Time is precious, even more when you need accurate logging . Let's configure NTP time synchronization on our ASA 5510. Configs are pretty simple, but worth remembering a thing or two. ASA can not be NTP server as opposed to IOS. You can use prefer optional keyword with ntp server command …
In Cisco ASA they called it interface redundancy. The idea is to provide for the physical link failure. That is – you combine two physical interfaces on the ASA into a virtual one, then you configure all the Layer 3 parameters on this virtual interface. At the same time only ONE …
I am sure there are gazillion ways to find the IP address of the managing this module SmartCenter/ Security Management Server, but here comes the one I use. Works on firewall module as well as on the SmartCenter itself , even more - gives the same result, surprising no ? [Expert@FW-XL1]# fw …
Cisco ASA and RIP RIP has been with ASA for years and in this article I will try to cover all possible scenarios in configuring, misconfiguring. debugging and verifying it. As I come up with new ideas how to break the RIP on ASA I will update this article as …
Should you ever forget intricacies of the subnetting Checkpoint have subnetting calculator right in their firewalls - ipcalc. Given subnet show the 1st Ip (network) : ipcalc -n 192.168.34.45/27 NETWORK=192.168.34.32 Given subnet show the last IP (broadcast) : ipcalc -b 192.168.34.45/27 …
It comes to the top 10 questions I hear on a daily basis so here is how to restart Checkpoint Smart Center only (Security Management Server). It is especially useful in Standalone firewall topology, where the Management Server and Firewall module are installed on the same machine and you don't …
I am currently running a bunch of tests on DNS resolver software called Unbound to see what it is worth and for that needed a list of valid domain names in different but controllable TLDs. The only resource to download such list I could find was 3 million records file …
While not being anything noticeable by itself, the problem was that all monitored snmp values were normal but cpu showed 100% on the Open server with 8 CPUs , it did remind me that you should always record the current state before doing the changes. As I said it was an …
TLDR: Add colon to the IP address (no space), then the custom port. Sometimes the simple things are the ones to perplex us the most . Today I needed to add an SNMP monitoring of the Radware Linkproof load balancer listening on the port 7777 . Not a big deal, I thought …
Fortinet are doing a lot to keep us away from the command line. And that’s ok in 95% of the cases. But sooner or later you come to meet the 5% of the bad and the ugly when you have no access to the GUI at all. One late …