Some times you need to know which firewall policy will allow traffic and does it have be used. I had allready posted Fortigate – Policy lookup a while ago. diagnose firewall iprope lookup <src ip> <src port> <dst ip> <dst port> <protocol> <device> <src_ip> Source IP address. <src_port> Source port. <dst_ip> Destination IP address. <dst_port> Destination …
Cisco Nexus Port-channel Issue
Some strange thing we came across the other day. After the Power outage one of the Port-channels did not came up. VPC consistency showed that the Port-channel has ports assigned on both Nexus Switches there should only be local ports connected. Even the remote port was configured for a different port channel. We ended up …
Fortinet – Fragmentation – DF – IPSec
System SettingsFragmentation Check Interface MTULinks System Settings config global config system global set honor-df enable end end Fragmentation The default ip-fragmentation setting is post-encapsulation as that is RFC compliant. config vpn ipsec phase1-interface edit <name> set ip-fragmentation post-encapsulation next end Check Interface MTU To check the MTU size of an interface, use 'diag netlink interface …
Checkpoint clear sessions
List all sessionsFind interesting sessionsExampleConvert HEX to IPExample Convert HEX to INTLinks List all sessions fw tab -t connections -u The output will look something like (The values are in hex) # fw tab -t connections -u localhost: -------- connections -------- dynamic, id 8158, num ents 1, load factor 0.0, attributes: keep, sync, aggressive aging, …
Check Point CCSA Course with Experteach
Attended the CCSA Course as a preparation for the Certification. My employee selected me to be under the chosen to have contribute to maintain our Partner Status. So we attended the Course in Person at the Experteach Facility in Duesseldorf, Germany and had a lot of fun with Joerg. After some years of Experience with …
LAG Groups
Some collection of LAG configurations and status commands seen over time. LinuxManually ConfigurationStatusFreeBSDConfig ExampleStatusPermanentCheckpoint ConfigStatus - Clish Status - Expert ModeFortigateConfigStatusCisco - CatalystsConfig StatusLinks Linux Manually Configuration modprobe bonding mode=802.3ad ifconfig bond1 192.168.1.1 netmask 255.255.255.0 up ifenslave bond1 eth0 ifenslave bond1 eth1 The Permanent way depends on the distribution. Status cat /proc/net/bonding/bond1 Ethernet Channel Bonding …
Patrick Marc's Networks 