Tiny Core Linux

How to get into root:

sudo su

Default user is tc and password is not set for the user to set the password for tc user use following command:

passwd

Change ip address of interface in tiny core:

ifconfig eth0 10.1.1.1 netmask 255.255.255.0

Give default route in tiny core:

route add default gw 10.1.1.2
route add -net 10.2.2.0 netmask 255.255.255.0 gw 10.1.1.1 
Posted in Linux | Tagged | Leave a comment

On Checkpoint Gaia traffic is dropped due to anti spoofing

In traffic logs you might see that traffic is being allowed source to destination but communication is working. Reason could be Anti spoofing configured on checkpoint. If you are logging the anti spoofing dropped traffic then you can check for logs and can confirm if the traffic is being dropped because of anti spoofing feature.

Following screenshot explain traffic allowed from source to destination.

Anti-Spoofing-C2S

But if you swap the source and destination you will get drop logs:

Anti-Spoofing-S2C

 

 

Posted in Check Point | Tagged | Leave a comment

Traffic logs in Zscaler

For troubleshooting you might need to check the traffic logs. You can check the logs by going to Analytics>Insights>Web insight

web-insight

After clicking on web insights you will get following. Click on Logs select filters and then click on Apply filters:

Log-zscaler

Posted in Uncategorized | Leave a comment

Configure a virtual server in F5 LTM

In this post I will show how to do basic configuration of F5 LTM for load balancing traffic to hosted web servers. Following is the topology.

We have three server with IP as 192.168.4.131, 192.168.4.132, 192.168.4.133 . F5 LTM have a interface which have IP address as 192.168.4.130. Gateway of servers is 192.168.4.130

We will configured F5 to load balance traffic to 3 server. External user will use IP 192.168.2.135 and traffic will be sent to one of these server by F5 LTM.F5-Topology

You have to configure Node, Pool, Virtual server for this task.

1> Configuring Node: Node will represent actual server.

Node

2> Configure pool: Now add all the node to one pool. You need to add nodes under Resources. Health monitor is optional but its good to check the health status of servers.

Pool

3> Configure Virtual server: Create a virtual server, assign a IP to virtual server to which user will hit and traffic will be redirect to actual server as per configuration.

virtual-server

virtual-server 2

CLI commands:

VS-CLI-F5.JPG

Posted in F5 | Tagged , , , | Leave a comment

Bluecoat SG basic

There are three mode in CLI of bluecoat SG:

  • Standard > : Configuration change is not possible in this mode.
  • Priviledged # : You can view and change the configuration. A password is required to enter this mode.
    Proxy>enable
    Enable password: ****
    Proxy#
  • Configure priviledged #(config)
Posted in Bluecoat | Leave a comment

How to F5 LTM

How to take capture on F5 LTM:

admin@(f5device)(cfg-sync In Sync)(Active)(/Common)(tmos)# tcpdump -i VLAN_901 host 10.127.1.176
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on VLAN_901, link-type EN10MB (Ethernet), capture size 65535 bytes
23:14:41.660482 ARP, Request who-has 10.127.1.176 tell 10.127.1.1, length 53 in slot1/tmm0 lis=
23:14:42.260668 ARP, Request who-has 10.127.1.176 tell 10.127.1.1, length 53 in slot1/tmm0 lis=

admin@(f5device)(cfg-sync In Sync)(Active)(/Common)(tmos)# tcpdump src host 134.159.168.73

How to check connections on F5 LTM device:

 admin@(f5device)(cfg-sync In Sync)(Active)(/Common)(tmos.sys)# show connection cs-client-addr 134.159.168.73
 Sys::Connections
 Total records returned: 0
OR
admin@(web-lb-1)(cfg-sync In Sync)(Active)(/Common)(tmos)# show sys connection

Check uptime on F5
F5(cfg-sync In Sync)(Active)(/Common)(tmos)# bash
F5 ~ # uptime
11:33:59 up 60 days, 10:53, 2 users, load average: 0.08, 0.02, 0.01

How to check version on F5 Big IP LTM device:

(tmos)# show /sys version

Create VLAN, Assign self IP , floating IP:

create /net vlan VLAN_920 interfaces add { internal_tr { tagged }} tag 920
create /net self VLAN_920_self address 10.110.20.5/255.255.255.0  allow-service default vlan VLAN_920 traffic-group traffic-group-local-only
create /net self VLAN_920_Float address  10.110.20.4/255.255.255.0 allow-service default vlan VLAN_920 traffic-group traffic-group-1
Posted in F5, Load Balancer | Tagged , | Leave a comment

Understanding ASA commands

How to interpret show route output in ASA:

ASA# show route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is 10.50.50.1 to network 0.0.0.0
S    192.168.120.0 255.255.255.0 [1/0] via 10.64.55.1, inside

In output of the command [1/0] represents AD/Metric

Understanding show conn, show conn detailed, show xlate, show xlate detailed:

topology-1

When R1 will do a telnet to R2 following will be showing in the output when there is no nat:

ASA1(config)# show conn
1 in use, 1 most used
TCP out 12.12.12.2:23 in 11.11.11.11:59178 idle 0:00:07 bytes 102 flags UIO
ASA1(config)# show conn detail
1 in use, 1 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
 B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
 E - outside back connection, F - outside FIN, f - inside FIN,
 G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
 i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
 k - Skinny media, M - SMTP data, m - SIP media, n - GUP
 O - outbound data, P - inside back connection, q - SQL*Net data,
 R - outside acknowledged FIN,
 R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
 s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
 X - inspected by service module
TCP outside:12.12.12.2/23 inside:11.11.11.11/59178 flags UIO

When R1 will do a telnet to R2 following will be showing in the output with nat:

ASA1(config)# show conn
1 in use, 3 most used
TCP out 12.12.12.2:23 in 11.11.11.11:12275 idle 0:00:28 bytes 102 flags UIO
ASA1(config)# show conn de
ASA1(config)# show conn detail
1 in use, 3 most used
Flags: A - awaiting inside ACK to SYN, a - awaiting outside ACK to SYN,
 B - initial SYN from outside, C - CTIQBE media, D - DNS, d - dump,
 E - outside back connection, F - outside FIN, f - inside FIN,
 G - group, g - MGCP, H - H.323, h - H.225.0, I - inbound data,
 i - incomplete, J - GTP, j - GTP data, K - GTP t3-response
 k - Skinny media, M - SMTP data, m - SIP media, n - GUP
 O - outbound data, P - inside back connection, q - SQL*Net data,
 R - outside acknowledged FIN,
 R - UDP SUNRPC, r - inside acknowledged FIN, S - awaiting inside SYN,
 s - awaiting outside SYN, T - SIP, t - SIP transient, U - up
 X - inspected by service module
TCP outside:12.12.12.2/23 inside:11.11.11.11/12275 flags UIO



ASA1(config)# show xlate
1 in use, 2 most used
PAT Global 12.12.12.1(1025) Local 11.11.11.11(12275)

ASA1(config)# show xlate detail
1 in use, 2 most used
Flags: D - DNS, d - dump, I - identity, i - dynamic, n - no random,
 r - portmap, s - static
TCP PAT from inside:11.11.11.11/12275 to outside(nat-all-traffic):12.12.12.1/1025 flags ri
Posted in ASA | Leave a comment