Wednesday, 25 September 2024

whitelist domains on checkpoint firewall

 https://support.checkpoint.com/results/sk/sk173345


Posted by at No comments:

meraki local status pages to access from local LAN

MR - http://ap.meraki.com

MS - http://switch.meraki.com  

MX - http://mx.meraki.com or http://wired.meraki.com

MG - http://mg.meraki.com

Any - http://setup.meraki.com or http://my.meraki.com


https://documentation.meraki.com/General_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Meraki_Device_Local_Status_Page

Posted by at No comments:

ISE-PIC

ISE-PIC requires a zero cost license which needs to be ordered from your usual disti.


Name: isepic

Product:Identity services engine

PID: ISE-VM-K9

L-FMC-ISE-PIC

L-FMC-ISE-PIC-BSE





Install in VMware

Pre-reqs
Make sure you have the ISE-PIC license (free / 0 cost)
Download ISO from cisco.com
Download latest patch file from cisco.com
Upload ISO to datastore on VMware
Make a DNS record with your ise-pic server name > IP


Create VM in VMware
CPU: 4
RAM: 16 GB
Disk: 300 GB (saw issues with just 200)

  • Right-click on your ESXi host or cluster → New Virtual Machine

  • Choose "Create a new virtual machine"

  • Give the VM a name (same as the DNS record you created)

  • Select the target host or cluster

  • Choose a compatible datastore

Configure the VM:

  • Compatibility: Choose based on your vSphere version (e.g., ESXi x.7 → VM version 14)

  • Guest OS:

    • Family: Linux

    • Version: Red Hat Enterprise Linux 8 (64-bit)

    • In VM options disable secure boot


Don't tick ISO yet
Once VM is created
Edit VM, selectg boot from CD/ISO
Select the drop down for datastore 
Find your .ISO file

Boot the VM

ISE-PIC ISO install
  • The ISO will boot install
  • When you are prompted for username/password
  • type "setup" to configure 
  • Fill in your IP / subnet / domain / DNS servers etc / enable SSH
  • Finish
  • ISE will take some time to install
  • Once you get login prompt it will still take a bit longer to start up services
  • On CLI you can run "show application status ise"


Posted by at No comments:

Monday, 23 September 2024

meraki MTU

 You need to call meraki support to check and get MTU changed.

WAN MTU is 1500 by default

Auto VPN MTU is 69 bytes less (1431 by default)

If you call meraki to change MTU it should create a blip, they said full reboot not needed


-20 for TCP

-20 for IP

-8 for PPPOE

Posted by at No comments:
Labels: ,

Tuesday, 10 September 2024

palo alto mtu

 https://docs.paloaltonetworks.com/globalprotect/5-2/globalprotect-app-new-features/new-features-released-in-gp-app/configurable-maximum-transmission-unit-for-globalprotect-connections


Posted by at No comments:
Labels: , , , , , ,

Thursday, 5 September 2024

port scanner info

nmap - oldest and lots of documentation and help out there, script archive

rustscan - new (made in rust) very fast for scanning all ports

massscan - fast for scanning public IP blocks and /16s

Posted by at No comments:

Wednesday, 4 September 2024

unable to upload secure client to FMC web interface

1. Open CLI to the FMC

a. expert

sudo su

vim +76 /usr/local/sf/htdocs/ddd/fileUpload.cgi


b. Enter in i on the keyboard to go to interactive mode on vim

c. Update the line by increasing the maxFileSizeMap


From: ANY_CONNECT_IMAGE => 100 * 1024 * 1024,

To: ANY_CONNECT_IMAGE => 200 * 1024 * 1024,


d. Save the file by entering in ESC then :wq


2. Upload the file again now

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)