I must confess that I prefer good solutions today over perfect solutions tomorrow. So when the need aroused to do a script that takes netconf.C and transforms all the route statements in it to the general linux form of "route add xxx" I did this one-liner you can see …
I don’t know who to blame – me for not being attentive or Cisco documentation for being vague, but when I read about snmp-map inspection that allows you to block selectively by SNMP version I decided it was the way to protect ASA itself from such queries. And only with …
This article is all about SNMP in ASA. ASA has much less configuration options than IOS does, and this is good. Starting version 8.2 ASA supports version 3 of the SNMP protocol which adds new security model to the whole SNMP stack. But first we will start with old …
SLA monitoring is finally here. What is it useful for ? To add/remove dynamically routes in ASA depending on results of the SLA status. Below is configuration steps but while there are many words in the command itself there are not much options there , so the command is long but …
Time is precious, even more when you need accurate logging . Let's configure NTP time synchronization on our ASA 5510. Configs are pretty simple, but worth remembering a thing or two. ASA can not be NTP server as opposed to IOS. You can use prefer optional keyword with ntp server command …
In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …
I am sure there are gazillion ways to find the IP address of the managing this module SmartCenter/ Security Management Server, but here comes the one I use. Works on firewall module as well as on the SmartCenter itself , even more - gives the same result, surprising no ? [Expert@FW-XL1]# fw …
Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …
Should you ever forget intricacies of the subnetting Checkpoint have subnetting calculator right in their firewalls - ipcalc. Given subnet show the 1st Ip (network) : ipcalc -n 192.168.34.45/27 NETWORK=192.168.34.32 Given subnet show the last IP (broadcast) : ipcalc -b 192.168.34.45/27 …
It comes to the top 10 questions I hear on a daily basis so here is how to restart Checkpoint Smart Center only (Security Management Server). It is especially useful in Standalone firewall topology, where the Management Server and Firewall module are installed on the same machine and you don't …