May
28
Filed Under (Geekspeak, Work) by Justin on 2008-05-28

As previously mentioned, we’re switching away from a one-year old Watchguard Core x750e to SonicWALL NSA 3500 at my place of employment in order to deploy a nice, widespread (geographically speaking), and expensive VPN.

I received the first half of my gear from Mark Moreno two weeks ago and immediately unboxed the NSA. It’s quite a purdy device! It’s sleek, silver, and has a very bright blue LED on the front. I powered it up and upon logging in to the web management interface, I was equally impressed by how shiny and web 2.0 the web UI was. Sadly, that’s where my enthusiasm ends for SonicWALL right now. I started digging around and was just overwhelmed at the options and difference in terminology between the NSA and the Watchguard. After talking it up in the CITRT IRC channel, I was informed that the “public server wizard” was the way to go with configuring NAT policies since SonicWALL  actually needs THREE rules to create one NAT rule. Not only the the NAT policies have to be defined, but then there is the firewall policy. Best I can tell, to NAT one port to one service would require the following steps without the wizard:

  1. Create “Address Objects”
  2. Create “Service” or “Service Group” if not predefined
  3. Create Firewall rule
  4. Create the three NAT policies

While four steps seems simple, it’s a lot of clicking and a lot of digging around, and so far, I’m not a fan. The wizard did a good enough job for some of my rules, but others don’t work right (will work for a few hours and then stop) and others don’t even work at all. At this point, the firewall is doing WAY too good of a job at blocking services from the outside world!

I’m sure it’s a PEBKAC or maybe even an ID ten T error, because so many people just love their SonicWALL stuff. A few minutes ago, I said this in the IRC channel, and I think it’s fairly accurate at a certain level:

<wantmoore> i’d almost go out on a limb and say “windows is to linux as watchguard is to sonicwall”
<DavidSzp>    wantmoore: That’s an interesting analogy
<wantmoore>    watchguard: much easier to do stuff and make it work. sonicwall: a lot more flexibility, but not nearly as straightforward
<stephensflc>    I would totally agree with that statement at this point
<wantmoore>    the analogy doesnt stick where cost is concerned though 😉
<wantmoore>    in that regard, watchguard is a WHOLE lot cheaper. sonicwall will nickel and dime you to death

And I’ll stand by those statements for now. I’m sure that Moreno will help me get my issues resolved and I’ll join the Happy SonicWALL Club soon enough. Until then, I really miss my Watchguard and I’ll be hanging out in the corner with my friend Ed talking about our plans to startup and anti-SonicWALL user group.

(6) Comments    Read More   
May
07

A few months ago, we migrated to Kerio MailServer at work and I’ve been absolutely in love with the fact that it natively supports Microsoft’s ActiveSync. This means I can sync my mail, contacts, calendar, and to-do lists directly to my WinMo5 based Palm Treo 700w over-the-air. The only complaint I’ve had, was that I’ve been doing it all via HTTP – yes, sans-SSL.

So, a few weeks ago, I set out to remedy the problem. I hopped around a few sites and did a little research and eventually decided to buy a two-year certificate from Go Daddy for $53 (I think). Getting it installed in Kerio was easy so then I tried changing ActiveSync on my Treo to use SSL. It failed. Miserably. Turns out, some of the reviews weren’t as accurate as I’d hoped and the new Go Daddy root certificate is not installed in Windows Mobile 5 by default as a trusted authority.

I searched and read and read some more to figure out how to do it. I found this slightly outdated knowledgebase article and started following the instructions. It didn’t work. In the process, I discovered that you can just copy the .cer file to the mobile device (I used an SD card) and open the .cer file from Explorer and you’re prompted to import it. Armed with this knowledge, I tried both the old “Valicert Root – DER Format” and the new “Go Daddy Class 2 Certification Authority Root Certificate – DER Format” with mixed results. One loaded and the other did not. However, I still couldn’t sync via SSL. A little bit more of my Google-fu and I found Go Daddy certs on certain phones by The SBS Diva. At the very bottom of her post is a jewel valicert_class2_root.zip.  It’s the binary versions of the Go Daddy root certificates. You can export these yourself from IE by following the instructions there if you don’t trust them. Otherwise, just download the zip file, extract the two files from the archive and get them copied over to your WinMo5 device somehow and execute them.

I can sleep a little easier tonight knowing my data is fully encrypted from my device back to the Kerio virtual machine.

(2) Comments    Read More   
May
06
Filed Under (Geekspeak, Linux, Work) by Justin on 2008-05-06

It appears the kind folks at Canonical have hit a home run, maybe even a grand-slam with Ubuntu 8.04 LTS. I took some time today to build a new template for VMWare Server with the 8.04 LTS Server ISO and then started playing. The first thing I wanted to test was the new app in the universe repository called Likewise Open.

It couldn’t be any easier to install. The universe repository was enabled by default, so here’s all I had to do:

  1. sudo apt-get install likewise-open
  2. sudo domainjoin-cli join yourdomain.com yourADusername
  3. sudo update-rc.d likewise-open defaults
  4. sudo /etc/init.d/likewise-open start

Step one will prompt your for some info about your AD environment. After executing number two above, you’ll be prompted for your AD password for the user provided. Once this is done, you login by entering YOURDOMAIN\youruser at the login prompt.

The first thing on my agenda for tomorrow is to try and create some fileshares on this demo VM and see how well they work and how fine-grained I can be with AD security on those shares. If it goes well, there will be another Windows server saying goodbye.

(7) Comments    Read More   
May
06
Filed Under (church, Life) by Justin on 2008-05-06

A couple of months ago, I was contacted by a reporter, Liz Wolgemuth, from US News and World Report and asked about doing an interview for a story she was working on. Turns out, she was researching for a piece on personal finance and debt elimination and ran across my blog and a post or two talking about Dave Ramsey and our involvement at church. I was happy to oblige. We talked on several different occassions and they even sent a photographer out to church for one of our FPU meetings.

At the time, I was under the impression the story was going to be published in a special issue of the print version of the magazine targeted at 20-somethings concerning their finances. I hadn’t heard from Liz in several weeks, so I decided to hop over to the US News and World Report website last night and much to my surprise, I found the article Churches Tackle Worshipers’ Money Management. I’m pleased enough with how it turned out. I’ve not always had positive experiences when dealing with reporters (the local newspaper here loves to take quotes out of context), but Liz was top-notch and the article conveyed exactly what I wanted it to from me. It’s also quite staggering to see our church and effort with Financial Peace University mentioned in the same article as Willow Creek and their Good Sense program.

On a more personal note, Bonnie and I will have some more news to share soon regarding our trip towards financial peace. Stay tuned!

(1) Comment    Read More   
May
01
Filed Under (News, Politics) by Justin on 2008-05-01

If you’ve had your TV or radio on anytime in the last year or so or even if you just get your daily dose of news from the tubes of the internet, you’ve probably heard the word “recession” mentioned a few times, right? Well, bad news for the liberal media and left-wing nut job politicians, but we are not in a recession according the the numbers released yesterday. Check out the story on Breitbart if you don’t believe me:

The country’s economic growth during January through March was the same as in the final three months of last year, the Commerce Department reported Wednesday. The statistic did not meet what economists consider the classic definition of a recession, which is a retraction of the economy. This means that although the economy is stuck in a rut, it is still managing to grow, even if modestly.

I’ve had this argument with more than one person in the last month or two, the most fun of which was with my employer’s VP of Sales who didn’t seem to believe me at all. You can bet I’ll email him this article later today.

(6) Comments    Read More