March 2024 – Patrick Marc's Networks

2024-03-292024-03-29

Cisco Catalyst 9200 – Software Update

Looks that software maintainance on newer Cisco Catalysts running IOSXE is a bit diffrence. -- TLDR -- copy http://tftpboot.example.pp52.de/cat9k_lite_iosxe.17.09.05.SPA.bin flash: install add file flash:cat9k_lite_iosxe.17.09.05.SPA.bin install activate Copy the Image to the Switch copy http://tftpboot.rd.pp52.de/cat9k_lite_iosxe.17.09.05.SPA.bin flash: Setup the Boot enviroment c9200#conf t Enter configuration commands, one per line. End with CNTL/Z. de052-ne1-rt-cisco01(config)#boot system flash:packages.conf de052-ne1-rt-cisco01(config)#no boot …

Continue reading "Cisco Catalyst 9200 – Software Update"

2024-03-23

Cisco IPv6 Unicast Routing

! ipv6 unicast-routing !

2024-03-172024-03-29

Fortinet L2 VDOM and VLANs

FGT (interface) # edit port37.vlan100new entry 'port37.vlan100' addedFGT (vlan100) # set vdom L2-testFGT (vlan100) # set interface port37FGT (vlan100) # set vlanid 100FGT (vlan100) # set forward-domain 100FGT (vlan100) # nextFGT (interface) # edit aggr1.vlan100new entry 'aggr1.vlan100' addedFGT (vlan200) # set vdom L2-testFGT(vlan200) # set interface aggr1FGT (vlan200) # set vlanid 100FGT (vlan200) # set …

Continue reading "Fortinet L2 VDOM and VLANs"

2024-03-162024-03-20

Cisco – QoS

After dealing with CBQoS in the past days, some observations i have made Cisco seams not to fill the SNMP variables on Catalyst 2960C /2960CG / 2960CX platforms. snmp genarator is picky about ordering. You may find this line "- source_indexes: [cbQosObjectsIndex, cbQosPolicyIndex]" in the GitHub Issues but this "- source_indexes: [cbQosPolicyIndex, cbQosObjectsIndex]" seams to …

Continue reading "Cisco – QoS"

2024-03-132024-06-10

gdnsd – DNS Based Load Balancing

Creating some cool DNS based load balancing and geo aware server selection. gdnsd is an opensource alternative to commercial products. Setup will monitor the Service (SQUID) and remove non responsive services. Install on FreeBSDConfig for gdnsdZone configurationTests Install on FreeBSD pkg install gdnsd3 Config for gdnsd /usr/local/etc/gdnsd/config options => { tcp_timeout => 15 ; zonefile-style …

Continue reading "gdnsd – DNS Based Load Balancing"

2024-03-092024-03-10

CheckPoint SMS – Upgrade to 81.20

cpmg> installer upgrade** ************************************************************************* **** Checking for new available packages is in progress **** ************************************************************************* **** ************************************************************************* **** Blink Images **** ************************************************************************* **Num Display name Type1 R81.20 Security Management + JHF T41 for Appliances and Open Servers Blink Versioncpmg> installer upgrade 1Existing OS settings and Check Point database are preserved.The machine will automatically reboot after …

Continue reading "CheckPoint SMS – Upgrade to 81.20"

2024-03-09

resize raw image

freebsd# truncate -s +500G disk0.img https://man.freebsd.org/cgi/man.cgi?query=truncate&sektion=1&manpath=freebsd-release-ports [Expert@cpmg:0]# partedGNU Parted 3.1Using /dev/sdaWelcome to GNU Parted! Type 'help' to view a list of commands.(parted) printError: The backup GPT table is not at the end of the disk, as it should be.This might mean that another operating system believes the disk is smaller.Fix, by moving the backup to …

Continue reading "resize raw image"

2024-03-092024-03-10

FreeBSD bhyve – CheckPoint SMS

So letz move the CheckPoint SMS over to Bhyve. Basicly the same as for the FortiManager. guest=linuxloader="grub"uefi_vars="yes"grub_run_partition="1"grub_run_dir="/grub"grub_run0="root (hd0,0)"grub_run0="linux /vmlinuz-3.10.0-957.21.3cpx86_64 ro root=/dev/mapper/vg_splat-lv_current grub_mode=64bit-normal vmalloc=256M panic=15 console=SERIAL crashkernel=0M-35G:280M,35G-250G:768M,250G-:1G intel_idle.max_cstate=0 eagerfpu=on spectre_v2=off nopti 3 quiet"grub_run1="initrd /initrd-3.10.0-957.21.3cpx86_64.img"memory="8192"disk0_type="ahci-hd"disk0_name="disk0.img"network0_switch="VM"network0_type="e1000"network1_switch="VM"network2_switch="VM"network3_switch="VM"network1_type="e1000"network2_type="e1000"network3_type="e1000"cpu="2" One thing we still need to figure out how to boot this with generic entries. Based on https://github.com/churchers/vm-bhyve/blob/master/sample-templates/gentoo.conf this should load the …

Continue reading "FreeBSD bhyve – CheckPoint SMS"

2024-03-082024-03-08

FreeBSD bhyve – FortiManager

Photo by Kvistholt Photography on Unsplash

Create the Switch Add an uplink port Create the VMVM Configuration Booting the KernelCPU / RAMHarddisksNetworkThe HarddisksConvert the Harddisks from vmdk to rawDisk0Disk 1 Migrating the FortiManager from VMWare ESXi to FreeBSD bhyve. Be aware you doing this on your own without any support from Fortinet. bhyve is not a supported platform. Create the Switch …

Continue reading "FreeBSD bhyve – FortiManager"

2024-03-072024-03-07

Routing Tables

FreeBSD freebsd:~ $ netstat -rWRouting tablesInternet:Destination Gateway Flags Nhop# Mtu Netif Expiredefault 11.155.93.1 UGS 6 1500 em011.155.93.0/24 link#1 U 3 1500 em011.155.93.77 link#2 UHS 5 16384 lo0localhost link#2 UH 1 16384 lo0Internet6:Destination Gateway Flags Nhop# Mtu Netif Expire::/96 link#2 URS 6 16384 lo0default fe80::1%em0 UGS 7 1500 em0localhost link#2 UHS 1 16384 lo0::ffff:0.0.0.0/96 link#2 URS …

Continue reading "Routing Tables"

2024-03-062024-03-07

stop fortinet cluster config sync

Sometimes you may need to stop configuration Sync in an Fortinet Cluster config system ha set sync-config disableend If we are just dealing with Interfaces in a cluster we can also use fnsysctl ifconfig Links https://community.fortinet.com/t5/FortiGate/Technical-Tip-Types-of-HA-Sync/ta-p/197135

Month: March 2024