Work | Mimecast and Unifi Deployment

I’ve been super busy at work recently, I just finished up two big projects. We switched over to Mimecast’s email security suite. The whole deployment took a bit of planning and some of fixing of DNS/MX records but I am proud to say that the project is finished. So far, Mimecast has been working great and has been catching a lot more spam/phishing emails than the previous solution that was in place.

The other project I have been working on was switching over to unifi wifi setup with a Ubuntu VM as the Unifi Controller. Man, this project has been a headache and we ran into multiple roadblocks. The network diagram is configured as below. I had to trunk the port from out Cisco Firepower 2110 to all of the switches so we could put APs on any of the IDF switches.

At first, everything seemed fine… Then came the complains about not being able to connect. This seemed to be a DHCP issue with Windows Computers. All Android or iPhones were able to get a DHCP address but computers were not able to obtain an IP. Our Cisco Firepower was the acting DHCP server. I don’t know why but the Firepower was having some issues so I made the Firepower a DHCP relay to have our DC hand out DHCP. This seemed to fix the issue with people not being able to connect but then a new issue arose.

The APs would be working fine for hours and then they would all go to “Missing Heartbeat” status. After hours of troubleshooting, giving the APs static IPs, and hair pulling, I ended up putting the APs onto the same VLAN as the controller and allowed the wireless SSIDs to place people onto the correct VLAN.

Since then, the APs seem to be very stable and I have not seen any issues with the wireless. This was my first roll out of the Unifi APs and even though I pulled my hair out for days trying to see what I was missing, I would still recommend them to anyone needing an enterprise solution because of the controllers ease of use.

Domain Password Spray by Dafthack

At the time of writing this, we do not have very much in place to enforce what passwords can and can’t be used on the network aside of the standard group policy controls. In the past, I used to gather AD Password hashes from the domain controller and then run the password through hashcat in order to give me a list of user passwords; The Domain Password Spray Powershell script from Dafthack changes everything.

Read more Domain Password Spray by Dafthack

Network Overview

This is my network overview of the “Milkyway.Galaxy” domain. My entire network is named after planets and the solar system. Every week I decide to change/add/remove something so it’s constantly evolving. My network is broken into multiple VLANs to allow segmentation of the network. I use a custom built PfSense router running version 2.4.x as of the time of writing this. From my router, it feeds into my 2960x stack which is setup as router on a stick VLAN configuration.

Read more Network Overview

Grafana on Ubuntu Server 18.04 | InfluxDB / Telegraf

Recently, I setup Grafana at my workplace to allow more visibility on our network. In the past I have played with Grafana in my homelab but I didn’t understand how It could be useful for me at the time when I only had one server. Now that I have a handful of servers that can be a pain sometimes to monitor, I’ve decided to give Grafana another go.

Read more Grafana on Ubuntu Server 18.04 | InfluxDB / Telegraf

Welcome!

You’ve found my corner of the internet; My one external IP address out of 4.2 Million IPv4 addresses / 333.8 Million and growing domains.

This blog is where I will be posting about my homelab projects that I often undergo. I will also be posting notes and informational posts about tutorials that I find online, and anything else I learn as I go along.

I am not the worlds best blogger but hopefully as I do this more, it will get easier with time.

Anyways…. Hope you enjoy the blog!