Category: Network

Posted on

FreeBSD – Central Syslog Server

Quick setup a Central Syslog Server https://wiki.freebsd.org/Ports/sysutils/syslog-ng Install Syslog NG pkg install syslog-ng Edit the Configuration /usr/local/etc/syslog-ng.conf @version: 4.4source s_remote { tcp(port(514)); udp(port(514));};destination d_remote { file( "/var/log/remote/${HOST}/${YEAR}_${MONTH}_${DAY}.log" create-dirs(yes) );};log { source(s_remote); destination(d_remote);}; Enables the Service sysrc syslog_ng_enable="YES" Create nessesary directory mkdir /var/log/remotechown root:wheel /var/log/remotechmod g+w /var/log/remote Start the Service service syslog-ng start

Posted on

FreeBSD Wifi

Photo by Carl Solder on Unsplash

FreeBSD Wifi - RTL8821CEEdimax USB WiFi - RTL8188CUSRealtek Edimax AC600 (EW-7811UTC) - RTL8811AU FreeBSD Wifi - RTL8821CE pciconf -l -vrtw880@pci0:5:0:0: class=0x028000 rev=0x00 hdr=0x00 vendor=0x10ec device=0xc821 subvendor=0x10ec subdevice=0xc821 vendor = 'Realtek Semiconductor Co., Ltd.' device = 'RTL8821CE 802.11ac PCIe Wireless Network Adapter' class = network Driver compatiblity vi /boot/loader.confcompat.linuxkpi.skb.mem_limit=1 Enable Setting in rc.conf sysrc wlans_rtw880="wlan0"sysrc create_args_wlan0="country …

Continue reading "FreeBSD Wifi"

Posted on

Checkpoint – Gratious ARP

Get the interface IPsip a | grep inet | awk '{print $2}' | cut -d/ -f1 cphaprob -m tablestat ---- Unique IP's Table ---- Member Interface IP-Address MAC-Address (Local)0 2 13.49.132.78 00:1c:7f:c3:ff:b80 24 192.168.0.2 00:1c:7f:a5:ff:d7 1 2 13.49.132.79 00:1c:7f:c3:ff:cc1 24 192.168.0.3 00:1c:7f:a5:ff:6f https://community.checkpoint.com/t5/Security-Gateways/How-to-send-G-ARP-manually/td-p/69895 echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind ip l | grep UP | grep -v …

Continue reading "Checkpoint – Gratious ARP"

Posted on

Check Point Kernel Settings

Photo by Kvistholt Photography on Unsplash

cat $FWDIR/boot/modules/fwkern.conf fw_allow_simultaneous_ping=1 fwha_monitor_all_vlan=1 vmalloc_softretry_enable=1 initial_hmem_pct=30 initial_hmemmax_pct=50 hmem_avoid_vmalloc=2 fwha_vmac_disable_promisc_on_standby=1

Posted on

Check Point – SNMP – SHA1 Support in R81

Photo by Carl Solder on Unsplash

Check Point has removed SHA1 support from R81. It is possible to get SHA1 back. Applies up to R81.20 clish add snmp usm user myuser security-level authPriv auth-pass-phrase TEMP-AUTH-PHRASE privacy-pass-phrase TEMP-PRIV-PHRASE privacy-protocol AES authentication-protocol SHA512 expert dbset snmp:v3:user:myuser:auth:proto .1.3.6.1.6.3.10.1.1.3 clish set snmp usm user myuser security-level authPriv auth-pass-phrase REAL-AUTH-PHRASE privacy-pass-phrase REAL-PRIV-PHRASE

Posted on

SSH Configuration

Some Notes about OpenSSH configuration that comes in handy for me. This is have settings applied on Host or Domain base, use jump servers where needed, find the console for a device or use deprecated encryption when needed. Basic Options Host Hostname Port User Apply Settings per domain Host *. Protocol 2 TCPKeepAlive yes ServerAliveInterval …

Continue reading "SSH Configuration"

Posted on

Fortigate – Policy lookup

Tests is there someone listening netstat -an | findstr 0.0.0.0:80 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING UDP 0.0.0.0:80 *:* Powershell port test Test-NetConnection -ComputerName "10.55.113.101" -Port 80 -InformationLevel "Detailed" Lookup soure interface get router info routing-table details 10.255.2.250 Lookup the policy diagnose firewall iprope lookup 10.255.2.250 30000 10.137.2.104 80 tcp port1 matches policy id: 1039431 The policy …

Continue reading "Fortigate – Policy lookup"

Posted on

Fortigate – Fortimanager install issues and backward compatiblity

We utilize FortiManager's Provision CLI Templates to establish common configurations on our Firewalls This approach is practical to ensure that these settings are consistently applied during every firewall installation. However, we encounter from time to time the issue with FortiManager, that the CLI Templates lack awareness of the Firewall's specific versions. Unfortunately, the FortiGate CLI …

Continue reading "Fortigate – Fortimanager install issues and backward compatiblity"

Blog at WordPress.com.