검색결과 리스트
분류 전체보기에 해당되는 글 275건
- 2018.05.08 Juniper Firewall Transparent mode config (Example)
- 2018.05.08 Aruba Controller CLI
- 2018.05.08 MAC 프로 root 비빌번호 설정 MAC / 운영체제
- 2018.05.08 Aruba Controller 초기 설정
- 2018.05.08 SRX Syslog config
- 2018.05.08 Palo Alto Firewall Appliance PA-VM - Useful Commands
- 2018.05.08 FortiGate FGSP
- 2018.05.08 FortiAnalyzer CLI
- 2018.05.08 fortigate File reached uncompressed size limit
- 2018.05.08 FortiGate 점점 CLI
글
Juniper Firewall Transparent mode config (Example)
Management
set interface vlan1 ip 1.1.1.1/24
set interface vlan1 manage web
set interface vlan1 manage telnet
set interface vlan1 manage ssh
set interface vlan1 manage ping
Interfaces
set interface ethernet0/1 ip 0.0.0.0/0
set interface ethernet0/1 zone v1-trust
set interface ethernet0/3 ip 0.0.0.0/0
set interface ethernet0/3 zone v1-untrust
V1-Trust Zone
set zone v1-trust manage web
set zone v1-trust manage telnet
set zone v1-trust manage ping
Addresses
set address v1-trust FTP_Server 1.1.1.5/32
set address v1-trust Mail_Server 1.1.1.10/32
Route
set vrouter trust-vr route 0.0.0.0/0 interface vlan1 gateway 1.1.1.250 metric 1
Policies
set policy from v1-trust to v1-untrust any any any permit
set policy from v1-untrust to v1-trust any Mail_Server mail permit
set policy from v1-untrust to v1-trust any FTP_Server ftp-get permit
'업무이야기 > Juniper' 카테고리의 다른 글
| Juniper Firewall Transparent mode config (Example) (0) | 2018.05.08 |
|---|---|
| SRX Syslog config (0) | 2018.05.08 |
| Juniper Firewall DHCP Server Configuration (0) | 2013.03.10 |
| Setting up a Policy-Based VPN Tunnel (0) | 2012.10.18 |
| Juniper Srx Firewall Password Recovery (0) | 2012.03.21 |
| Juniper 인터넷 2회선을 이용한 Load Balancing (0) | 2012.02.21 |
설정
트랙백
댓글
글
Aruba Controller CLI
#show ip interface brief
#show ip route
#show port status
#show license
#aaa user delete all
#show running-config | include adp
#show user
#show user-table
#show ap active
#show ap database
#show ap essid
#show vpdn l2tp local pool
#show ap config ap-group ISD
#show crypto ipsec sa
#show crypto isakmp sa
# show datapath session | include 7.7.7.1
#clear gap-db ap-name AP1
Client Match 설정
#configure terminal
(config) # rf arm-profile default
(Adaptive Radio Management Profile "default")#cm-report-interval 30
(Adaptive Radio Management Profile "default")#cm-sticky-check-interval 3
(Adaptive Radio Management Profile "default")#cm-sticky-snr 25
(Adaptive Radio Management Profile "default")#cm-sticky-snr-delta 10
(Adaptive Radio Management Profile "default")#cm-sticky-min-signal 70
(Adaptive Radio Management Profile "default")#cm-steer-timeout 20
(Adaptive Radio Management Profile "default")#cm-lb-thresh 20
(Adaptive Radio Management Profile "default")#cm-stale-age 120
(Adaptive Radio Management Profile "default")#cm-max-steer-fails 5
(Adaptive Radio Management Profile "default")#cm-lb-client-thresh 10
(Adaptive Radio Management Profile "default")#cm-lb-snr-thresh 30
'업무이야기 > Aruba' 카테고리의 다른 글
| Aruba Controller CLI (0) | 2018.05.08 |
|---|---|
| Aruba Controller 초기 설정 (0) | 2018.05.08 |
설정
트랙백
댓글
글
MAC 프로 root 비빌번호 설정 MAC / 운영체제
백북설치시 등록한 사용자는 관리자 권한이다. root user는 아니였음.
맥북에서 터미널을 실행하고 다음과 같은 Unix명령어를 쳐서 root 패스워드를 지정한다.
Mac:$> sudo -s (엔터를 치니 바로 bash-3.2# 이 프롬프트가 나온다. 패스워드 설정이 되지 않은 상태였음)
bash-3.2#> passwd root
Changing password for root.
New password: (여기서 원하는 root패스워드를 입력한다.)
Retype new password: (다시한번 입력하는 끝.)
bash-3.2#> exit (종료하고)
exit
Mac:$> su
Password: (입력한 root패스워드 입력)
sh-3.2# (맞으면 이 프롬프트로 떨어짐)
[출처] MAC 프로 root 비빌번호 설정|작성자 쭌쭈주준
'업무이야기 > Mac' 카테고리의 다른 글
| MAC 프로 root 비빌번호 설정 MAC / 운영체제 (0) | 2018.05.08 |
|---|---|
| Mac LaunchPad 사이즈 조절 (0) | 2017.08.08 |
| Mac 자체 tftp, FTP 서버 이용 방법 (0) | 2017.08.08 |
| Centos root passes for parallels desktop (0) | 2017.08.08 |
설정
트랙백
댓글
글
## Aruba Controller 초기 설정
* 공장 초기화 설정
. 호스트 네임 : [aruba2400]
. 기본 접속 IP : [172.16.0.254]
. 넷마스크 : [255.255.255.0]
. 게이트웨이 IP : [none]
. 컨트롤러의 역활 : (master|local) [master]
. 국가코드 : KR
. 국가코드 재확인 : (yes|no)
. 시간대역 : GMT+9:0
. 현재시간 : [09:49:30]
. 현재날짜 : [6/2/2014]
. Admin패스워드 : (up to 32 chars)
. Admin패스워드 확인
. Enable패스워드
. Enable패스워드 확인
. Port Shutdown 여부 : (yes|no) [no] - 보안을 위해 ㅣ본적으로 모든 포트를 막을 것인지 여부
* Telnet Port : 2300
* AP 설정
apboot> location
apboot> ipaddr
apboot> netmask
apboot> gatewayip
apboot> serverip
apboot> master
apboot> group
apboot> purge
apboot>printenv
* AP Controller Configuration
1. Interface
- Configuration / controller / lookback Interface - 임의의 IP 설정
- Configuration / IP / VLANs Edit - Use the following IP Address 설정
- Configuration / VLANs - VLAN 생성 - Enable Inter-VLAN Routing [V]
- Configuration / Ports / Port Selection / Port Mode [Access], Vlan [Vlan ID]
- Configuration / Ports / Port Selection / Port Mode [Trunk], Allow VLANS 선택
- Configuration / Controller / Loopback IP Address - 삭제
- Configuration / IP / VLAN 선택 / Enable source NAT for this VLAN [V]
- IP / DHCP Server / Enable DHCP Server [V], 추가 - Pool name, 기타 등등
2. Authentication (RADIUS Server Profile)
- Configuration / Authentication / RADIUS Server / 추가 - Host(IP), Key(Preshare) 설정, Mode [V]
- Configuration / Access Control / Policies / 추가 - Policy Name 추가 / Add - 정책
- Configuration / Access Control / User Roles / 추가 -Role Name 추가 - Choose from Configured Policies에서 생성된 Policy 선택
- Configuration / Authentication / Server Group / 추가 / New - 인증 서버 선택, Server Rules - Condition [Filter-ID], Operation [Value-OF], Set [Set role] 추가 (인증서버 리턴값)
- Configuration / Authentication / Server Group / 수정 / Server Rules - Condition [Filter-ID], Operation [Equals] [test], Set [Set role], Value [authenticated] 추가Configuration / Authentication / Internal DB / Add User (Internal DB 계정 생성)
3. 802.1x
- Configuration / All Profiles / Wireless Lan / 802.1x Authentication / 새로운 항목 추가 / Advanced - Validate PMKID [V], Termination [V], Termination EAP Type [eap-peap], Termination Inner EAP-Type [eap-maschapv2]
- Configuration / All Profiles / Wireless Lan / AAA Profile / 새로운 항목 추가 / 802.1x Authentication / 802.1x Authentication Profile 선택
- Configuration / All Profiles / Wireless Lan / AAA Profile / 추가된 항목 / 802.1x Authentication Server Group - 802.1x Authentication Server Group [추가된 인증 서버 그룹]
- Configuration / All Profiles / Wireless Lan / AAA Profile / 추가된 항목 / RADIUS Accounting Server Group [인증 서버 선택]
- Configuration / All Profiles / Wireless Lan / SSID Profile / 새로운 항목 추가 / Network Name(SSID) [SSID], Network Authentication [WPA2], Encryption [AES]
- Configuration / All Profiles / Wireless Lan / Virtual AP Profiles / 새로운 항목 추가 / VLAN 선택, Band Steering [V]
- Configuration / All Profiles / Wireless Lan / Virtual AP Profiles / 추가된 항목 / AAA Profile - AAA Profile 선택
- Configuration / All Profiles / Wireless Lan / Virtual AP Profiles / 추가된 항목 / SSID Profile - SSID Profile 선택
- Configuration / All Profles / AP Configuration / AP Group / 새로운 항목 추가 후 Edit / Wireless Lan / Virtual APs / Virutal APS [신규로 생성된 Profile 선택]
- Configuration / AP Installation / AP 목록에서 선택 후 Provision / AP Parameters [생성된 AP 구룹 선택], Apply and Reboot
'업무이야기 > Aruba' 카테고리의 다른 글
| Aruba Controller CLI (0) | 2018.05.08 |
|---|---|
| Aruba Controller 초기 설정 (0) | 2018.05.08 |
설정
트랙백
댓글
글
root@srx# set security log mode stream
root@srx# set security log format sd-syslog
root@srx# set security log source-address 10.10.10.2
root@srx# set security log stream securitylog category all
root@srx# set security log stream securitylog host 10.10.10.1
root@srx# set security log stream securitylog host port 514
When complete and a 'commit' is executed, and the configuration looks like this:
security {
log {
mode stream;
format sd-syslog;
source-address 10.10.10.2;
stream securitylog {
category all;
host {
10.0.10.1;
port 514;
}
}
}
}
set security log mode stream
set security log format sd-syslog
set security log source-address 10.10.10.2
set security log stream securitylog format sd-syslog
set security log stream securitylog category all
set security log stream securitylog host 10.10.10.1
set security log stream securitylog host 172.22.154.214 port 514
'업무이야기 > Juniper' 카테고리의 다른 글
| Juniper Firewall Transparent mode config (Example) (0) | 2018.05.08 |
|---|---|
| SRX Syslog config (0) | 2018.05.08 |
| Juniper Firewall DHCP Server Configuration (0) | 2013.03.10 |
| Setting up a Policy-Based VPN Tunnel (0) | 2012.10.18 |
| Juniper Srx Firewall Password Recovery (0) | 2012.03.21 |
| Juniper 인터넷 2회선을 이용한 Load Balancing (0) | 2012.02.21 |
설정
트랙백
댓글
글
admin@PA-VM>configure
admin@PA-VM#set deviceconfig system ip-address 192.168.200.63 netmask 255.255.255.0 default-gateway 192.168.200.254 dns-setting servers primary 8.8.8.8
If you have every worked on any
Juniper Box with JUNOS CLI, you will feel at home when working on Palo
Alto Firewall Appliance....
Operational Mode and Configuration Modes
username@hostname> (Operational mode)
username@hostname> configure
Entering configuration mode
[edit]
username@hostname# (Configuration mode)
Moving between Modes
up—changes the context to one level up in the hierarchy.
Example:
[edit network interface] (network level)
@abce# up
[edit network]
username@hostname# (now at the network level)
top—changes context to the top level of the hierarchy.
Example:
[edit network interface vlan] (network vlan level)
username@hostname# top
[edit]
username@hostname# (now at network vlan level)
Changing modes
username@hostname# exit
Software Version, Mgmt Address etc.
dmin@PA-VM> show system info
Grep/Match
admin@PA-VM> show system info | match model
model: PA-VM
Find commands with following keyword
username@hostname# find command keyword hsm
Restart Appliance
>request restart system
Show Configuration Hierarchy
username@hostname# show network interface ethernet
ethernet {
ethernet1/1 {
virtual-wire;
}
ethernet1/2 {
virtual-wire;
}
ethernet1/3 {
layer2 {
units {
ethernet1/3.1;
}
}
}
ethernet1/4;
}
[edit]
username@hostname#
Configure IP Address to a given Port
IP address/netmask 10.1.1.12/24 to the Layer 3 interface for the Ethernet port ethernet1/4:
[edit]
username@hostname# set network interface ethernet ethernet1/4 layer3 ip10.1.1.12/24
Check pending changes (uncommitted)
username@hostname# check pending-changes
Saves a snapshot of the firewall configuration or the device state files
username@hostname# save config to savefile
Get Hw Address of Interfaces
show system state | match hwaddr
Routing Table
> show routing route
Show running-configuration
admin@PA-VM#show
Logs
admin@PA-VM> less mp-log ? (you will see all possible logs)
Packet Capture:-
admin@PA-VM> debug dataplane packet-diag set log on
admin@PA-VM> debug dataplane packet-diag set filter on
admin@PA-VM> debug dataplane packet-diag set filter match source <ip Address>
Removing Filters
If setting command shows two filters configured and we want to remove on of them, then we can use
admin@PA-VM> debug dataplane packet-diag clear filter <filter number>
Export pcap file
scp export filter-pcap from <file> to <SCP_serv>
Viewing Packet Hitting Filter in live mode
admin@PA-VM> view-pcap follow yes filter-pcap test1_capture
Show Packet Capture Setting
admin@PA-VM> debug dataplane packet-diag show setting
Management Traffic Capture:-
Their Mgmt Interface is eth0
admin@PA-VM> tcpdump filter "dst 49.0.0.254"
Press Ctrl-C to stop capturing
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
^C
11 packets captured
22 packets received by filter
0 packets dropped by kernel
admin@PA-VM> tcpdump filter "dst 49.0.0.254"
admin@PA-VM> view-pcap mgmt-pcap mgmt.pcap
Show all Sessions
>show session all
'업무이야기 > PaloAlto' 카테고리의 다른 글
| Palo Alto Firewall Appliance PA-VM - Useful Commands (0) | 2018.05.08 |
|---|
설정
트랙백
댓글
글
1. VDOM enable
conf sys global
set vdom-admin enable
end
2. Create VDOM
conf vdom
edit test
3. VDOM mode setting
TP
conf vdom
edit test
conf sys setting
set opmode transparent
set manageip 10.10.10.1/32
end
end
4. Management Port setting
conf sys interface
edit mgmt
set vdom root
set ip 10.10.10.1/24
next
edit port1
set vdom test
next
edit port2
set vdom test
next
edit port4
set ip 192.168.12.1/24
set allowaccess ping https ssh snmp telnet
next
end
5. Sessins-sync setting
conf system session-sync
edit 1
set peerip 192.168.12.2
set syncvd test
next
end
6. HA setting
conf sys ha
set hbdev port3 100
set session-sync-dev port4
set hb-interval 4
set hb-lost-threshold 12
set ha-uptime-diff-margin 1
set session-pickup enable
set session-pickup-connectionless enable
set session-pickup-expectation enable
set session-pickup-nat enable
set standalone-config-sync enable
set override disable
end
'업무이야기 > Fortinet' 카테고리의 다른 글
| FortiGate FGSP (0) | 2018.05.08 |
|---|---|
| FortiAnalyzer CLI (0) | 2018.05.08 |
| fortigate File reached uncompressed size limit (0) | 2018.05.08 |
| FortiGate 점점 CLI (0) | 2018.05.08 |
| How-to: Automate FortiGate configuration backups (0) | 2018.05.08 |
| Scheduled Daily Reboot of FortiGate (0) | 2018.05.08 |
설정
트랙백
댓글
글
get system sql
diagnose sql status
diagnose sql show db-size
diagnose log device
diagnose sql process list
diagnose dvm device list
diagose fortilogd msgrate-device
diagose fortilogd lograte
get system performance
get system status
execute log device logstore list
'업무이야기 > Fortinet' 카테고리의 다른 글
| FortiGate FGSP (0) | 2018.05.08 |
|---|---|
| FortiAnalyzer CLI (0) | 2018.05.08 |
| fortigate File reached uncompressed size limit (0) | 2018.05.08 |
| FortiGate 점점 CLI (0) | 2018.05.08 |
| How-to: Automate FortiGate configuration backups (0) | 2018.05.08 |
| Scheduled Daily Reboot of FortiGate (0) | 2018.05.08 |
설정
트랙백
댓글
글
fortigate # config firewall profile-protocol-options
fortigate (profile-protocol~ons) # edit default
fortigate (default) # config smtp
fortigate (default) # set uncompressed-oversize-limit 5
fortigate (smtp) # get
ports : 25
status : enable
inspect-all : disable
options : oversize
oversize-limit : 10
uncompressed-oversize-limit: 5
uncompressed-nest-limit: 12
scan-bzip2 : enable
server-busy : disable
'업무이야기 > Fortinet' 카테고리의 다른 글
| FortiGate FGSP (0) | 2018.05.08 |
|---|---|
| FortiAnalyzer CLI (0) | 2018.05.08 |
| fortigate File reached uncompressed size limit (0) | 2018.05.08 |
| FortiGate 점점 CLI (0) | 2018.05.08 |
| How-to: Automate FortiGate configuration backups (0) | 2018.05.08 |
| Scheduled Daily Reboot of FortiGate (0) | 2018.05.08 |
설정
트랙백
댓글
글
1. get system performance status
- 현재 CPU & Memory, Traffic 사용량, Session수 및 Uptime 확인
2. get system status
- OS Version 및 Serial 정보 확인
3. diag debug crashlog read
- 프로세서 Crash 내역 및 FortiGate의 주요 이슈 사항 확인
4. diag log alertconsole list
- 관리자 계정 Login 실패 기록, 장비 재시작, 전원 off, FortiGuard 업데이트 내역 확인
5. diag hardware device nic port1
- 해당 Port의 Speed/Duplex 및 Error확인 가능
6. diag netlink device list
- 전체 Port에 대한 Error 확인
7. get route info routing-table all
- Routing Table 확인
8. get sys arp
- ARP Table 확인
9. get system interface
- Interface IP정보 확인
10. 기타
# excute tac report
# fnsysctl ls -l /dev/shm
# fnsysctl ls -l /tmp
# diagnose hardware sysinfo shm
# diagnose hardware sysinfo slab
# diagnose hardware sysinfo interrupt
# diagnose ip arp list
# diagnose ip rtcache list
# diagnose ip router command show show int
# diagnose ips anomaly list
# diagnose ips anomaly status
# diagnose ips dissector status
# diagnose ips packet status
# diagnose ips raw status
# get ips session
# diagnose sys session stat
# get system auto-update status
# get system auto-update versions
# diagnose test update info
# diagnose sys flash list
# fnsysctl df -k
# diagnose sys logdisk smart
# diagnose sys logdisk status
# diagnose sys ha status
# diagnose sys ha showcsum
# diagnose sys ha hadiff status
# diagnose sys ha dump-by all-vcluster
# diagnose sys ha dump-by rcache
# diagnose sys ha dump-by all-group
# diagnose sys ha dump-by memory
# diagnose sys ha dump-by vdom
# diagnose sys ha dump-by debug-zone
# diagnose sys ha dump-by kernel
# diagnose sys ha dump-by device
# get sys session-info statistics
# get system session-info ttl
# get system session-helper-info list
# diagnose netlink aggregate list
# diagnose netlink brctl list
# diagnose netlink device list
# diagnose firewall fqdn list
# diagnose firewall iplist list
# diagnose firewall ipmac list
# diagnose firewall ipmac status
# diagnose firewall iprope list
# get firewall proute
# diagnose firewall schedule list
# get system performance firewall statistics
# get router info routing-table all
# get router info routing-table database
# get vpn ipsec stats crypto
# get vpn ipsec tunnel details
# get vpn status ssl list
# get webfilter ftgd-statistics
# get webfilter status
# diagnose spamfilter fortishield statistics list
# diagnose spamfilter fortishield servers
# get hardware nic mgmt2
# get hardware nic mgmt1
# get hardware nic port32
# get test proxyacceptor 1
# get test proxyacceptor 4
# get test proxyworker 1
# get test proxyworker 4
# get test proxyworker 4444
# get test http 444
# get test http 11
# diagnose sys scanunit stats all
# get test urlfilter 10
# diagnose sys sip-proxy filter clear
# diagnose sys sip-proxy redirect list
# diagnose sys sip-proxy config list
# diagnose sys sip-proxy config profiles
# diagnose sys sip-proxy meters list
# diagnose sys sip-proxy stats proto
# diagnose sys sip-proxy stats call
# diagnose sys sip-proxy stats udp
# diagnose sys sip-proxy calls idle
# diagnose sys sip-proxy session list
# diagnose sys sccp-proxy stats list
# diagnose sys sccp-proxy phone list
# get test ipsmonitor 1
# get test ipsmonitor 3
# get test radiusd 5
# diagnose test application miglogd 6
# diagnose debug crashlog read
'업무이야기 > Fortinet' 카테고리의 다른 글
| FortiAnalyzer CLI (0) | 2018.05.08 |
|---|---|
| fortigate File reached uncompressed size limit (0) | 2018.05.08 |
| FortiGate 점점 CLI (0) | 2018.05.08 |
| How-to: Automate FortiGate configuration backups (0) | 2018.05.08 |
| Scheduled Daily Reboot of FortiGate (0) | 2018.05.08 |
| FortiGate DNS Translation (0) | 2018.05.08 |