The Packets, Life and everything
It is a good idea to do basic DoS Protection, even internaly. Configuring DoS policyVerificationdiagnose ips anomaly listReleasing the blocked sendersdiagnose ips anomaly clearLinks Configuring DoS policy This will configure a basic DoS Policy for Traffic with default values and block violations for 2 Minutes. config firewall DoS-policy edit 1 set name "ALL DoS-Policy" set …
Force VPN Tunnels to the CPUFirst you need to force the Encrypted traffic over the CPU. Take packet captures from the GUI It is somehow counter intuitive but we need to take care that the IPSec session is not offloaded into Hardware. This basically the Opposite as described in Ensuring IPSec traffic is offloaded for …
Continue reading "Fortigate – IPSec Troubleshooting – VPN Analyse"
Sometimes there is the need to have an forwarding only name server. named.conf/etc/resolv.confDocker enviroments named.conf controls { net 127.0.0.1 allow { localhost; } keys { "rndc-key"; }; }; key "rndc-key" { algorithm "hmac-md5"; secret "somesecret-for-rndc"; }; options { directory "/etc/named.d"; listen-on { 127.0.0.1; }; max-cache-ttl 600; max-ncache-ttl 300; forward only; forwarders { <IP of SERVER1>; …
Continue reading "Bind9 – Caching only DNS Server with Logging"
This is my personal catalog of typical troubleshooting commands I employ when dealing with FortiGate Firewalls. In contrast to Cisco, where 'show' is the universal command, Fortinet offers a range of options, including 'show,' 'get,' 'diagnose,' and 'execute,' for retrieving pertinent information. Important to remember It is 'get router info routing-table' to see the routing …
My personal collection of CheckPoint Commands. Most of them work best in expert mode. [Expert@gateway:0]# CommandDescriptioncpconfigchange SIC, licenses and morecpview -tshow top style performance counterscphaprob statlist the state of the high availability cluster members. Should show active and standby devices.cphaprob -a ifdisplay status of monitored interfaces in a clustercphaprob -l listdisplay registered cluster devices and …
ip access-list standard dialer1-acl    permit 10.0.0.0 255.0.0.0   permit 192.168.2.0 255.255.255.0 ip access-list standard vlan4-nat-acl    permit 10.0.0.0 255.255.255.0 route-map dialer1-nat permit 10 match ip address dialer1-acl match interface dialer1  route-map vlan4-nat permit 10   match ip address vlan4-acl    match interface vlan4 ip nat inside source route-map vlan4-nat interface vlan4 route-map vlan4-route permit …
FWCLUSTER:FWNODE(M)-> get arp usage: 42/8192 miss: 0 always-on-dest: disabled ----------------------------------------------------------------------------------------- IP Mac VR/Interface State Age Retry PakQue Sess_cnt ----------------------------------------------------------------------------------------- 10.62.92.62 92e2ba6225e4 vpn-vr/agg1.971 VLD 371 0 0 55 Arp entries on ASIC chip(s) L2idx IP Dst_Mac Interface Src_Mac Vlan Sat Flag Ref_cnt 218 10.62.92.62 92e2ba6225e4 agg1.971 0010dbff62d0 971 0 0x2 0
get router info routing-table all Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF …
Continue reading "Fortigate – get router info routing-table all"
# dbedit # http://www.cpwiki.net/index.php/Creating_objects_with_dbedit # https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=skI3301 http://msdk.fusiondementes.net/ # creating a new host create host_plain H.FW.angmar2 modify network_objects H.FW.angmar2 ipaddr 10.0.8.8 update network_objects H.FW.angmar2 modify network_objects H.FW.angmar2 comments "Created by fwadmin with dbedit" <http://dl3.checkpoint.com/paid/fd/fdd98fb831a41d62debbdf80cec0f341/CP_R77_CLI_ReferenceGuide.pdf?HashKey=1405256814_16d7518520e77124c7528f55f5372ac0&xtn=.pdf#page=12&zoom=auto,0,841> # creating a new network create network N.Trust.10.0.8.0--21 modify network_objects N.Trust.10.0.8.0--21 ipaddr 10.0.8.0 modify network_objects N.Trust.10.0.8.0--21 netmask 255.255.248.0 update network_objects N.Trust.10.0.8.0--21 # …
Junos (JNCIA-Junos) Certification
http://blog.credativ.com/de/2010/02/howto-einstieg-in-puppet.html http://itand.me/using-puppet-to-manage-users-passwords-and-ss apt-get install puppetmaster apt-get install puppet apt-get install subversion vi /etc/puppet/fileserver.conf # This file consists of arbitrarily named sections/modules # defining where files are served from and to whom # Define a section 'files' # Adapt the allow/deny settings to your needs. Order # for allow/deny does not matter, allow always takes precedence …
Patrick Marc's Networks 