StoneBlog.stonesoft.com

Those of you who follow Ascensio guys on their blog are of course well updated, but from time to time I committed to keep track of the expedition on our StoneBlog as well, so that you aficionados don’t miss a beat of this important event.

As you may imagine, climbing to top of the world’s highest mountain might very well be the experience of a lifetime… sure it is not a bed of roses in a classic limousine

And this is perceived very well reading the blogs articles, made of incredible moments, breathtaking views, feeling of comradeship but also homesickness, difficulties, fear and physical issues due to high altitude.

As I told few posts ago, reading Ascensio blog in the morning before starting to work makes my day, it gives me the right mix of feelings from that group of people to find the energy through the working day and more.

They have climbed to over 7000 mt (and our mighty flag with them), then found a weather twist which forced them to go down a bit in Periche to rest a bit, refill the energy tank to prepare for the right moment when they’ll… carpe diem. And while resting, they are telling about how life flows there, while eating fried yak meat with onions and singing Finlandia altogether at supper and even remembering Mom’s day… several thousands meters above their Mom’s head

It’s funny to meet quite unusual type of visitors during an expedition like this, such as  people from Brunei intended to break a record of playing a chess game at the highest altitude ever

So, here’s the small update… go Ascensio, go!

written by RoarinPenguin - 747 views \\ tags: ascensio, everest

…and for real! Look at this picture:

Taken at 6150 meters on the way to top of Mount Everest, this picture shows we do secure they clouds wherever they are (well, actually the sky is crystal clear in the background… but still!)

The team (Ascensio, our logo, our mighty Flag) reached Camp 1 and went up to 6352 mt before returning bit down to continue acclimatization.

And wind at 30 knots/s and ice like popcorn and sound of collapsing avalanches contributes greatly to focus on one sole goal: go on to the Top!

Wanna know more? Read the post on Ascensio website… it really transmits lots of different sensations that those valued heroes are living and so beautifully sharing with us.

They are Stonians in the kernel, no doubts about!

written by RoarinPenguin - 1,002 views \\ tags: climb, everest, mount, stonesoft

The climb goes on… and our flag follows!

The picture shows the last blessing (Puja) that Ascensio received and “The Flag” was blessed as well (look on the stone wall, see a “Stonesoft” ).

Reading the posts on Ascensio blog about the climb to Mount Everest is one of the best way to start the day… they are… inspiring, they share info about other parts of the world, they tell a story made of strength, persistence, Sisu, breathtaking places, challenges, small achievements along a path to a great final goal.

Everyone’s daily life should be made of this (isn’t this the best way to enjoy life while living?), but certainly the situation that Ascensio guys are living gives a twist of… special to all these sensations.

Last news we receive from “The Mount” is that they arrived at the Base Camp as expected on 15th April evening, totalling 11 Finns at the camp. They are telling that it’s not always bottle of Champagne for the winners and bed of roses… this post tell also about a give-up that created bit of meditation, since it’s difficult to say who is the wiser: who strive to the top at all costs or who says “it’s enough”? Maybe this is one of the hardest answers ever…

But wow, read this excerpt from yesterday post:

At 5 am we were on our way along the Kumbu icefall. The morning was magical; the sun rose at 5 am and it highlighted glacier’s deep blue colors.

Isn’t this splendid? I think it is indeed!

Today they should break the 6000 mt barrier and… we’ll be virtually all with them!

written by RoarinPenguin - 714 views \\ tags: ascensio, everest, Stonesoft flag

The group is travelling to the base camp, at 5530 mt.

They expect to arrive there next 15th april after some intermediate steps for acclimatisation.

It’s interesting to follow this on their blog (instead of republishing plainly the posts they make) because there you can discover some curiosities I’d personally never heard about.

For instance, did you know where the name Sherpa (the local people/guides) came from? Literally translated it is composed of two words: Sher (East) and Pa (Human), to mean people from the east (Tibetan highlands).

These are probably information one could get on Wikipedia as well, but reading it from the passioned fingers of Mika Pitkämäki, who is living this information there is a nice sensation.

As it is to read about humans meeting goats (and finding out who is the startled one), lifestyle made of blessing from monks living at 4000mt, say a prayer and watch the summit of Mt Everest 5 km above (while you are already over 3000mt), wondering why there is a pile of 7 tons of garbage behind a guest house… and knowing that a little bit of Stonesoft is travelling with them all.

Go on Ascensio… Stonians are virtually there with you, to see you succeed!

written by RoarinPenguin - 922 views \\ tags: ascensio, blog, everest

I’m proud to announce that Stonesoft is ready to bring security to highest place in the world, by sponsoring an expedition to Mount Everest.

In next weeks, Ascensio group will try to make it to the top of Mount Everest bringing a bit of Stonesoft with them.

We’ll actively follow the expedition on this blog, providing report, news and maybe even pictures as the trip goes by.

Stay tuned, to reach with us all the top of the world!

written by RoarinPenguin - 988 views \\ tags: ascensio, everest, stonesoft, top of the world

One of the features I use often, and especially in cases when there is some sort of trouble, is the ability to actually see what traffic passes the firewall.

Most admins don’t feel comfortable using the console (over ssh), and ofcourse it is not as trivial as it seems – especially remembering the exact commands. So, for the community, and for my own personal use, I’ll document a small issue I just had, and how I “solved” it.

A customer called, saying: “I use the StoneGate VPN to connect to my server with RDP, and all I get is a black screen”.  Now, that’s something that’s (unfortunately) not too uncommon. Google for “MTU”, “Path MTU Discovery” and “Black Hole Detection”, and you’ll get tons of info, which all come down to:

Single packets in ethernet networks have a maximum size of 1500 bytes (RFC 879). 1460 bytes of data + 40 bytes header (ip-addresses, ports, settings etc.). All tunneling protocols (VPN, PPTP,PPPoE, etc.) add some bytes to the header part. This means less room for the data part.

Both “client” and “server”  agree to send packets with max. 1460 bytes of data. The first few packets of the connection aren’t large, perhaps 1000 bytes max, and fit through perfectly. Client and server agree to communicate, draw a frame of the correct size, etc. Then however, comes the Windows Logo, a picture that is over 3000 bytes of size.  That means,  2  large packets are sent.  Somewhere on the connection from server to client, these packets do not fit. So, the picture the server sent, does not reach the client. A black screen of the wanted size just sits there, and waits… and waits…. and waits…..

Since I do not want to discuss what causes this,  but just want to know if it IS an MTU issue, I do following:

• check if both sides agree to use 1460 bytes of data
• reduce the packet size on either client or server side to 1310 bytes of data
• test whether RDP works again

Continue reading »

written by jebATpop-i - 3,845 views \\ tags: CLI, Examples, stonegate firewall, Tips & Tricks

Of course it’s important to follow up-and-coming transformative technologies. If the numbers on the first weekend of Apple iPad pre-orders are remotely close to being correct (~20,000 per hour), it classifies as a transformative device. With WiFi and optional 3G connectivity, it also makes a great platform for both organizational access and administration. Of course, those of us who are Apple fans would be remiss without placing our own order for testing all things StoneGate on this device. After all, StoneGate and Apple are both technologies people love.

We know from the iPhone that the StoneGate WebPortal interface works like a champ already, allowing administrators to view logs and reports, check security policies and more. Since the iPad reportedly uses iPhone OS 3.2, we don’t expect that to be any different. We also don’t expect that the StoneGate SSL VPN will be any different, easily allowing access to Web-based resources through a multitude of authentication technologies via 3G and WiFi networks. Of course, the remaining question is then whether the full StoneGate Management Client will work. At this time it’s speculation, but the answer initially is likely, “No” since – like the iPhone before it – the iPad will likely not support Java.

That said, stay tuned to StoneBlog to find out our first experiences as soon as the post delivers our new test subject; we’ll let you know at least the “unofficial” support of StoneGate on this tool. After all, what better way to achieve…

Network security. Simplified.

written by markb - 2,476 views \\ tags: administration, iPad, SSL VPN, stonegate, WebPortal

Most posts here are about new software-features or products, and the use of those. Today I want to give you a small insight of a real world setup, and a quite unusual one as well.

Starting 2005, calls for a company wide security policy came up, together with the wish to connect all relevant outposts of the company to the headquarters and their regional offices. We’re talking about 75 offices for phase 1, and 120 for phase 2.

Both classic vpn as well as mpls were concidered, but none combined high availability and scalability, together with provider independency and manageable costs. First tests with StoneGate soon revealed the power of MultiLink VPN and Firewall Policy Templates. After a 2-month test-phase, and a complete rebuild of the Headquarter Network, we rolled out 75 offices in 4 months, including several production plants. Last year, phase 2 was due, and another 50 offices were added. Now the picture in SMC5.1.1 looks like this:

Continue reading »

written by jebATpop-i - 3,460 views \\ tags: clustering, MultiLink VPN

Finnish CERT (CERT-FI) recommends to pay special attention to certain address blocks.  They mention the DROP-list by the Spamhaus project as the most up-to-date list of malicious addresses.

It is always boring and time consuming to type long lists of addresses, so I made a quick-and-dirty script, which converts the DROP-list into StoneGate elements, and creates a group of them.  You can feed the DROP-list to this script, zip the result and import it into SMC.

Being an oldtimer, I wrote this with an ancient tool called awk, which you can find in most unix-based systems, including linux.  The most common variant is the GNU awk, gawk.  Someone would probably write this in 2 lines of Perl…

I provide this script as is, with no expressed or implied guarantees of any kind.  Use this at your own risk.  If you manage to break something with this, you have been warned and you assume full responsibility.  I have tested this on one system (Fedora Core 9) with one input, today’s DROP list from Spamhaus.org.

So, take a look at the code and decide yourself if you trust this.  Especially see the comment in the beginning.  Change the element naming convention to suit your needs and enjoy.

written by olli - 1,151 views \\ tags: DROP-list, script, Spamhaus

Léonard Dahan, our beloved country manager for France and Benelux, shares here his views about Stonesoft´s products and strategy, key differentiators and partnership offer, market´s evolution and customers´ expectations.
The video is about 15 minutes long and sorry, it is french only.

written by Alexandre Dumur - 1,412 views