Clik here to view.
Monitoring Site-to-Site VPNs in ASA/PIX (Syslog)
Recently I’ve got a task of monitoring our site-to-site VPNs on some PIX firewalls (yeah, I know, we still use it in some locations). After a lot of researching I’ve found a working and quite decent...
View ArticleClik here to view.
Understanding Inspection Points in Check Point
I was just about to put some FW Monitor templates on my blog for quick reference when I need to troubleshoot some issues in Check Point but I thought it would be a nice thing to explain this first (for...
View ArticleClik here to view.
Using FW Monitor to Capture Traffic Flows in Check Point (Cheat Sheet)
I’m in no way a Check Point junkie. I got these FW Monitor templates from my tech lead at work and he has been using these for over 10 years now. I find these templates just about enough to get me the...
View ArticleClik here to view.
Transferring licenses after RMA (Cisco)
Our ASR 1001 had a hardware failure with the SPA Interface Processor and we had to file an RMA for it. Once we got the device to the data center and started loading up the config, we realized it...
View ArticleClik here to view.
OSPF neighbor relationship process
OSPF Neighbor relationship process 1. Determine the Router ID It is the router’s name in the OSPF process. It’s always advisable to hard code the router-id. Router-id > Loopbacks > Active...
View ArticleClik here to view.
Debug F5 monitor response from the server
It is quite simple to see if a pool member failed it’s health check by checking the pool status via GUI/CLI and the ltm logs also give you more information on the time lines when the pool went down/up;...
View ArticleClik here to view.
Analyzing FW Monitor Output in CLI
If you understand the inspection points in Check Point and can use FW Monitor to get the required logs/captures then you can read further on how how to analyze those logs. So to start off with, lets...
View ArticleClik here to view.
TCP Intercept for DoS Attack Prevention (CCIE Notes)
TCP Intercept It protects a TCP server from TCP SYN-flooding attacks (DoS) attacks. It intercepts and validates TCP connection requests. Establishes connection with the client on behalf of the...
View ArticleClik here to view.
Dynamic Multipoint VPN (CCIE Notes)
Disclaimer: These are my rough cut notes for CCIE Security studies! Not a detailed explanation of DMVPN. Three components that make up DMVPN: 1. Mulitpoint GRE (mGRE) Tunnel interface having multiple...
View ArticleClik here to view.
Section 2: Threat Identification and Mitigation – 2.1 to 2.5 (CCIE Notes)
2.1 Identify and protect against fragmentation attacks Background Info: IP fragmentation is the process of breaking up a single Internet Protocol (IP) datagram into multiple packets of smaller size....
View ArticleClik here to view.
Configure IOS router to initiate a VPN in Aggressive Mode
Enabling Aggressive Mode globally on an IOS router is pretty straight forward and is the default any way; no crypto isakmp aggressive-mode disable But the problem with this is that the router will only...
View ArticleClik here to view.
Quick Notes – Cisco FireAMP Linux Commands
A quick post on (CentOS) Linux commands for FireAMP Connector FireAMP connector install [root@localhost Downloads]# yum install fireamplinux_connector.rpm FireAMP connector install location...
View ArticleClik here to view.
Learning Linux – bookmarks and commands I forget :)
This post is for my self-learning and I’ll be updating it with all the handy docs/blogs I come across over the internet. Linux Directory Structure How to Use Fdisk to Manage Partitions on Linux sudo...
View ArticleClik here to view.
How to setup and configure Infoblox vNIOS in EVE-NG
Place the Infoblox DDI KVM image in the below path in EVE-NG. /opt/unetlab/addons/qemu/linux-vInfoBlox-NIOS-8.1.2 Fix permissions /opt/unetlab/wrappers/unl_wrapper -a fixpermissions Open a new lab and...
View ArticleClik here to view.
Query refused for recursive DNS lookup in Infoblox
I recently configured my lab DNS infoblox server in a grid and setup some authoritative forward-mapping zones on it for my lab web-servers; The DNS queries for the authoritative zones were working...
View ArticleClik here to view.
Using curl for troubleshooting
View only response headers curl -I only retrieves the header of the resource. The ‘I’ is case sensitive. root@ubnsrv01:/etc/ssl/certs# curl -I https://site3.lab.com HTTP/1.1 200 OK Content-Length: 191...
View ArticleDebug health monitor for a single pool member in F5 LTM
Here’s an old post that shows how to debug bigd that gets you the debugs of all the health monitors that are running on the system. The rule of thumb with debugs is that the files get too large and may...
View ArticleF5 iRules – If pool is down, then redirect to another VIP
when HTTP_REQUEST { if { ( [active_members site2.lab.com-pool-80] < 1 ) } { HTTP::redirect http://site3.lab.com/ } }
View ArticleF5 iRules – Unconditionally redirect to another VIP using pool member up/down...
when HTTP_REQUEST { if { ( [active_members site2.lab.com-pool-80] < 2 ) or ( [active_members site2.lab.com-pool-80] ) > 0 } { HTTP::redirect http://site3.lab.com/ } }
View ArticleF5 iRules – Unconditionally redirect to another VIP based on host header...
when HTTP_REQUEST { if { [string tolower [HTTP::host]] equals "site2.lab.com" } { HTTP::redirect "http://site3.lab.com" } } With this iRule, the initial connection to site2.lab.com is...
View Article
