Integrating NetBox and PRTG

Christmas is the best (and only, for me) time to write code. This Christmas I wrote a small PHP script that acts as middleware to integrate NetBox and PRTG. I’ve made the code available via GitHub. All the details of why and how are explained there in more detail but essentially this allows you to automatically add a device in to PRTG when a device in NetBox is assigned a

Stop Documenting the Network via the Network

As humans, we like patterns and symmetry. Things mostly make sense when there’s a pattern or some logic and I think this is why a lot of network engineers seem to love documenting the network via the network. There is no substitution for proper documentation. An example – hostnames. My argument is that the hostname of switches could simply be switch1, switch2, switch3 etc. because if I want to know

Backing up a Cisco Certificate Authority

If you’re deploying something such as DMVPN using a PKI, you may well be running a Certificate Authority on an IOS device. The files that make up the CA are stored in NVRAM. The Cisco design guide talks about backup and restore but there’s no automated way to copy the files off of the device. I created a TCL script that can be run via a kron schedule that will

Python. Not as bad as I thought.

My go to languages are Perl, PHP or good old bash. Everyone else seems to be using Python and up until now I had managed to steer clear of it. Mostly because I thought I didn’t need it but also because compared to languages that I’m familiar with, it looked odd. Just the structure of Python, having to use indentation, put me off. But today I wrote my first Python

Perl Module for Cisco Firepower Management Center API

I may have reinvented the wheel with this but I’ve started to write a Perl module for interacting with the Cisco FMC API using Perl. I say I may have reinvented the wheel because I didn’t check to see if someone else had already done this. I’ve published my module on GitHub. At the time of writing this, the module is at version 0.01. And as per the README right now

Simple Next Generation Firewall Manipulation Leading to Data Exfiltration

I was asked to take over a project involving implementing some Next Generation Firewalls. In this particular case it was Cisco Firepower Threat Defense. I was told that these NGFWs are all singing, all dancing and given the cost of them you’d expect that and more. I was told they understand more than just Layer 3 meaning we can do things like write rules based on FQDN, allow traffic based

Building a ZeroTier Bridged Network

I was listening to a recent Packet Pushers Priority Queue podcast called Meet ZeroTier – Open Source Networking and decided to give ZeroTier a go, to see if it really worked as described. TL;DR: Yes it really does work as described! If you’re unfamiliar with ZeroTier I highly recommend listening to this podcast to understand why, what and how. If you’re unsure on the why, what and how, this blog post

Cisco Two Armed VPN Concentrator and Default Route

Take the following scenario: You have a hub site. Branch (spoke) sites connect to the hub with a L2L IPsec tunnel. All traffic must traverse the tunnel (no local breakout to the Internet). At the hub, your VPN concentrator is separate from your firewall and runs in two armed mode. Where one interface is outside the firewall (public) to terminate the incoming tunnels and another interface is within a DMZ. As such

DHCP Option 43 Generator for Cisco Lightweight APs

I got lazy after having to create a load of DHCP scopes for Cisco Lightweight Access Points, each requiring Option 43 in TLV format. And now you can be lazy too. Save the following as a HTML file and open in your favorite browser. In the text area enter your WLC IP addresses one per line and hit submit. This will generate the hex string to use in DHCP Option 43. Linux Feedback Agent

I’ve been working with some appliances recently, load balancing traffic over MySQL and Apache servers running Linux. The load balancer supports a feedback agent where it can query the real server to gauge how utilised it is based on, for example, CPU load and then distribute the request to the real server that should perform the best. Over on the blog is an article about the feedback agent and how to implement it