How to F5 LTM

How to take capture on F5 LTM:

admin@(f5device)(cfg-sync In Sync)(Active)(/Common)(tmos)# tcpdump -i VLAN_901 host 10.127.1.176
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on VLAN_901, link-type EN10MB (Ethernet), capture size 65535 bytes
23:14:41.660482 ARP, Request who-has 10.127.1.176 tell 10.127.1.1, length 53 in slot1/tmm0 lis=
23:14:42.260668 ARP, Request who-has 10.127.1.176 tell 10.127.1.1, length 53 in slot1/tmm0 lis=

admin@(f5device)(cfg-sync In Sync)(Active)(/Common)(tmos)# tcpdump src host 134.159.168.73

How to check connections on F5 LTM device:

 admin@(f5device)(cfg-sync In Sync)(Active)(/Common)(tmos.sys)# show connection cs-client-addr 134.159.168.73
 Sys::Connections
 Total records returned: 0

Check uptime on F5
F5(cfg-sync In Sync)(Active)(/Common)(tmos)# bash
F5 ~ # uptime
11:33:59 up 60 days, 10:53, 2 users, load average: 0.08, 0.02, 0.01

Posted in F5, Load Balancer | Tagged , | Leave a comment

Understanding ASA commands

How to interpret show route output in ASA:

ASA# show route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is 10.50.50.1 to network 0.0.0.0
S    192.168.120.0 255.255.255.0 [1/0] via 10.64.55.1, inside

In output of the command [1/0] represents AD/Metric

 

Posted in ASA | Leave a comment

F5- Big-IP LTM How To

How to check version on F5 Big IP LTM device:

(tmos)# show /sys version

 

 

 

Posted in F5 | Tagged , | Leave a comment

Bluecoat How to:

How to take packet capture on bluecoat ProxySG device:

Go to Maintenance> Service Information> Packet captures:

bluecoat-packet-capture

How to download captured packet on bluecoat:

Go to Maintenance> Service Information> Packet captures click on show statistics it will open a new page download from that new page.

How to check who have logged in to CLI of proxySG :

proxysg>show sessions
Sessions:
  #   state  type    start                     elapsed     connected from
  01  IDLE
  02  PRIVL  ssh     30 Jan 2017 19:58:49 UTC  13:47:22    x.x.x.x
  03* NORML  ssh     16 Feb 2017 09:38:14 UTC  00:07:57    x.x.x.x

How to check bluecoat proxysg version:

proxysg>show version
Version: SGOS 6.5.9.11 Proxy Edition
Release id: xxxx
UI Version: 6.5.9.11 Build: 191480
Serial number: xxxxxx
NIC 0 MAC: xxxxxx

How to export policy trace from bluecoatSG:

https:// x.x.x.x:8082/policy

Check url category on bluecoat:

 https:// sitereview.bluecoat.com/

 

Posted in Bluecoat | Tagged , , | Leave a comment

CISCO ASA How to:

How to check ASA version:

asa# show version | inc Version
Cisco Adaptive Security Appliance Software Version 9.2(4)8
Device Manager Version 7.5(2)153

How to check ASA hardware:

asa# show version | inc Hardware
Hardware:   ASA5545, 12288 MB RAM, CPU Lynnfield 2660 MHz, 1 CPU (8 cores)

How to check connection details on ASA between a particular source and destination:

ASA# show conn detail address 10.148.84.25 address 10.148.60.62

How to check vpn users in ASA:

ASA# show vpn-sessiondb anyconnect

Username     : xxxx             Index        : 65098
Assigned IP  : xxxx             Public IP    : xxxx
Protocol     : AnyConnect-Parent SSL-Tunnel DTLS-Tunnel
License      : AnyConnect Essentials
Encryption   : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)RC4  DTLS-Tunnel: (1)AES128
Hashing      : AnyConnect-Parent: (1)none  SSL-Tunnel: (1)SHA1  DTLS-Tunnel: (1)SHA1
Bytes Tx     : 38535932               Bytes Rx     : 13850530
Group Policy : xxxxxx   Tunnel Group : xxxxx
Login Time   : 14:14:05 GMT Mon Feb 20 2017
Duration     : 1d 17h:47m:52s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : 0xxxx
Security Grp : none

ASA#show vpn-sessiondb webvpn

How to check webvpn configuration:

show run webvpn

How to use packet trace in cisco ASA:

ASA#packet-tracer input inside icmp 10.148.39.76 8 0 10.145.35.1

How to turn on pager in ASA:

terminal pager 0

Clear IPsec site to site tunnel:

ASA#clear crypto ipsec sa peer

Test AAA authentication on ASA:

test aaa-server authentication Our-Server host x.x.x.x username xxxxx password xxxxxx

How to forward logs to syslog in ASA:

logging enable
logging trap informational
logging asdm informational
logging host Inside x.x.x.x
logging permit-hostdown
Posted in ASA | Tagged , , | Leave a comment

Check Point firewall how to

How to get checkpoint version:

 admin>fw ver
 admin> show version all

How to get checkpoint serial number:

CP> show asset system
Platform: xxxxx
Model: Check Point xxxx
Serial Number: xxxxxxx
CPU Frequency: xxxx.xxx

Check uptime:

CP> show uptime

How to export configuration backup from cli:

 CP[admin]# cst -small
 CST version 2007-09-26
== CST will not collect cores or firewall logs ==
 =============== N O T I C E: VOYAGER LOCKS =========================
 Please make sure you are logged out of Voyager.
 CST gathers certain information from clish, which may not work
 when there is a configuration lock in place established by an active
 Voyager session.
 =============== E N D O F N O T I C E =========================
Continue? [y] y
 Output Directory? [.] /opt
 IPSO-6.2-GA083a02 detected...
 Generating IPv4 configuration summary...done
 Generating IPv6 configuration summary...done
 Gathering cpu utilization data...done
 Gathering memory utilization data...done
 Gathering interface statistics...done
 Gathering standard ipsoinfo data...netstat: sysctl: net.inet.icmp.stats: Cannot allocate memory
 done
 Gathering additional ipso information...
 vrrp data...done
 route data...done
 rip data...done
 ospf data...done
 bgp data...done
 dvmrp data...done
 pim data...done
 ...done
 Gathering system logs......done
 Processsing vmcore files...none on this system.....done
 Gathering firewall data... Invalid flavour 'general' for product 'vpn'. Use 'cpstat' without any arguments to see supported products and flavours.
 Invalid flavour 'fwz' for product 'vpn'. Use 'cpstat' without any arguments to see supported products and flavours.
 No product has flag 'ci'
 ...done
 Fetching cpinfo...
 cpinfo (I:0110): Beginning ...
cpinfo (I:0116): Latest cpinfo version: http://www.checkpoint.com/downloads/
 cpinfo (I:0112): Embedding files ...
cpinfo (I:0120): Output file - cst-flkrseinc-03-04.19.2017-1303/cpinfo.flkrseinc-03.04.19.2017-1303
 cpinfo (I:0111): Done
 done
 Creating index...done
 Including chart software...done
 Creating archive file...done
 Skipping core files
 Fetching routing daemon state...done
 Compressing final archive...done
Output saved to /opt/cst-flkrseinc-03-04.19.2017-1303.tar.gz

Where the logs are stored in checkpoint:

/var/log/opt/CPsuite-RXX/fw1/log
Posted in Check Point | Tagged , , , | Leave a comment

Take packet captures on ASA

If we need to take packet capture during some troubleshooting on ASA we can take captures on ASA as follows. We can take capture on interface where the traffic will hit and on interface where traffic will go i.e ingress and egress interface.

In below example I am doing capture for TCP traffic from any source to any destination.

Capture name-of-capture interface interface-nameif match tcp any any
Capture name-of-capture buffer 33445532

Verification command:
show capture

To take capture out of box in web browser open following URL. Here replace x.x.x.x with IP address of ASA:
https:// x.x.x.x/admin/capture/name-of-capture /pcap

To view pcap on cli: To view/export the pcaps the capture should be on.

show capture name-of-capture

5 packets captured

   1: 10:37:12.417382       802.1Q vlan#648 P0 10.148.39.76 > 10.145.35.1: icmp: echo request
   2: 10:37:13.027342       802.1Q vlan#648 P0 10.148.39.76 > 10.145.35.1: icmp: echo request
   3: 10:37:13.417397       802.1Q vlan#648 P0 10.148.39.76 > 10.145.35.1: icmp: echo request
   4: 10:37:14.026518       802.1Q vlan#648 P0 10.148.39.76 > 10.145.35.1: icmp: echo request
   5: 10:37:14.417397       802.1Q vlan#648 P0 10.148.39.76 > 10.145.35.1: icmp: echo request
5 packets shown

To stop capture:
no Capture name-of-capture

To clear capture buffer:
clear capture name-of-capture

Posted in ASA | Tagged , , , , , , , | Leave a comment