About

About Blog

During the last few years, I had several hobbies in which I gathered experiences in different sections such as IT-Security (network, IPv6, DNSSEC), playing instruments (electric guitar, synth), or other creative areas (time-lapse videos, 3D imaging). Since I almost always used information from other users on the Internet, I want to present my test results in this blog, hoping that some people out there can use it for further improvements, too.

Please note that this is my private blog. All notes and suggestions are only my personal opinions and are not related to any company I am working for.

About Me

My name is Johannes Weber and I am working as a network security consultant. I studied IT-Security at the Ruhr-Universität Bochum in Germany (Master of Science). Besides my job, I am playing a few instruments and do several other technical projects. That is, I don’t lack project ideas but free time to achieve them. ;)

Finally, I want to thank my creator Jesus Christ for giving me the ability to do all this stuff.

My mail address is johannes@webernetz.net. –> Please note: If you have any questions about projects published on this blog, please write a comment on that post. I will reply to your question there.

Some ideas for future projects are listed here.

Featured image “Magnesium Top on Ortega Ukulele” by Johannes Weber is licensed under CC BY 2.0.

28 thoughts on “About

  1. Hello Johannes,
    Hope you are well, I wonder if there is a tool or application can decode captured ip6 or icmpv6 files and format them or encode them in numerical format please?

    I have emailed you and hopefully you can advice please? I appreciate your advice.

    Kind Regards
    Abdul

  2. Hi Johannes,

    Wonder have you tried mrtg monitoring Mcafee Firewall Enterprise S3002? Any sample template available for cfgmaker? Thanks!

  3. Hey,
    We do have S2S configured between Juniper SSG-20 & Checkpoint Fw .
    Right now, we arriving the other site from private IP addresses .
    How can I configure that to arrive the other site with public address ?
    I know that NAT is the solution . but to configure it ? to configure DIP on the policy ?
    Thanks in advance .

  4. hi Weber
    I am a new IT teacher teaching networks and i was searching everywhere end to end working configuration for easy remote VPN access with ASA, as a start for my work and my understanding about VPN.

    After long hours searching , i found your config, and 20 minutes later …. it works !

    Thanks a lot.

  5. Hi,

    I would like to know how to configure Paloalto Firewall in HA and to manage that cluster from Panorama. I would appreciate if you can help with the process or steps to follow.

    Thanks
    JP

    1. Hi JP.

      Well, that’s quite general. ;) Have you already used the official Palo Alto Networks documentation? Or have you attended a training? They are quite good as well.
      TL;DR: Assign Mgmt-IP addresses to both units, build your HA cluster, add both of them to Panorama, add a template as well as a device group for them, and configure everything through Panorama now. DO NOT configure the HA settings nor the Mgmt-IP addresses in the template through Panorama! But everything else.

      Cheers,
      Johannes

  6. Hi Johannes,
    I will like to thank you for sharing knowledge.
    You are doing a great and amazing Job.
    I always whish you all the best.

  7. Hey,
    I really like your Posts,
    is there any option to add an email subscription for every new post you’re adding?
    Thanks!

    1. Hey Erez, yes, I have just re-enabled the widget on the right-hand side. I disabled it a couple of weeks ago because I got lots of SPAM subscribers. (Though you need to verify the subscription.)
      Thanks for reading my blog. ;)
      Johannes

  8. Hi Johannes,

    My name is Alan. I work as the ADS-B Network Manager for AirNav Systems (Radarbox.com).

    I was wondering if you could test and write an unbiased written review of our newly released Radarbox ADS-B FlightStick (USB Dongle) on your blog. You could even do a comparison with a competing ADS-B dongle and you can write in German if you wish – no problem. We can send you the FlightStick and antenna to carry out your test & review.

    Is this something you would be interested in doing? I look forward to hearing from you. My email address is – ajoseph@radarbox24.com

    Regards,
    Alan Joseph

  9. Johannes,

    If you ever consider selling your Meinberg NTP appliance, please consider me!

    Kind regards,
    Arnout

  10. Hi Johannes,

    habe gesehen, dass du WordPress auf einem HostEurope-Space benutzt. Da ich mir gerade auch überlege, zu HostEurope zu wechseln, wäre meine Frage, welches Paket du dort nutzt. Direkt das Angebot für Hosted WP? Oder normaler Webspace? Oder ein dedizierter Server?

    Vielen Dank dir für die guten Infos auf deiner Website und viele Grüße,
    Fabian

    1. Hi Fabian,
      ja, ich bin bei Host Europe und damit “eigentlich” auch ganz zufrieden. Ich habe den “WebHosting Basic” Tarif und kümmere mich selber um meine WordPress Installation. (Es gibt ja auch explizite WordPress Verträge.) Ich habe also weder einen dedizierten Server noch sonst irgendwas. Für meinen kleinen Blog reicht das vollkommen aus. (Wenig gleichzeitige Nutzer, kaum Traffic, keine Kundenverwaltung.)

      Das “eigentlich” kommt daher, dass Host Europe, im Gegensatz zu Anderen, *keine* automatisierten und kostenlose TLS Zertifikate über Let’s Encrypt anbietet. Das finde ich ziemlich albern und ist nur noch Geldmache. Nun habe ich aktuell keine Lust, nur deswegen den Anbieter zu wechseln, würde mich aber an deiner Stelle informieren, was denn andere Anbieter so kosten. Ich persönlich muss mir halt das eine TLS Zertifikat für meinen ganzen Rutsch an Domains immer händisch generieren und im Portal hochladen. Das klappt zwar, ist aber halt alle 3 Monate fällig und etwas nervig.

      Lieben Gruß
      Johannes

  11. Hi Johannes
    What do you think about Stormshield devices for VPN & Firewall ? You talk about most devices brand but never of StormShield while it is an european manufacturer, it would be nice you compare to others !?
    Rgds

    1. Hi Robert,

      uh, to be honest, I’ve never heard of Stormshield up to now. They are possibly a niche player? We have some german firewall products as well, that are not really comparable to the next-gen firewalls from Palo, for example. Do you have any experiences with them? Do you know whether they offer:
      – user identification through AD security log (or the like)?
      – antivirus/APT scanning through TLS interception?
      – URL filtering based on categories
      – application detection
      – layer 7 ACLs, that is: policies using applications rather than TCP/UDP ports
      – unified policies, that is: v4 and v6 addresses in the same policy
      – full IPv6 implementation, that is: MP-BGP, OSPFv3, NPTv6, DHCPv6-PD, RA with RDNSS and DNSSL
      – route-based site-to-site VPN with the additional possibility of proxy-IDs
      – client-based and clientless remote access VPN
      – concept of virtual routers
      – out-of-band management (own hardware port + own default route)
      – reasonable HA, that is: config & session sync even through minor OS discrepancy between the cluster members, that is: are you able to update a single member while leaving the other one in the current version
      – central management that does NOT differ that much from the look-and-feel from a standalone firewall

      ;)

      Thanks
      Johannes

  12. Hi Johannes,

    Stormshield Firewall will fit for all these features except :
    – Layer 7 ACLS (Apps are detected but can’t be used in the rules yet)
    – IPv6 support is not « full » (filtering ok, in the same rules as IPv4)
    – Virtual Routers and OOB Management

    Regards,
    Laurent.

  13. Hi Johannes,

    I was just wanted to thank you for this amazing website. For an IT system administrator is highly recommended in case he needs help with networking. Good job!

    Ruben

      1. Funny, the orange RSS Icon is not displayed when uBlock Origin is active. As soon as i disable it and reload the site, the icon appears. But maybe thats because of one of my selected filter lists.

        Thanks for the quick response!

Leave a Reply

Your email address will not be published. Required fields are marked *