection-Related Issues (non-SSL)

7 Articles Troubleshooting Network Connectivity

• WAN Interface
• LAN Interface
• Firewall/Rules
• Outbound NAT
• Diagnostic Tests

3 Articles Troubleshooting DMA and LBA Errors

• Non-Fatal Errors
• Fatal Errors
• Other Errors

2 Articles Troubleshooting the DNS Cache

• DNS Forwarder
• Client DNS Cache

3 Articles Troubleshooting Gateway Monitoring

• sendto error: 55
• sendto error: 64
• sendto error: 65

1 Article Troubleshooting the HAProxy Package

• HAProxy Troubleshooting

7 Articles Troubleshooting High Availability

• Common Misconfigurations
• Incorrect Hash Error
• Both Systems Appear as MASTER
• Primary system is stuck as BACKUP
• Other Switch and Layer 2 Issues

3 Articles Troubleshooting High Availability Clusters in Virtual Environ- ments

• Hypervisor users (Especially VMware ESX/ESXi)
• KVM+QEMU Issues
• VirtualBox Issues

4 Articles Troubleshooting High CPU Load

• View CPU Processes
• View Interrupt Counters
• View mbuf Usage
• View I/O Operations

4 Articles Troubleshooting Installation Issues

• Boot from Install Media Fails
• Boot from hard drive after installation fails
• Interface link up not detected
• Hardware Troubleshooting

9 Articles Troubleshooting IPsec VPNs

• IPsec Logging
• Tunnel does not establish
• Tunnel establishes but no traffic passes
• Some hosts work, but not all
• Connection Hangs

4 Articles Troubleshooting L2TP

• Connected to L2TP but cannot pass traffic
• Connection Fails with a Windows Client
• L2TP Traffic Blocked Outbound
• Cannot connect

8 Articles Troubleshooting Low Interface Throughput

• Insufficient Hardware
• Hardware/Driver Tuning Required
• Duplex Mismatch
• Traffic Shaping
• MTU Issues

7 Articles Troubleshooting Multi-WAN

• Verify Firewall Rule Configuration
• Policy routing does not work for web traffic or all traffic
• Failover not working
• Load balancing not working
• A gateway is incorrectly marked offline

3 Articles Troubleshooting NAT

• Port Forward Troubleshooting
• NAT Reflection Troubleshooting
• Outbound NAT Troubleshooting

1 Article Troubleshooting NAT Port Forwards

• Common Problems

14 Articles Troubleshooting OpenVPN

• Cannot route to clients on an SSL/TLS site-to-site tunnel
• Client Specific Override iroute entry seems to have no effect
• Why do OpenVPN clients all get the same IP address?
• Importing OpenVPN DH Parameters
• Check OpenVPN Status

3 Articles Troubleshooting Routes

• Viewing Routes
• Using traceroute
• Routes and VPNs

3 Articles Troubleshooting Snort Rule Updates

• MD5 Signature Mismatch
• Upstream Issues
• Space Issues

4 Articles Troubleshooting the Squid Package

• Disk Usage Issues
• Sites not loading with splice / Error 409 in access log
• Clear Cache
• Complete Reset

11 Articles Troubleshooting Upgrades

• Cosmetic Problems Post-Upgrade
• Upgrade Log
• Upgrade not Offered / Library Errors
• Repository Metadata Version Errors
• Rewrite Repository Information

6 Articles Troubleshooting Wireless Connections

• Check Wireless Status
• Check the Antenna
• Try with multiple clients or wireless cards
• Signal Strength is Low
• Stuck Beacon Errors

5 Articles Troubleshooting Captive Portal

• Authentication failures
• Captive Portal Does not Redirect
• Apple devices are unable to load the portal page or login
• Port Forwards Behind Portal Only Work When Target Logs In
• Captive Portal Rules

16 Articles Troubleshooting Firewall Rules

• Check The Firewall Logs
• Check the State Table
• Review Rule Parameters
• NAT Confusion
• Port Forward pass action

4 Articles Troubleshooting FTP Connections

• Disabling the FTP Proxy
• FTP Ports
• Rules to allow FTP
• Troubleshooting/Alternatives

2 Articles Troubleshooting Blocked Log Entries for Legitimate Connec- tion Packets

• Clustering and Load Balancing
• Asymmetric Routing

5 Articles Troubleshooting Traffic Shaping

• Bittorrent traffic not using the P2P queue
• UPnP traffic shaping
• ACK queue bandwidth calculations
• Why is not properly shaped?
• WAN connection speed changes

9 Articles Authenticating Users with Google Cloud Identity

• Configure the LDAP Application on the G Suite admin portal
• Download the certificate, key, username and password
• Import the certificate and key
• Install the stunnel AZTCO-FW package (CE or 2.4.4-RELEASE)
• Configure the stunnel package (CE or 2.4.4-RELEASE)

2 Articles Configuring BIND as an RFC 2136 Dynamic DNS Server

• Configure the BIND Server
• Configuring a Client in AZTCO-FW

4 Articles Blocking Web Sites

• Using DNS
• Using Firewall Rules
• Using a Proxy
• Prevent Bypassing Restrictions

2 Articles Blocking External Client DNS Queries

• DNS over TLS
• DNS over HTTPS

6 Articles Configuring DNS over TLS

• Requirements
• Configure DNS Servers
• Enable DNS over TLS for Forwarded Queries
• Testing DNS over TLS
• Enable DNS over TLS Server (optional)

3 Articles Dynamic Routing Protocol Basics

• RIP
• BGP
• OSPF

2 Articles Basic Firewall Configuration Example

• Basic lock down of the LAN and DMZ outgoing rules
• Setup isolating LAN and DMZ, each with unrestricted Internet access

3 Articles External User Authentication Examples

• OpenLDAP Example
• RADIUS Server Example
• Active Directory LDAP Example

3 Articles Using EAP and PEAP with FreeRADIUS

• General EAP configuration
• PEAP and MSCHAPv2
• EAP-TLS

1 Article Using Mobile One-Time Passwords with FreeRADIUS

• Enable Mobile-One-Time-Password (OTP) support

2 Articles Using NAT and FTP without a Proxy

• Client Behind AZTCO-FW
• Server Behind AZTCO-FW

1 Article Configuring AZTCO-FW Software for Online Gaming

• Specific Game/Console Information

5 Articles High Availability Configuration Example

• Setup Sync Interface
• Configure pfsync
• Configure Configuration Synchronization (XML-RPC)
• Determine IP Address Assignments
• Cluster Configuration Basics

4 Articles High Availability Configuration Example with Multi-WAN

• Determine IP Address Assignments
• NAT Configuration
• Firewall Configuration
• Multi-WAN HA with DMZ Diagram

2 Articles High Availability Configuration Example without NAT

• Public IP Assignments
• Network Overview

4 Articles A Brief Introduction to Web Proxies and Reporting: Squid, SquidGuard, and Lightsquid

• Squid Caching Web Proxy
• SquidGuard Web Access Control and Filtering
• Lightsquid Web Access Reporting
• Transparent Proxies and HTTP/HTTPS

1 Article Authenticating Squid Package Users with FreeRADIUS

• SQUID Proxy

2 Articles Configuring the Squid Package as a Transparent HTTP Proxy

• Install the Package
• Configure the Squid Package

6 Articles Setting up WPAD Autoconfigure for the Squid Package

• Why would this be done?
• Prerequisites
• Create wpad.dat
• Configure DNS
• Block Port 80 Out from LAN

4 Articles IPsec Remote Access VPN Example Using IKEv1 with Pre- Shared Keys

• On AZTCO-FW
• The client
• Client tweaks
• Troubleshooting

4 Articles IPsec Remote Access VPN Example Using IKEv1 with Xauth

• IPsec Server Setup
• Device Setup (Android)
• Device Setup (iOS)
• Troubleshooting

5 Articles Configuring IPsec IKEv2 Remote Access VPN Clients

• Configuring IPsec IKEv2 Remote Access VPN Clients on Windows
• Configuring IPsec IKEv2 Remote Access VPN Clients on Android
• Configuring IPsec IKEv2 Remote Access VPN Clients on OS X
• Configuring IPsec IKEv2 Remote Access VPN Clients on iOS
• Configuring IPsec IKEv2 Remote Access VPN Clients on Ubuntu

4 Articles IKEv2 Server Configuration

• IKEv2 Certificate Structure
• Mobile IPsec User Creation
• Firewall Rules
• Mobile IPsec User Creation

2 Articles IPsec Remote Access VPN Example Using IKEv2 with EAP- RADIUS

• EAP-RADIUS with FreeRADIUS
• EAP-RADIUS with Windows Network Policy Server (NPS)

6 Articles IPsec Remote Access VPN Example Using IKEv2 with EAP-TLS

• Set up Mobile IPsec for IKEv2+EAP-TLS
• Setup Certificates
• Add Firewall Rules for IPsec
• Import the CA to the Client PC
• Import the Client Certificate to the Client PC

3 Articles IPsec Site-to-Site VPN Example with Pre-Shared Keys

• Site-to-site example configuration
• Routing and gateway considerations
• AZTCO-FW-initiated Traffic and IPsec

4 Articles Routing Internet Traffic Through a Site-to-Site IPsec Tunnel

• Configure outbound NAT
• Set up the IPsec tunnel Phase 1
• Set up the IPsec tunnel Phase 2
• Allow IPsec traffic through the firewall

12 Articles Configuring IPv6 Through A Tunnel Broker Service

• Sign Up for Service
• Allow IPv6 Traffic
• Allow ICMP
• Configure the New OPT Interface
• Create and Assign the GIF Interface

4 Articles L2TP/IPsec Remote Access VPN Configuration Example

• Setup IPsec
• IPsec Firewall Rules
• DNS Configuration
• Client Setup

4 Articles Connecting to L2TP/IPsec from Android

• IPsec Setup
• Android Client Setup
• Other Thoughts
• L2TP Setup

4 Articles Migrating an Assigned LAN to LAGG

• Warnings/Precautions
• Prerequisites/Assumptions
• Migrate LAN to a LAGG
• VLANS

2 Articles Accessing a CPE/Modem from Inside the Firewall

• Configure a new Interface
• Configure NAT

4 Articles Configuring Multi-WAN for IPv6

• Caveats
• Requirements
• Setup
• Alternate Tactics

4 Articles Configuring NAT for a VoIP PBX

• Aliases to make it easy
• Port Forwards
• Manual Outbound NAT
• Reset States

3 Articles Configuring NAT for VoIP Phones

• Disable source port rewriting
• Set Conservative state table optimization
• Disable scrub

3 Articles Bridging OpenVPN Connections to Local Networks

• OpenVPN Server Settings
• Creating the Bridge
• Connect with Clients

2 Articles Configuring a Single Multi-Purpose OpenVPN Instance

• Setup
• Notes

2 Articles Connecting OpenVPN Sites with Conflicting IP Subnets

• Site-to Site Example
• Site-to-Multi-Site Example

17 Articles OpenVPN Remote Access Configuration Example

• Before Starting The Wizard
• Choose Authentication Type
• Choosing an LDAP Server
• Adding an LDAP Server
• Choosing a RADIUS Server

9 Articles Authenticating OpenVPN Users with FreeRADIUS

• Purpose
• Requirements
• Add an interface to FreeRADIUS
• Add a NAS client to FreeRADIUS
• Add Users

19 Articles Authenticating OpenVPN Users with RADIUS via Active Direc- tory

• Create a Certificate
• Create an internal certificate
• Install the OpenVPN Client Export Package
• Prepare the Windows package
• install the OpenVPN package

7 Articles Installing OpenVPN Remote Access Clients

• Installing the OpenVPN Client on Windows
• Installing the OpenVPN Client on Mac OS X
• Installing the OpenVPN Client on iOS
• Installing the OpenVPN Client on Android
• Installing the OpenVPN Client on FreeBSD

2 Articles Adding OpenVPN Remote Access Users

• Local Users
• LDAP or RADIUS Users

3 Articles OpenVPN Site-to-Site Configuration Example with Shared Key

• Configuring Server Side
• Configuring Client Side
• Testing the connection

4 Articles Routing Internet Traffic Through A Site-To-Site OpenVPN Tun- nel

• Set up OpenVPN at Site B
• Configure firewall rules at Site B
• Set up outbound NAT at Site B
• Set up the client at site A

3 Articles OpenVPN Site-to-Site Configuration Example with SSL/TLS

• Configuring SSL/TLS Client Side
• Testing the connection
• Configuring SSL/TLS Server Side

2 Articles Accessing Port Forwards from Local Networks

• Method 1: NAT Reflection
• Method 2: Split DNS

3 Articles Authenticating from Active Directory using RADIUS/NPS

• Choosing a server for NPS
• Installing NPS
• Configuring NPS

6 Articles Allowing Remote Access to the GUI

• Use a VPN
• Restricted Firewall Access
• Use HTTPS
• Move the GUI to an Alternate Port
• Strict Management

3 Articles Preventing RFC1918 Traffic from Exiting a WAN Interface

• Scenarios where RFC1918 addresses should NOT be blocked on the WAN interface
• Steps to block RFC1918 traffic from leaving the WAN interface
• Notes

4 Articles Routing Public IP Addresses

• IP Assignments
• Interface Configuration
• NAT Configuration
• Firewall Rule Configuration

6 Articles Configuring Switches with VLANs

• Dell PowerConnect managed switches
• Cisco IOS based switches
• Cisco CatOS based switches
• Switch configuration overview
• HP ProCurve switches

10 Articles Using the Shaper Wizard to Configure ALTQ Traffic Shaping

• Choosing a Wizard
• Starting the Wizard
• Networks and Speeds
• Voice over IP
• Penalty Box