Author: Mikail

Categories
Tech

802.1X Machine Authentication with Per Group VLANs with Meraki Wireless Access Points

The below is more of a supplement to the Meraki knowledge base articles as I thought (personally) they were lacking quite a bit with some important information – also a warning about using group policies in the Meraki dashboard.

The main articles to follow are:

Basically you have something like this:

networkpolicy-conditions networkpolicy-settings

The above attributes are required if you want to send the VLAN tag in the RADIUS response. See this article for more information.

NOTE: As of this post there exists an issue (and this issue has been in existence for about 6 months now – I have been struggling to find a solution to the horror in Windows that is seeing the wireless network in ‘limited connectivity’ mode) where Pairwise Master Key caching (PMK) fails to work properly and causes the VLAN policy tag to be lost during client re-association.

This issue only exists if you use VLAN assignment in the group policy section in the Meraki dashboard. If you use the above steps to send the VLAN tag as part of the RADIUS response then you will be fine.

Categories
Tech

Cisco IronPort E-mail Security Appliance Best Practices : Part 1

I’ve cheekily phrased this blog article as a best practice guide to setting up/configuring your Cisco IronPort email security appliance. However I must make clear that the below is what I deem to be best practices/configuration. Every environment is unique so please make sure you understand what you are doing before attempting to implement any of my suggestions below. So, let’s get started! The suggestions below are in no particular order.

Continue reading “Cisco IronPort E-mail Security Appliance Best Practices : Part 1”
Categories
Tech

URL Filtering on the Cisco IronPort ESA

This blog article will briefly describe the new URL filtering features in the updated AsyncOS 8.5.0 for the Cisco IronPort Email Security Appliance.

Before you upgrade to 8.5.5 (which is the latest OS as of this post), please check the upgrade path at the URL below:

http://www.cisco.com/c/dam/en/us/td/docs/security/esa/esa8-5-5/ESA_8-5-5_Release_Notes.pdf

Continue reading “URL Filtering on the Cisco IronPort ESA”
Categories
Tech

Remove Old ActiveSync Devices on Exchange Using PowerShell

This will be a quick how-to guide on removing old/stale ActiveSync devices from Microsoft Exchange.

Note 1: I have only run this on an on-premises Exchange 2007 server so I am not sure if it will work in 2010, 2013 or Office 365 but hopefully the script will come in handy anyway

Note 2: This is my first ever PowerShell script so I am sure there are better ways of doing this but it does the job!

Okay so if you want to run a report on old devices (I have defined old as no successful sync in the past 30 days but you can change this to whatever you want) before you go ahead and remove them, run the following command:

Get-Mailbox | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | where {$_.LastSuccessSync -lt ((Get-Date).AddDays(-30))}

To actually remove these devices (this command removes the relationship between the device and Exchange – it will NOT wipe the device) run this command:

# Assign the full identity string for each of the old devices to the $staleDevices variable - this identity string is required for the Remove-ActiveSyncDevice cmdlet
$staleDevices = Get-Mailbox | ForEach {Get-ActiveSyncDeviceStatistics -Mailbox:$_.Identity} | where {$_.LastSuccessSync -lt ((Get-Date).AddDays(-30))} | select -expand Identity
# Loop through the identities and pass them in to Remove-ActiveSyncDevice. The -confirm at the end forces the command to go through. Remove it if you want to manually confirm each removal
foreach ($device in $staleDevices) {Remove-ActiveSyncDevice -Identity $device -confirm:$false}
Categories
Tech

Modifying All Request Headers in Fiddler

This quick guide will show you how you can add and modify headers in Fiddler and them to all requests.

There will be times where you will need to test performance or functionality of web apps which may require the modification of request headers – for example, if you were to move to a shared hosting environment and want to test the functionality and performance of the new host without changing DNS records, you will need to modify the HOST header otherwise the host will not know which site you want to visit.

Continue reading “Modifying All Request Headers in Fiddler”