List all sessionsFind interesting sessionsExampleConvert HEX to IPExample Convert HEX to INTLinks List all sessions fw tab -t connections -u The output will look something like (The values are in hex) # fw tab -t connections -u localhost: -------- connections -------- dynamic, id 8158, num ents 1, load factor 0.0, attributes: keep, sync, aggressive aging, …
Check Point CCSA Course with Experteach
Attended the CCSA Course as a preparation for the Certification. My employee selected me to be under the chosen to have contribute to maintain our Partner Status. So we attended the Course in Person at the Experteach Facility in Duesseldorf, Germany and had a lot of fun with Joerg. After some years of Experience with …
LAG Groups
Some collection of LAG configurations and status commands seen over time. LinuxManually ConfigurationStatusFreeBSDConfig ExampleStatusPermanentCheckpoint ConfigStatus - Clish Status - Expert ModeFortigateConfigStatusCisco - CatalystsConfig StatusLinks Linux Manually Configuration modprobe bonding mode=802.3ad ifconfig bond1 192.168.1.1 netmask 255.255.255.0 up ifenslave bond1 eth0 ifenslave bond1 eth1 The Permanent way depends on the distribution. Status cat /proc/net/bonding/bond1 Ethernet Channel Bonding …
Fortigate – USB
List USB DevicesList disk content wrong partioningFormat the diskNo fnsysctl List the primary and secondary firmware List USB Devices FG5H0E (root) # execute usb-device list T: Bus=02 Lev=01 Prnt=01 Port=01 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 D: Ver= 3.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 P: Vendor=0781 ProdID=5581 Rev= 1.00 S: Manufacturer=SanDisk S: …
No more USB Sticks and CD ROMs for Booting
Recently i got a "IODD ST400 USB 3.0" this can present ISO / VHD Images as CD or USB Stick to the Host. Good thing is you can plug in any 2.5 Inch SATA Drive so no space limits. Create the underlying Filesystem on the SSDCreate a FAT32 Partition and FilesystemCreate an exFAT Partition and …
Continue reading "No more USB Sticks and CD ROMs for Booting"
Fortinet L2 VDOM and VLANs
FGT (interface) # edit port37.vlan100new entry 'port37.vlan100' addedFGT (vlan100) # set vdom L2-testFGT (vlan100) # set interface port37FGT (vlan100) # set vlanid 100FGT (vlan100) # set forward-domain 100FGT (vlan100) # nextFGT (interface) # edit aggr1.vlan100new entry 'aggr1.vlan100' addedFGT (vlan200) # set vdom L2-testFGT(vlan200) # set interface aggr1FGT (vlan200) # set vlanid 100FGT (vlan200) # set …
Cisco – QoS
After dealing with CBQoS in the past days, some observations i have made Cisco seams not to fill the SNMP variables on Catalyst 2960C /2960CG / 2960CX platforms. snmp genarator is picky about ordering. You may find this line "- source_indexes: [cbQosObjectsIndex, cbQosPolicyIndex]" in the GitHub Issues but this "- source_indexes: [cbQosPolicyIndex, cbQosObjectsIndex]" seams to …
CheckPoint SMS – Upgrade to 81.20
cpmg> installer upgrade** ************************************************************************* **** Checking for new available packages is in progress **** ************************************************************************* **** ************************************************************************* **** Blink Images **** ************************************************************************* **Num Display name Type1 R81.20 Security Management + JHF T41 for Appliances and Open Servers Blink Versioncpmg> installer upgrade 1Existing OS settings and Check Point database are preserved.The machine will automatically reboot after …
FreeBSD bhyve – CheckPoint SMS
So letz move the CheckPoint SMS over to Bhyve. Basicly the same as for the FortiManager. guest=linuxloader="grub"uefi_vars="yes"grub_run_partition="1"grub_run_dir="/grub"grub_run0="root (hd0,0)"grub_run0="linux /vmlinuz-3.10.0-957.21.3cpx86_64 ro root=/dev/mapper/vg_splat-lv_current grub_mode=64bit-normal vmalloc=256M panic=15 console=SERIAL crashkernel=0M-35G:280M,35G-250G:768M,250G-:1G intel_idle.max_cstate=0 eagerfpu=on spectre_v2=off nopti 3 quiet"grub_run1="initrd /initrd-3.10.0-957.21.3cpx86_64.img"memory="8192"disk0_type="ahci-hd"disk0_name="disk0.img"network0_switch="VM"network0_type="e1000"network1_switch="VM"network2_switch="VM"network3_switch="VM"network1_type="e1000"network2_type="e1000"network3_type="e1000"cpu="2" One thing we still need to figure out how to boot this with generic entries. Based on https://github.com/churchers/vm-bhyve/blob/master/sample-templates/gentoo.conf this should load the …
FreeBSD bhyve – FortiManager
Create the Switch Add an uplink port Create the VMVM Configuration Booting the KernelCPU / RAMHarddisksNetworkThe HarddisksConvert the Harddisks from vmdk to rawDisk0Disk 1 Migrating the FortiManager from VMWare ESXi to FreeBSD bhyve. Be aware you doing this on your own without any support from Fortinet. bhyve is not a supported platform. Create the Switch …
stop fortinet cluster config sync
Sometimes you may need to stop configuration Sync in an Fortinet Cluster config system ha set sync-config disableend If we are just dealing with Interfaces in a cluster we can also use fnsysctl ifconfig Links https://community.fortinet.com/t5/FortiGate/Technical-Tip-Types-of-HA-Sync/ta-p/197135
Patrick Marc's Networks 