FreeRadiustac_plusCiscoFortinetCheckPointLinks FreeRadius /usr/local/etc/raddb/clients.conf client cisco { ipaddr = 8.8.8.8 secret = testing123 } /usr/local/etc/raddb/users cisco Cleartext-Password := "cisco" Service-Type = NAS-Prompt-User, Reply-Message := "Hello, %{User-Name}", Cisco-AVpair = "shell:priv-lvl=15" /usr/local/etc/raddb/sites-available/default # Read the 'users' file. In v3, this is located in # raddb/mods-config/files/authorize files # MAC Auth rewrite_called_station_id # Now check against the authorized_macs file authorized_macs …
Avocent – MTU
We stumbled over a situation where the wan environment did not advertise lower mtu values properly or fragments where routed over a different path. To FIX this we set the MTU / MSS values on the route. vi /etc/network/st_routes 10.0.0.0/8 via 10.52.192.81 dev eth0 mtu 1150 advmss 1100 default metric 0 via 10.52.192.81 This is …
Check Point – Interfaces
Those are my personal notes towards the certification and do not reflect any training from Check PointFor official Information please refer to sk163417. Primary InterfacesGaia Operating System ShellsCLIGUISmart Console Primary Interfaces Gaia Operating System Shells CLI Gaia Clish - Default Shell Bash - Export Mode Shell GUI Gaia Portal browser based shell Smart Console Smart …
Check Point – Review Basics Deployment Types
Those are my personal notes towards the certification and do not reflect any training from Check PointFor official Information please refer to sk163417. Review Basic Deployment Standalone DeploymentDistributed Deployment Standalone Deployment All Functions run on the same computer. Security Management Sever and Security Gateway Distributed Deployment Security Management Sever and Security Gateway run on different …
Continue reading "Check Point – Review Basics Deployment Types"
TCP Session Closing
Customer was approaching us if we see an issue to change the tcp behavior of an application interface, due to timing concerns on the server side. -> TCP [SYN] <- TCP [SYN,ACK] -> TCP [ACK] -> COPT [CR] <- COPT [CC] -> COPT [DT] <- TCP [ACK] -> COPT [DR] <- TCP [ACK] -> TCP …
BGP – Do not advertise a network
Remove routes from Advertisement on a Forigate firewall Not to myself: 10.255.32.0/20 was wired on C1, local pref was missing. so it might make sens to add this to all incoming routes 'set local-preference 100', incoming there is no issue. show router route-map show router route-map config router route-map edit "EBGP-OUT-R2" config rule edit 1 …
BGP – Prevent becoming a Transit-AS
AS-Path FilteringNo-export CommunityPrefix-list FilteringDistribute List Filtering AS-Path Filtering ip as-path access-list 1 permit ^$ neighbor x.x.x.x filter-list 1 out No-export Community ip bgp-community new-format route-map NO-EXPORT ​set community no-export neighbor x.x.x.x route-map NO-EXPORT in neighbor x.x.x.x send-community Prefix-list Filtering ip prefix-list NO-TRANSIT permit x.x.x.x/x neighbor x.x.x.x prefix-list NO-TRANSIT out Distribute List Filtering access-list x deny x.x.x.x y.y.y.y …
BGP – MultiHoming
Cisco cisco01config show ip bgp summaryshow ip routeshow ip bgpcisco02config show ip bgp summaryshow ip routeEdgeRouter-Xedge01configshow ip routeedge02configshow ip routeFortiGateconfigget router info routing-table detailsTestsChanging the AS Numbersshow ip routeshow ip bgpOptimizing route mapscisco1show ip bgp neighbors 10.255.80.29 received-routesshow ip bgpshow ip routecisco2show ip bgp neighbors 10.255.80.28 received-routesshow ip routeBGP Prevent becoming an Transit ASNo-Export CommunityLinks …
Check Point – CCSA
So this one is done. https://www.credly.com/badges/5f6ac312-1694-404e-a46d-841b8191fe20/public_url
Kimai2 – SQL
Sample QueryCreate Stored ProcedureCall the procedure Do we have stored procedures? Sample Query SELECT u.username as Username, c.name as Customer, DATE_FORMAT(t.start_time,'%Y-%m') as Date, FORMAT(SUM(t.duration) / 3600, 0) as Duration FROM kimai2_timesheet t LEFT JOIN kimai2_projects p ON t.project_id = p.id LEFT JOIN kimai2_customers c ON p.customer_id = c.id LEFT JOIN kimai2_users u ON t.user = …
Check Point – VSX Upgrade
Note to my self. Since i am not dealing with VSX Systems that often, please be reminded. When dealing with VSX Gateways/Clusters to finalize the upgrade the SMS needs to Upgrade the VSX Objects in the SMS Database. [Expert@CheckPointSMS:0]# vsx_util upgrade ****************************************************************************************** * Note: the operation you are about to perform changes the information in …
Patrick Marc's Networks 