Continuous Blogging Pipeline

Continuous Blogging Pipeline

In a fit of spring cleaning I decided to overhaul this blog after nearly a decade, streamlining creation and publishing in a modern, programmatic, way.

What started as a new way to take notes for my home lab and career studies quickly escalated into yet another personal tinker project that, if you’re currently reading this, has actually progressed into production.

Obsidian for notes! Obsidian for blogs?

I recently started studying for the CCIE Security, and wanted a way to centrally store and share my notes. This led me down the obsidian path, a wonderful productivity tool that stores notes in markdown. As these notes are in plain old markdown it’s also very easy to sync your vault via git (expect a future post that goes through that whole process). This sparked a follow on idea, what if I could also use obsidian to draft and publish posts to my blog? As I only publish once in a blue moon and my content consists primarily of notes and how-to’s, even word press was overkill as a platform. Why not simply type my notes in obsidian, pretty them up with a nice Hugo theme (Terminal), and push them to GitHub Pages? This would simplify publishing, cut down on my cloud resource consumption, and keep my posts backed up in a repository.

[Read more]

Hello World, Again

Hello World!

Testing a new way to publish my blog through obsidian, hugo, and github.

More good things to come, sooner or later.

[Read more]

Monitoring a Firepower Upgrade with Tail

While Cisco’s Secure Firewall Management Center is a great tool there’s still some missing functionality here and there. Upgrades, for one, is a great example. How do you know when an upgrade has failed? Why did it fail? Where did it fail?

Sure the Task pane shows us the progress but truthfully that’s about it.

So for today, a quick update on how I monitor the progress of a Firepower Threat Defense upgrade through the command line.

[Read more]

Disable SIP Inspection on Firepower through FlexConfig

Occasionally you may come across issues with SIP inspection on an ASA or Firepower, leading to problems with SIP/RTP voip audio. As a troubleshooting step, it’s often helpful to disable SIP inspection for testing.

Please read this note from Cisco on disabling SIP inspection to verify you everything in order before doing so:

You would typically disable SIP only if the inspection is causing problems in the network. However, if you disable SIP, you must ensure that your access control policies allow the SIP traffic (UDP/TCP 5060) and any dynamically allocated ports, and that you do not need NAT support for SIP connections. Adjust the access control and NAT policies accordingly through the standard pages, not through FlexConfig.

[Read more]

Cisco ISE Synchronization Failed when adding a Secondary Node

Ran into an interesting issue the other day setting up a two node ISE deployment. I figured I’d put it up on the blog in case anyone else is pulling out their hair.

After adding a secondary node, the deployment nodes status page lists an error saying “synchronization failed.”

When I consoled into the ISE node I saw multiple failed logins:

Failed to log in 51 time(s)
Last failed login on Tue Oct 15 11:38:37 2019 from 10.102.10.168
ISE3615-1/admin#

[Read more]