Author Archives: Farzand Ali

Download and Installation: You can download this patch by going to the VMware Patch Download Center and choosing VC from the Search by Product drop down. Attach VMware-vCenter-Server-Appliance-6.0.0.30400-7464101-patch-FP.iso file to vCenter Server Appliance. Go to command prompt and run the commands given below: To stage ISO: software-packages stage –iso To see the staged content: software-packagesContinue reading “Patch vCenter Appliance”

1. Subnet Calculator 2.0 IP Void Lookup Tools 2.1 Numerous Tools (whois, ping, tracert, nslookup, port check etc) Email Address Validation 2.1 DNS Propagation Checker (CNAME) 2.2 AdminKit 3. Time Calculator 4. Cisco Coverage Checker 4.1 Cisco Vulnerability IOS and IOS XE checker 4.2 Cisco Optics-to-Device Compatibility Matrix 5. UDP Port Scan 6. Check BlacklistedContinue reading “Useful Tools”

1.0 SK125435 1.1 Why doesn’t Checkpoint failover without manual interaction in Azure?

1.0 Juniper SRX Commands (Important) 2.0 VPN Phase 1 Troubleshoot (Status Messages) 2.1 VPN Phase 2 Troubleshoot (Status Messages) 3.0 Capture PCAP packets on Juniper SRX CLI 4.0 Network DoS Attacks (Syn Flood Protection) 5.0 SNMP configuration examples 6.0 [SRX] How to upgrade Junos OS on a Chassis Cluster 7.0 Juniper vSRX Cluster Upgrade Procedure

To see Phase1 and Phase2 of VPNs: user@host> show security ike security-associations user@host> show security ike active-peer user@host> show security ipsec security-associations To see the reason of tunnel inactivity: user@host> show security ipsec inactive-tunnels Configure syslog to display VPN status messages: # set system syslog file kmd-logs daemon info # set system syslog file kmd-logsContinue reading “Juniper SRX Commands (VPN TSHOOT) (Important)”

Steps: 0. Confirm firewalls are in sync and turn preemption off on both 1. Failover to Secondary 2. Install 8.1.6 on Primary 3. Reboot Primary 4. Login and check if 8.1.6 is installed on Primary and then failback to Primary 5. Check traffic going through Primary 6. Install and reboot 8.1.6 for Secondary 7. LoginContinue reading “Upgrade Palo Firewalls (CLI)”

Show Running Config:  > set cli config-output-format set (xml format running config) >show config running (see running config in xml format) > set cli config-output-format set (to see the set commands running config) > configure # show Show version command on Palo: >show system info Set management IP address: >configure #set deviceconfig system ip-address 192.168.3.100Continue reading “Palo Alto Commands (Important)”

(Note: NAT rules are looked at, but not implemented until after the security policy run) PAT (Inside to Outside): Many-to-One, Hide NAT, Source NAT: NAT Rule: Sourcezone: Inside | SourceIP: PrivateIP/InsideSubnet | DestinationZone: Outside | DestinationIP: Any | DestinationInterface: OutsideInterface | SourceAddressTranslation:(TranslateType: DynamicIP&Port | AddressType: Interface | Interface: OutsideInterface | IP: PublicIP) Security Policy:  Sourcezone: InsideContinue reading “Example NAT Rules (Important)”

1.0 Red Team Field Manual (RTFM)

When i try to ping from inside lan to firewall DMZ interface IP it is not pingable and but from inside users i am able to ping firewall inside interface IP address. e.g: I have following scenario where i am trying to ping from 10.30.1.100 PC to ASA interface 10.20.1.1 not pinging but i canContinue reading “ASA not allowing ping to distant or far interface IP”