Note to my self. Since i am not dealing with VSX Systems that often, please be reminded. When dealing with VSX Gateways/Clusters to finalize the upgrade the SMS needs to Upgrade the VSX Objects in the SMS Database. [Expert@CheckPointSMS:0]# vsx_util upgrade ****************************************************************************************** * Note: the operation you are about to perform changes the information in …
Check Point – Security Gateway internal statistics
fw ctl pstat Links fw ctl pstat (checkpoint.com)
Check Point – Policy Layers
Fortinet Lookup Policies
Some times you need to know which firewall policy will allow traffic and does it have be used. I had allready posted Fortigate – Policy lookup a while ago. diagnose firewall iprope lookup <src ip> <src port> <dst ip> <dst port> <protocol> <device> <src_ip> Source IP address. <src_port> Source port. <dst_ip> Destination IP address. <dst_port> Destination …
Cisco Nexus Port-channel Issue
Some strange thing we came across the other day. After the Power outage one of the Port-channels did not came up. VPC consistency showed that the Port-channel has ports assigned on both Nexus Switches there should only be local ports connected. Even the remote port was configured for a different port channel. We ended up …
Fortinet – Fragmentation – DF – IPSec
System SettingsFragmentation Check Interface MTULinks System Settings config global config system global set honor-df enable end end Fragmentation The default ip-fragmentation setting is post-encapsulation as that is RFC compliant. config vpn ipsec phase1-interface edit <name> set ip-fragmentation post-encapsulation next end Check Interface MTU To check the MTU size of an interface, use 'diag netlink interface …
Check Point CCSA Course with Experteach
Attended the CCSA Course as a preparation for the Certification. My employee selected me to be under the chosen to have contribute to maintain our Partner Status. So we attended the Course in Person at the Experteach Facility in Duesseldorf, Germany and had a lot of fun with Joerg. After some years of Experience with …
LAG Groups
Some collection of LAG configurations and status commands seen over time. LinuxManually ConfigurationStatusFreeBSDConfig ExampleStatusPermanentCheckpoint ConfigStatus - Clish Status - Expert ModeFortigateConfigStatusCisco - CatalystsConfig StatusLinks Linux Manually Configuration modprobe bonding mode=802.3ad ifconfig bond1 192.168.1.1 netmask 255.255.255.0 up ifenslave bond1 eth0 ifenslave bond1 eth1 The Permanent way depends on the distribution. Status cat /proc/net/bonding/bond1 Ethernet Channel Bonding …
Cisco Catalyst 9200 – Software Update
Looks that software maintainance on newer Cisco Catalysts running IOSXE is a bit diffrence. -- TLDR -- copy http://tftpboot.example.pp52.de/cat9k_lite_iosxe.17.09.05.SPA.bin flash: install add file flash:cat9k_lite_iosxe.17.09.05.SPA.bin install activate Copy the Image to the Switch copy http://tftpboot.rd.pp52.de/cat9k_lite_iosxe.17.09.05.SPA.bin flash: Setup the Boot enviroment c9200#conf t Enter configuration commands, one per line. End with CNTL/Z. de052-ne1-rt-cisco01(config)#boot system flash:packages.conf de052-ne1-rt-cisco01(config)#no boot …
Cisco IPv6 Unicast Routing
! ipv6 unicast-routing !
Fortinet L2 VDOM and VLANs
FGT (interface) # edit port37.vlan100new entry 'port37.vlan100' addedFGT (vlan100) # set vdom L2-testFGT (vlan100) # set interface port37FGT (vlan100) # set vlanid 100FGT (vlan100) # set forward-domain 100FGT (vlan100) # nextFGT (interface) # edit aggr1.vlan100new entry 'aggr1.vlan100' addedFGT (vlan200) # set vdom L2-testFGT(vlan200) # set interface aggr1FGT (vlan200) # set vlanid 100FGT (vlan200) # set …
Patrick Marc's Networks 