Archive for March, 2016

Withdrawing Roth IRA contributions without tax or penalty – How to file it?

Yes, this is a networking blog, primarily. I do sometimes post about personal finance, mostly related to YNAB, so this post isn’t entirely without precedence. Plus there is a tiny networking tie-in later.

I’ve read in multiple places that AT ANY TIME you can withdraw your Roth IRA contributions without tax or penalty… In at least one place, they suggested instead of funding an emergency fund that goes to a bank account, instead you fund a Roth IRA (up to the max each year), because you can take out what you put in whenever you want without penalty.

Here’s the problem: Last January I opened a Roth IRA (with a different company.  I already had a Roth opened years earlier with E*Trade). Within about 8 months, I decided that I didn’t want to continue contributing to that Roth, but would put the money that had been going into the Roth into my 401K instead, lowering my taxable income.  Instead of keeping this small Roth IRA, I decided to withdraw virtually all of my contributions and invest it in a non-retirement account.

Today, I downloaded my 1099-R form associated with this Roth IRA distribution. It had a distribution code of J in box 7, which didn’t mean much to me. I was not prepared for what happened next.

When entering that 1099-R into Turbo Tax, my tax liability jumped by over $575!

I called the company I got the Roth through, but they were not much help, not being tax professionals.  Searching around google, I found this article by one of my favorite writers about money, Jonathan Ping. (Yes, his last name is Ping. There’s that tiny networking tie-in I mentioned.)

From reading Jonathan’s article, I gathered that Form 8606 was the key to declaring the contribution amount.

After filling out the 1099-R, Turbo Tax asked me a bunch of questions, but didn’t ask for the total amount of my contributions. Searching around a bit lead me to an answer, though.

In the upper part of the screen, go to the My Account menu, then select Tools. In the pop-up window that appears next, select Topic Search, then type in 8606. With that form selected, hit the Go button.

Now it will lead you through the right line of questions so you can declare how much you contributed to your Roth IRA. Once you’ve filled that out and gone through the rest of the questions, you should find that your tax burden is much lighter… In my case, all $575+ of taxes melted right away.

Anyhow, this caused me a significant amount of stress for about 3 hours, so I thought I’d post it here and hopefully save someone else some frustration.

March 2, 2016 at 10:35 pm Leave a comment

Meraki AP Syslog to Palo Alto firewall for User ID

I recently got a Meraki AP as a demo unit. Using Palo Alto’s Syslog listener, you can get user-id info from these units, if you are doing 802.1X authentication.

Just follow the instructions here, with some adjustments…

Navigate to the Device tab, User Identification menu item, then the User Mapping tab. There, select the gear icon, and on the following pop-up screen, select Syslog Filters.
Add a new filter, with these properties:
Profile Name: Meraki AP v1.0.0
Type: Regex Identifier
Event Regex: 8021x_eap_success
Username Regex: identity='([a-zA-Z0-9\\\._]+)
Address Regex: client_ip='([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})

Then, use your newly created filter for your Syslog Listener.

In my experience, it looks like the Meraki only logs authentication events every so often. Perhaps it is caching them? At any rate, set the Cache timeout value to something greater than the default 45 minutes. I set mine to 480, though this may need tuning, depending on the environment.

Also, be aware that the first time you authenticate after setting this up, you’ll probably show up in the ip-user-mapping with no IP address. That’s because when you initially authenticate, the first Syslog message from the Meraki shows an IP of Subsequent authentication attempts have your IP address in them. Not sure how this works out in the long term.

I wouldn’t say this is quite production ready, but it is definitely worth playing with, if you happen to have both a PA firewall and a Meraki AP.

March 2, 2016 at 7:04 pm Leave a comment


March 2016

Posts by Month

Posts by Category