Author Archives: Farzand Ali

Syslog Configuration (IOS/ASA/Palo/Linux)

How to set up Syslog

Advertisements

Changing the Management Interface

  1. set management interface <new_management_interface>
  2. delete interface <old_management_interface> ipv4-address
  3. set interface <new_management_interface> ipv4-address <ip>
    mask-length <length>
  4. set interface <new_management_interface> state on

How to change IP Address in Check Point firewall

To view IP Address information in Linux/UNIX, use ifconfig (F) command. It’s slightly different from Microsoft whereby ipconfig (P) command is used.

[R60-FW]# ifconfig

To change the IP Address, use the following command

ifconfig eth0 192.168.10.254 netmask 255.255.255.0 up

Again, use ifconfig command to verify it.

Even though we can change the IP Address of Check Point firewall by using this way, but it’s not advisable

Ifconfig is a temporary solution to change the ip address in the firewall. Once you’ve rebooted the firewall, it will be changed to the old ip address.

So, the best way to change IP Address of Check Point firewall permanently is by using sysconfigcommand:

[Expert@R60-FW]# sysconfig

Choose menu 5) Network Connections

    Choose a configuration item (‘e’ to exit):
——————————————————————
1) Host name                    7) DHCP Server Configuration
2) Domain name                  8) DHCP Relay Configuration
3) Domain name servers          9) Export Setup
4) Time and Date               10) Products Installation
5) Network Connections         11) Products Configuration
6) Routing
——————————————————————
(Note: configuration changes are automatically saved)
Your choice:5

2) Configure connection

    Choose a network connections configuration item (‘e’ to exit):
——————————————————————
1) Add new connection             4) Select management connection
2) Configure connection           5) Show connection configuration
3) Remove connection
——————————————————————
(Note: configuration changes are automatically saved)
Your choice:2

1) eth0

    Choose a connection to configure (‘e’ to exit):
——————————————————————
1) eth0
2) eth1
3) eth2
——————————————————————
(Note: configuration changes are automatically saved)
Your choice: 1

1) Change IP settings

    Choose eth0 item to configure (‘e’ to exit):
——————————————————————
1) Change IP settings                3) Remove IP from interface
2) Change MTU settings               4) Change from static to dynamic IP
——————————————————————
(Note: configuration changes are automatically saved)
Your choice: 1

Check Point – GAiA – Change or Set Expert Password – CLI

In order to change expert password of Check Point firewall running GAiA OS, logon to CLI, make sure you are in “clish” mode and execute command “set expert-password plain“. You need to enter current expert password and they you’ll be able to choose a new expert password.

Syntax:

set expert-password plain

Example:

CP-Firewall-GAiA>
CP-Firewall-GAiA> set expert-password plain
Enter current expert password :
Enter new expert password:
Enter new expert password (again):
CP-Firewall-GAiA>
CP-Firewall-GAiA>

Cisco Labs

CCP Configuration:

http://www.omnisecu.com/ccna-security/how-to-install-ccp-and-how-to-configure-cisco-router-for-ccp.php

ASA ASDM basic config:

http://www.net-gyver.com/?p=1419

Cisco 861/871 basic router configuration: 

http://ciscorouterswitch.over-blog.com/article-cisco-871-interfaces-and-basic-configuration-80487118.html

Cisco IOS DHCP Configuration:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/812-cisco-router-dhcp-config.html

IOS Zone based Firewall configuration: 

http://packetlife.net/blog/2012/jan/30/ios-zone-based-firewall/

IOS Site-to-Site IPSec VPN Configuration: 

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html

ASA Site-to-Site IPSec VPN: 

http://packetlife.net/blog/2011/jul/11/lan-lan-vpn-asa-5505/

https://www.petenetlive.com/KB/Article/0000072

Cisco VPN Client Configuration – Setup for IOS Router: 

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/809-cisco-router-vpn-client.html

http://www.alfredtong.com/cisco/cisco-ios-remote-access-ipsec-vpn/

CONFIGURING CISCO SSL VPN ANYCONNECT (WEBVPN) ON CISCO IOS ROUTERS:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/904-cisco-router-anyconnect-webvpn.html

Cisco Tools and Applications: 

http://www.firewall.cx/downloads/cisco-tools-a-applications.html

Defining the Need for NAT Exemption

http://www.packetu.com/2012/05/29/defining-the-need-for-nat-exemption/

CCIE Study Notes

CCIE RnS Notes

Palo Alto PCNSE7 Study Guide and CLI commands

https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/datasheets/education/PCNSE7Guide.pdf

https://paloaltonetworks.csod.com/clientimg/paloaltonetworks/LOResource/16570_2016060605472497_428328097_PDF.pdf

https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/framemaker/70/pan-os/cli-gsg/section_3.pdf

https://blog.webernetz.net/2013/11/21/cli-commands-for-troubleshooting-palo-alto-firewalls/

Palo Alto troubleshooting commands

NPS, Wireless LAN Controllers, and Wireless Networks Configuration Example

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/115988-nps-wlc-config-000.html

Configuring Cisco IOS CA Server and Enrolling Cisco ASA to a CA Server

http://www.cioby.ro/2016/07/22/configuring-and-deploying-cisco-ios-certificate-server/

Configuring Cisco IOS CA Server and Enrolling Cisco ASA to a CA Server (CCIE Notes)