Tuesday, October 9, 2012

FTP : Syntax and Examples

List of FTP commands for the Microsoft command-line FTP client

Command-line options

As you're starting the program from a DOS prompt:
ftp [-v] [-d] [-i] [-n] [-g] [-s:filename] [-a] [-w:windowsize] [computer]
  • -v - Suppresses verbose display of remote server responses.
  • -n - Suppresses auto-login upon initial connection.
  • -i - Turns off interactive prompting during multiple file transfers.
  • -d - Enables debugging, displaying all ftp commands passed between the client and server.
  • -g - Disables filename globbing, which permits the use of wildcard chracters in local file and path names.
  • -s:filename - Specifies a text file containing ftp commands; the commands will automatically run after ftp starts. No spaces are allowed in this parameter. Use this switch instead of redirection (>).
  • -a - Use any local interface when binding data connection.
  • -w:windowsize - Overrides the default transfer buffer size of 4096.
  • computer - Specifies the computer name or IP address of the remote computer to connect to. The computer, if specified, must be the last parameter on the line.

Client commands

  • ! - Runs the specified command on the local computer
  • ? - Displays descriptions for ftp commands
  • append - Appends a local file to a file on the remote computer
  • ascii - Sets the file transfer type to ASCII, the default
  • bell - Toggles a bell to ring after each file transfer command is completed (default = OFF)
  • binary - Sets the file transfer type to binary
  • bye - Ends the FTP session and exits ftp
  • cd - Changes the working directory on the remote computer
  • close - Ends the FTP session and returns to the command interpreter
  • debug - Toggles debugging (default = OFF)
  • delete - Deletes a single file on a remote computer
  • dir - Displays a list of a remote directory's files and subdirectories
  • disconnect - Disconnects from the remote computer, retaining the ftp prompt
  • get - Copies a single remote file to the local computer
  • glob - Toggles filename globbing (wildcard characters) (default = ON)
  • hash - Toggles hash-sign (#) printing for each data block transferred (default = OFF)
  • help - Displays descriptions for ftp commands
  • lcd - Changes the working directory on the local computer
  • literal - Sends arguments, verbatim, to the remote FTP server
  • ls - Displays an abbreviated list of a remote directory's files and subdirectories
  • mdelete - Deletes one or more files on a remote computer
  • mdir - Displays a list of a remote directory's files and subdirectories
  • mget - Copies one or more remote files to the local computer
  • mkdir - Creates a remote directory
  • mls - Displays an abbreviated list of a remote directory's files and subdirectories
  • mput - Copies one or more local files to the remote computer
  • open - Connects to the specified FTP server
  • prompt - Toggles prompting (default = ON)
  • put - Copies a single local file to the remote computer
  • pwd - Displays the current directory on the remote computer (literally, "print working directory")
  • quit - Ends the FTP session with the remote computer and exits ftp (same as "bye")
  • quote - Sends arguments, verbatim, to the remote FTP server (same as "literal")
  • recv - Copies a remote file to the local computer
  • remotehelp - Displays help for remote commands
  • rename - Renames remote files
  • rmdir - Deletes a remote directory
  • send - Copies a local file to the remote computer (same as "put")
  • status - Displays the current status of FTP connections
  • trace - Toggles packet tracing (default = OFF)
  • type - Sets or displays the file transfer type (default = ASCII)
  • user - Specifes a user to the remote computer
  • verbose - Toggles verbose mode (default = ON)


!

Runs the specified command on the local computer. Syntax: ! [command]
Parameter(s):
command - Specifies the command to run on the local computer. If command is omitted, the local command prompt is displayed; type "exit" to return to ftp.

?

Displays descriptions for ftp commands. ? is identical to help. Syntax: ? [command]
Parameter(s):
command - Specifies the name of the command about which you want a description. If command is not specified, ftp displays a list of all commands.

append

Appends a local file to a file on the remote computer using the current file type setting. Syntax: append local-file [remote-file]
Parameter(s):
local-file - Specifies the local file to add.
remote-file - Specifies the file on the remote computer to which local-file will be added. If remote-file is omitted, the local filename is used for the remote filename.

ascii

Sets the file transfer type to ASCII, the default. Syntax: ascii
Note
FTP supports two file transfer types, ASCII and binary image. ASCII should be used when transferring text files. See also binary.
In ASCII mode, character conversions to and from the network standard character set are performed. For example, end-of-line characters are converted as necessary, based on the target operating system.

bell

Toggles a bell to ring after each file transfer command is completed. By default, the bell is off. Syntax: bell


binary

Sets the file transfer type to binary. Syntax: binary
Note
FTP supports two file transfer types, ASCII and binary image. Binary should be used when transferring executable files. In binary mode, the file is moved byte-by-byte. See also ascii.

bye

Ends the FTP session with the remote computer and exits ftp. Syntax: bye


cd

Changes the working directory on the remote computer. Syntax: cd remote-directory
Parameter(s):
remote-directory - Specifies the directory on the remote computer to change to.

close

Ends the FTP session with the remote server and returns to the command interpreter. Syntax: close


debug

Toggles debugging. When debugging is on, each command sent to the remote computer is printed, preceded by the string --->. By default, debugging is off. Syntax: debug


delete

Deletes a single file on a remote computer. See also mdelete, which can delete multiple files. Syntax: delete remote-file
Parameter(s):
remote-file - Specifies the file to delete.

dir

Displays a list of a remote directory's files and subdirectories. See also mdir, which can list multiple directories. Syntax: dir [remote-directory] [local-file]
Parameter(s):
remote-directory - Specifies the directory for which you want to see a listing. If no directory is specified, the current working directory on the remote computer is used.
local-file - Specifies a local file to store the listing. If not specified, output is displayed on the screen.

disconnect

Disconnects from the remote computer, retaining the ftp prompt. Syntax: disconnect


get

Copies a remote file to the local computer using the current file transfer type. See also mget, which can copy multiple files. Syntax: get remote-file [local-file]
Parameter(s):
remote-file
Specifies the remote file to copy.
local-file
Specifies the name to use on the local computer. If not specified, the file is given the remote-file name.

glob

Toggles filename globbing. Globbing permits use of wildcard characters in local file or path names. By default, globbing is on. Syntax: glob


hash

Toggles hash-sign (#) printing for each data block transferred. The size of a data block is 2048 bytes. By default, hash mark printing is off. Syntax: hash


help

Displays descriptions for ftp commands. Syntax: help [command]
Parameter(s):
command - Specifies the name of the command about which you want a description. If command is not specified, ftp displays a list of all commands.

lcd

Changes the working directory on the local computer. By default, the working directory is the directory in which ftp was started. Syntax: lcd [directory]
Parameter(s):
directory - Specifies the directory on the local computer to change to. If directory is not specified, the current working directory on the local computer is displayed.

literal

Sends arguments, verbatim, to the remote FTP server. A single FTP reply code is expected in return. Syntax: literal argument [ ...]
Parameter(s):
argument - Specifies the argument to send to the FTP server.

ls

Displays an abbreviated list of a remote directory's files and subdirectories. Syntax: ls [remote-directory] [local-file]
Parameter(s):
remote-directory - Specifies the directory for which you want to see a listing. If no directory is specified, the current working directory on the remote computer is used.
local-file - Specifies a local file to store the listing. If not specified, output is displayed on the screen.

mdelete

Deletes one or more files on a remote computer. Syntax: mdelete remote-files [ ...]
Parameter(s):
remote-files - Specifies the remote files to delete.

mdir

Displays a list of a remote directory's files and subdirectories. Mdir allows you to specify multiple files. Syntax: mdir remote-files [ ...] local-file
Parameter(s):
remote-files - Specifies the directory for which you want to see a listing. Remote-files must be specified; type "-" to use the current working directory on the remote computer.
local-file - Specifies a local file to store the listing. Type "-" to display the listing on the screen.

mget

Copies one or more remote files to the local computer using the current file transfer type. Syntax: mget remote-files [ ...]
Parameter(s):
remote-files - Specifies the remote file(s) to copy to the local computer.

mkdir

Creates a remote directory. Syntax: mkdir directory
Parameter(s):
directory - Specifies the name of the new remote directory.

mls

Displays an abbreviated list of a remote directory's files and subdirectories. Syntax: mls remote-files [ ...] local-file
Parameter(s):
remote-files - Specifies the files for which you want to see a listing. Remote-files must be specified; type "-" to use the current working directory on the remote computer.
local-file - Specifies a local file to store the listing. Type "-" to display the listing on the screen.

mput

Copies one or more local files to the remote computer using the current file transfer type. Syntax: mput local-files [ ...]
Parameter(s):
local-files - Specifies the local files to copy to the remote computer.

open

Connects to the specified FTP server. Syntax: open computer [port]
Parameter(s):
computer - Specifies the remote computer to connect to. Computer can be specified by IP address or computer name (a DNS or HOSTS file must be available). If auto-login is on (default), FTP also attempts to automatically log the user in to the FTP server (see Ftp command-line options to disable auto-login).
port - Specifies a port number to use to contact an FTP server.

prompt

Toggles prompting. Ftp prompts during multiple file transfers to allow you to selectively retrieve or store files; mget and mput transfer all files if prompting is turned off. By default, prompting is on. Syntax: prompt


put

Copies a local file to the remote computer using the current file transfer type. See also mput, which can copy multiple files. Syntax: put local-file [remote-file]
Parameter(s):
local-file - Specifies the local file to copy.
remote-file - Specifies the name to use on the remote computer. If not specified, the file is given the local-file name.

pwd

Displays the current directory on the remote computer. Syntax: pwd


quit

Ends the FTP session with the remote computer and exits ftp. Syntax: quit


quote

Sends arguments, verbatim, to the remote FTP server. A single FTP reply code is expected in return. Quote is identical to literal. Syntax: quote argument [ ...]
Parameter(s):
argument - Specifies the argument to send to the FTP server.

recv

Copies a remote file to the local computer using the current file transfer type. Recv is identical to get. Syntax: recv remote-file [local-file]
Parameter(s):
remote-file - Specifies the remote file to copy.
local-file - Specifies the name to use on the local computer. If not specified, the file is given the remote-file name.

remotehelp

Displays help for remote commands. Syntax: remotehelp [command]
Parameter(s):
command - Specifies the name of the command about which you want help. If command is not specified, ftp displays a list of all remote commands.

rename

Renames remote files. Syntax: rename filename newfilename
Parameter(s):
filename - Specifies the file you want to rename.
newfilename - Specifies the new filename.

rmdir

Deletes a remote directory. Syntax: rmdir directory
Parameter(s):
directory - Specifies the name of the remote directory to delete.

send

Copies a local file to the remote computer using the current file transfer type. Send is identical to put. Syntax: send local-file [remote-file]
Parameter(s):
local-file - Specifies the local file to copy.
remote-file - Specifies the name to use on the remote computer. If not specified, the file is given the local-file name.

status

Displays the current status of FTP connections and toggles. Syntax: status


trace

Toggles packet tracing; trace displays the route of each packet when running an ftp command. Syntax: trace


type

Sets or displays the file transfer type. Syntax: type [type-name]
Parameter(s):
type-name - Specifies the file transfer type; the default is ASCII. If type-name is not specified, the current type is displayed.
Note
FTP supports two file transfer types, ASCII and binary image.
ASCII should be used when transferring text files. In ASCII mode, character conversions to and from the network standard character set are performed. For example, end-of-line characters are converted as necessary, based on the destination's operating system.
Binary should be used when transferring executable files. In binary mode, the file is moved byte-by-byte.

user

Specifes a user to the remote computer. Syntax: user user-name [password] [account]
Parameter(s):
user-name - Specifies a user name with which to log in to the remote computer.
password - Specifies the password for user-name. If not specified, but required, ftp prompts for the password.
account - Specifies an account with which to log on to the remote computer. If account is not specified, but required, ftp prompts for the account.

verbose

Toggles verbose mode. If on, all ftp responses are displayed; when a file transfer completes, statistics regarding the efficiency of the transfer are also displayed. By default, verbose is on. Syntax: verbose

Tuesday, October 2, 2012

Windows : Here is a list of commands that you can run off from the Run Command Prompt


Here is a list of commands that you can run off from the Run Command Prompt:
============================================================================

Program Run Command

Accessibility Controls = access.cpl
Accessibility Wizard = accwiz
Add Hardware Wizard = hdwwiz.cpl
Add/Remove Programs = appwiz.cpl
Administrative Tools = control admintools
Adobe Acrobat ( if installed ) = acrobat
Adobe Distiller ( if installed ) = acrodist
Adobe ImageReady ( if installed ) = imageready
Adobe Photoshop ( if installed ) = photoshop
Automatic Updates = wuaucpl.cpl
Basic Media Player = mplay32
Bluetooth Transfer Wizard = fsquirt

Calculator = calc
Ccleaner ( if installed ) = ccleaner
C: Drive = c:
Certificate Manager = cdrtmgr.msc
Character Map = charmap
Check Disk Utility = chkdsk
Clipboard Viewer = clipbrd
Command Prompt = cmd
Command Prompt = command
Component Services = dcomcnfg
Computer Management = compmgmt.msc
Compare Files = comp
Control Panel = control
Create a shared folder Wizard = shrpubw

Date and Time Properties = timedate.cpl
DDE Shares = ddeshare
Device Manager = devmgmt.msc
Direct X Control Panel ( if installed ) = directx.cpl
Direct X Troubleshooter = dxdiag
Disk Cleanup Utility = cleanmgr
Disk Defragment = dfrg.msc
Disk Partition Manager = diskmgmt.msc
Display Properties = control desktop
Display Properties = desk.cpl
Display Properties (w/Appearance Tab Preselected ) = control color
Dr. Watson System Troubleshooting Utility = drwtsn32
Driver Verifier Utility = verifier

Ethereal ( if installed ) = ethereal
Event Viewer = eventvwr.msc
Files and Settings Transfer Tool = migwiz
File Signature Verification Tool = sigverif
Findfast = findfast.cpl
Firefox = firefox
Folders Properties = control folders
Fonts = fonts
Fonts Folder = fonts
Free Cell Card Game = freecell

Game Controllers = joy.cpl
Group Policy Editor ( xp pro ) = gpedit.msc
Hearts Card Game = mshearts
Help and Support = helpctr
Hyperterminal = hypertrm
Hotline Client = hotlineclient

Iexpress Wizard = iexpress
Indexing Service = ciadv.msc
Internet Connection Wizard = icwonn1
Internet Properties = inetcpl.cpl
Internet Setup Wizard = inetwiz
IP Configuration (Display Connection Configuration) = ipconfig /all
IP Configuration (Display DNS Cache Contents) = ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents) = ipconfig /flushdns
IP Configuration (Release All Connections) = ipconfig /release
IP Configuration (Renew All Connections) = ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS) = ipconfig /registerdns
IP Configuration (Display DHCP Class ID) = ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID) = ipconfig /setclassid

Java Control Panel ( if installed ) = jpicpl32.cpl
Java Control Panel ( if installed ) = javaws
Keyboard Properties = control keyboard

Local Security Settings = secpol.msc
Local Users and Groups = lusrmgr.msc
Logs You Out of Windows = logoff

Malicious Software Removal Tool = mrt
Microsoft Access ( if installed ) = access.cpl
Microsoft Chat = winchat
Microsoft Excel ( if installed ) = excel
Microsoft Diskpart = diskpart
Microsoft Frontpage ( if installed ) = frontpg
Microsoft Movie Maker = moviemk
Microsoft Management Console = mmc
Microsoft Narrator = narrator
Microsoft Paint = mspaint
Microsoft Powerpoint = powerpnt
Microsoft Word ( if installed ) = winword
Microsoft Syncronization Tool = mobsync
Minesweeper Game = winmine
Mouse Properties = control mouse
Mouse Properties = main.cpl
MS-Dos Editor = edit
MS-Dos FTP = ftp

Nero ( if installed ) = nero
Netmeeting = conf
Network Connections = control netconnections
Network Connections = ncpa.cpl
Network Setup Wizard = netsetup.cpl
Notepad = notepad
Nview Desktop Manager ( if installed ) = nvtuicpl.cpl

Object Packager = packager
ODBC Data Source Administrator = odbccp32
ODBC Data Source Administrator = odbccp32.cpl
On Screen Keyboard = osk
Opens AC3 Filter ( if installed ) = ac3filter.cpl
Outlook Express = msimn

Paint = pbrush
Password Properties = password.cpl
Performance Monitor = perfmon.msc
Performance Monitor = perfmon
Phone and Modem Options = telephon.cpl
Phone Dialer = dialer
Pinball Game = pinball
Power Configuration = powercfg.cpl
Printers and Faxes = control printers
Printers Folder = printers
Private Characters Editor = eudcedit

Quicktime ( if installed ) = quicktime.cpl
Quicktime Player ( if installed ) = quicktimeplayer

Real Player ( if installed ) = realplay
Regional Settings = intl.cpl
Registry Editor = regedit
Registry Editor = regedit32
Remote Access Phonebook = rasphone
Remote Desktop = mstsc
Removable Storage = ntmsmgr.msc
Removable Storage Operator Requests = ntmsoprq.msc
Resultant Set of Policy ( xp pro ) = rsop.msc

Scanners and Cameras = sticpl.cpl
Scheduled Tasks = control schedtasks
Security Center = wscui.cpl
Services = services.msc
Shared Folders = fsmgmt.msc
Sharing Session = rtcshare
Shuts Down Windows = shutdown
Sounds Recorder = sndrec32
Sounds and Audio = mmsys.cpl
Spider Solitare Card Game = spider
SQL Client Configuration = clicongf
System Configuration Editor = sysedit
System Configuration Utility = msconfig
System File Checker Utility ( Scan Immediately ) = sfc /scannow
System File Checker Utility ( Scan Once At Next Boot ) = sfc /scanonce
System File Checker Utility ( Scan On Every Boot ) = sfc /scanboot
System File Checker Utility ( Return to Default Settings) = sfc /revert
System File Checker Utility ( Purge File Cache ) = sfc /purgecache
System File Checker Utility ( Set Cache Size to Size x ) = sfc /cachesize=x
System Information = msinfo32
System Properties = sysdm.cpl

Task Manager = taskmgr
TCP Tester = tcptest
Telnet Client = telnet
Tweak UI ( if installed ) = tweakui
User Account Management = nusrmgr.cpl
Utility Manager = utilman

Volume Serial Number for C: = label
Volume Control = sndvol32
Windows Address Book = wab
Windows Address Book Import Utility = wabmig
Windows Backup Utility ( if installed ) = ntbackup
Windows Explorer = explorer
Windows Firewall = firewall.cpl
Windows Installer Details = msiexec
Windows Magnifier = magnify

Windows Management Infrastructure = wmimgmt.msc
Windows Media Player = wmplayer
Windows Messenger = msnsgs
Windows Picture Import Wizard (Need camera connected) = wiaacmgr
Windows System Security Tool = syskey
Windows Script host settings = wscript
Widnows Update Launches = wupdmgr
Windows Version ( shows your windows version ) = winver
Windows XP Tour Wizard = tourstart
Wordpad = write
Zoom Utility = igfxzoom

If you found this list of Run Commands useful, please Like and Share to Everyone.!

Monday, July 2, 2012

Migration from SecurePlatform to Gaia

Solution ID:

sk68140
Product:

Security Gateway, Security Management, SecurePlatform
Version:

R75.40
OS:

Gaia
Platform / Model:

All







Solution 
This solution describes a method for performing a migration from SecurePlatform to Gaia.
For example, when you want to replicate machine A (running SecurePlatform) onto machine B (running Gaia).
Important: The process described in this page handles operating system configuration only. Security Gateway migration is a different process, which is not discussed in this page.
Steps
  1. Export the SecurePlatform configuration into a tarball.
  2. Copy the tarball into the Gaia machine and extract the files.
  3. Run the Gaia converter on the SecurePlatform configuration files, to generate a clish script.
  4. Load the clish script into Gaia.
Step 1 - Export SecurePlatform configuration
You can do it in two ways:
  1. The recommended way is copying the configuration files directly, because it does not involve a cpstop and can be run on a production machine. You can use the copyfiles script to copy the files to a tarball.
  2. Get the files is through backup of SecurePlatform. This involves stopping the firewall (cpstop).
Step 2 - Copy the file into the Gaia machine
Copy the files from Step 1 into the Gaia machine, and put them in a directory.
Step 3 - Run the Gaia converter
Run the converter utility in the same directory where you put the SecurePlatform configuration files.
Example:
clish> expert
Enter expert password:
bash> converter -o myconfig
The resulting myconfig script contains clish commands that can be run in Gaia to replicate the same OS configuration.
Step 4 - Load the clish script
There are two ways to do it:
  1. The recommended way is to put the clish script in your home directory, and then run the following four commands:

    clish> set clienv on-failure continue
    clish> load configuration myconfig
    clish> set clienv on-failure stop
    clish> save config 
  1. Run the clish with a script like this:
    bash> clish -fi myconfig
    bash> clish -c "save config"

Note: The following files are processed by the Gaia converter.
Feature
File name
Interfaces and routing
/etc/sysconfig/netconf.C

/etc/sysconfig/network
Known hosts
/etc/hosts

/etc/hosts.allow
Passwords
/etc/shadow
User accounts
/etc/passwd
Known DNS servers
/etc/resolv.conf

/etc/sysconfig/external.if
DHCP client
/etc/dhcpd.conf
DHCP server
/etc/sysconfig/dhcpd
DHCP relay
/etc/sysconfig/dhcrelay
Cron jobs
/var/spool/cron/root
NTP client
/etc/sysconfig/ntp

/opt/spwm/conf/cp_http_admin_server.conf
Known RADIUS servers
/etc/raddb/server
RADIUS groups
/etc/raddb/groups

/etc/sysconfig/ethtab
Syslog
/etc/sysconfig/syslog
Syslog
/etc/syslog.conf
ARP dynamic cache size
/proc/sys/net/ipv4/neigh/default/gc_thresh3

Monday, June 18, 2012

Checkpoint : SecureXL

Traffic acceleration

When SecureXL is enabled, all traffic should be accelerated, except traffic that matches the following conditions:
  • The first packets of any new TCP session, unless a "template" exists.
  • The first packet of any new UDP session.
  • All traffic that matches a service that uses a Resource.
  • Certain traffic that matches a service that is inspected by a SmartDefence or Web Intelligence feature. For example, traffic on which SSH protections are activated is not accelerated. For more details, refer to sk42401: Factors that adversely affect performance in SecureXL.
  • All traffic that is supposed to be dropped or rejected, according to the rule base.
  • All traffic that matches a rule, whose source or destination is the Gateway itself.
  • All traffic that matches a rule with a Security Server.
  • All traffic that matches a rule with User Authentication or Session Authentication.
  • Non-TCP/UDP/GRE/ESP traffic.
  • All multicast traffic.
  • All fragmented traffic.
  • All traffic with IP options.
  • RST packets, when the "Spoofed Reset Protection" feature is activated.
  • When using ClusterXL in Load Sharing mode with 'Sticky Decision Function'.
  • Traffic that violates stateful inspection paradigm, or that is suspected to be spoofed.
  • IPv6 traffic

Connection establishment acceleration ("templates" mechanism)

In order to enhance connection establishment acceleration, a mechanism attempts to "group together" all connections that match a particular service and whose sole discriminating element is the Source Port. This type of "grouping" enables even the very first packets of a TCP handshake to be accelerated. This is very useful on short connections, in which the percentage of TCP handshake traffic is very high.

The very first packets of the first connection on the same service will be forwarded to the Security Gateway's kernel, which will then create a "template" of the connection and notify the SecureXL device. Any subsequent TCP establishments on the same service (where only the source port is different) will already be accelerated (as well as any other traffic, of course).

There are several conditions that will prevent a template from being created:
  • Connections that cannot be discriminated ONLY by the source port cannot be templated.
  • NATed traffic cannot be templated.
  • VPN traffic cannot be templated.
  • Complex connections (FTP, H323, etc.) cannot be templated.
  • Non-TCP/Non-UDP traffic cannot be templated.
  • The following rules will prevent a Connection Template from being created. All subsequent rules below such rules will not be templated as well, regardless of the rule. It is advised that all rules that can be templated, be placed at the top of the rule base (unless of course, this will violate other optimization considerations):
    • Rule with service 'Any'
    • Rule with a service that has a 'handler' (where a specific protocol is chosen in 'Protocol Type' field - instead of 'None' ; go to service object - right-click - Edit... - Advanced... - Protocol Type:).
    • Rules with the following objects:
      • Time object
      • Port range object
      • Dynamic object
    • Rules with "complex" services (i.e., services that have anything specified in the "Match" field, or "Enable reply from any port" of their "Advanced" section or Source Port is defined).
    • Rules with RPC/DCOM/DCE-RPC services.
    • Rules with Client Authentication or Session Authentication.
    • When SYN Defender or Small PMTU features are activated in SmartDefense/IPS.

Sunday, June 10, 2012

/var/log/messages interpretation

/var/log/messages interpretation:
======================

Jun 10 01:48:15 FW00301 sshd(pam_unix)[2833]: session opened for user admin by (uid=0)

Jun 10 01:48:18 FW00301 cpshell: cmd by admin:  ifconfig -a

Jun 10 01:48:19 FW00301 cpshell: cmd by admin:  fw stat

Jun 10 01:48:19 FW00301 shell: cmd by admin: uptime

Jun 10 01:48:38 FW00301 shell: cmd by admin: cphaprob state

Jun 10 01:48:43 FW00301 cpshell: cmd by admin:  uptime

Jun 10 01:48:45 FW00301 cpshell: cmd by admin:  time

Jun 10 01:48:48 FW00301 cpshell: cmd by admin:  ver

Jun 10 01:48:49 FW00301 cpshell: cmd by admin:  uptime

Jun 10 01:48:52 FW00301 cpshell: cmd by admin:  fw ver

Jun 10 01:48:56 FW00301 shell: cmd by admin: cat /var/log/messages

In Above example. You can see the logs of command execution form admin othru cpshell and shell


Here is the explanation,

Shell - ILO user thru VSP

CPShell - User thru CLI - vty (putty in my case)


Monday, June 4, 2012

NIC status in Linux



#!/bin/bash

NICLIST=`ifconfig | egrep '^eth[0-9] ' | awk '{ print $1 }'`


for nics in $NICLIST
do
niclink=(`ethtool $nics | awk '/Duplex/ { duplex=$2 }; /Link detected/ { link=$3 }; /Speed/ { speed=$2 } END { print link " " speed " " duplex }'`)

if [ "${niclink[0]}" = "yes" ]; then
speed="${niclink[1]}"
duplex="${niclink[2]}"
fi

printf "%7s %4s %9s %5s\n" $nics ${niclink[0]} $speed $duplex


speed=""
duplex=""
done


Note : Power-1 and UTM-1 There are differences as the nic name changes

Cisco - ASA : NAT

I always had a confusion about the NAT in ASA. Today I am going to make it very clear

static (inside, outside) 203.200.138.70 192.168.1.100 netmask 255.255.255.255

when traffic intiate from inside = the SOURCE will get NATTED. ie, 192.168.1.100 will become 203.200.138.70 in the souce column

and

when traffic intiate from outside = the DESTINATION will get NATTED. ie, 203.200.138.70 will become 192.168.1.100 in dst column

=========================================================================

static (outside, inside) 203.200.138.70 192.168.1.100 netmask 255.255.255.255

When traffic intiates from outside zone, souce nat will happen ie, 192.168.1.100 wil become 203.200.138.70 in SRC column

When traffic intiates from inside zone, DST nat will happen ie, 203.200.138.70 wil become 192.168.1.100 in DST column

Monday, May 21, 2012

Upgrading F5 Big-IP from version 9.3.x or 9.4.x to 10.x

Upgrading Big-IP from version 9.3.x or 9.4.x to 10.x
======================================================
This installation was performed on a Big-IP 3600. Hardware details are as follows:
PLATFORM INFORMATION --
| Marketing Name: BIG-IP 3600
| BIOS Rev: AMIBIOS(C)2006 American Megatrends, Inc. F5 Platform: MERCURY OBJ-0272-03 BIOS S10.0 Date:04/24/2009
| base MAC: 00:00:00:00:00:00
+-> SYSTEM INFO
| Type: C103
| Chassis serial: f5-yyyy-xxxx Level 200 part: 200-0293-11 REV A
| Memory: 3.437GB
+-> HARDWARE CARDS
| | Type: pic Model: F5 cpld
| | version: 0x13
| | Type: crypto Model: Cavium NITROX-PX
| | version: CNPx-MC-SSL-MAIN-MC1-0001
+-> CPU 0
| | Type: Intel(R) Core(TM)2 Duo CPU E6400 @ 2.13GHz Speed: 2133.469MHz
| | Temp: 37degC Fan speed: 10546rpm


1. Download the iso and md5 files from the F5 website.

2. SCP to your F5 Big-IP appliance.

3. Transfer files downloaded in step 1 to the directory “/shared/images”. Create this directory if it does not exist.

4. Login to the CLI of the device using the root account. Verify the integrity of the images. Apply the following commands:

md5sum /shared/images/BIGIP-10.0.1.283.0.iso
cat /shared/images/BIGIP-10.0.1.283.0.md5

Visually check that the hash values outputs are identical.

5. Login to the CLI of the device using the root account. Install the configuration utility “image2disk” – the iso image contains the image2disk utility. Apply the following command to install the utlity:

im /shared/images/BIGIP-10.0.1.283.0.iso

The process copies over the image2disk installation utility, and then presents a status message, which lets you know that the im command is no longer supported, and tells you how to proceed.

/tmp/rpmdisk.173hO1 /shared/images
info: media has tm_install version 2.6.2, release 40.0
info: adding bin/../isolinux/install/tm_install.rpm to system...
info: media has perl-RPM2 version 0.67, release 10.0.0.4598.0
info: adding bin/../isolinux/install/perl-RPM2.rpm to system...
The im utility is no longer used to upgrade software images.
Please use 'image2disk'. For help, use 'image2disk -h'.
You must always install to an image location that is not in use.
Here is your current image-location status:
HD1.1 active no default no title BIG-IP 9.1.2 Build 40.2
HD1.2 active yes default yes title BIG-IP 9.3.1 Build 37.1


6. Determine which HD slot to install the new in using the switchboot utility. You must install the image on an inactive slot. Apply the following command:

switchboot –l

Sample output:
[root@F5:Active] / # switchboot –l
Current boot image:
HD1.1 - BIG-IP 9.4.8 Build 355.0
Default boot image:
HD1.1 - BIG-IP 9.4.8 Build 355.0
Available boot image(s):
HD1.1 - BIG-IP 9.4.8 Build 355.0
HD1.2 - BIG-IP 9.4.8 Build 355.0
[root@F5:Active] / #

7. Install the new image. This step will reformat the disk to use Logical Volume Management. Apply the following command as the root using the CLI:
image2disk --instslot=HD1.2 --format=volumes /shared/images/BIGIP-10.0.1.283.0.iso
The upgrade process installs the software on the inactive installation location (--instslot) that you specify. This process usually takes between three minutes and seven minutes.

8. Reboot the into the volume where you installed the new image:
switchboot -b HD1.2
reboot

Installing Hotfixes 10.x
1. Download the Hot fix files from F5:
• Hotfix-BIGIP-10.0.1-402.7-HF4.iso
• Hotfix-BIGIP-10.0.1-402.7-HF4.md5

2. SCP to the device and copy the downloaded hot fix files to the directory “/shared/images”. Login to the CLI and verify the files are recognised by the device. Apply the following command:
bigpipe software list
Sample output:
[admin@F5:Active] images # bigpipe software list
software {
desired {
HD1.1 {}
HD1.2 {
product "BIG-IP"
version "10.0.1"
build "283.0"
active enable
}
HD1.3 {}
}
hotfixes "Hotfix-BIGIP-10.0.1-402.7-HF4.iso"
images "BIGIP-10.0.1.283.0.iso"
}
[admin@F5:Active] images #
3. Verify the integrity of the files. Apply the following commands:
md5sum /shared/images/Hotfix-BIGIP-10.0.1-402.7-HF4.iso
cat /shared/images/Hotfix-BIGIP-10.0.1-402.7-HF4.md5

Visually check the hash values are the same from the output.

4. Verify the disk formatting scheme used by the device. Apply the following command:

lvscan
Sample output:
[admin@F5:Active] images # lvscan
lvscan -- ACTIVE "/dev/vg-db-sda/dat.share.1" [30 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/dat.log.1" [7 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.1._usr" [1 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.2._usr" [1 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3.root" [256 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._config" [512 MB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._var" [3.25 GB] contiguous
lvscan -- ACTIVE "/dev/vg-db-sda/set.3._usr" [1 GB] contiguous
lvscan -- 14 logical volumes with 52 GB total in 2 volume groups
lvscan -- 14 active logical volumes

[admin@F5:Active] images #

5. The Big-IP image and hotfix file into a volume which is NOT active. Check which volume is active – apply the following command:
bigpipe software
Sample output:
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 none none none no complete
[admin@F5:Active] images #

6. Install the Big-IP image and hotfix file into the inactive volume.

a) First install the Big-IP image. Apply the following command:
bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 283.0
Sample Output:
[admin@F5:Active] images # bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 283.0
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no installing 0.000 pct
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no installing 3.000 pct
[admin@F5:Active] images #
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 283.0 no complete

b) Apply the hotfix onto the Big-IP image. Apply the following commands:
bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 402.7
Sample Output:
[admin@F5:Active] images # bigpipe software desired HD1.3 product BIG-IP version 10.0.1 build 402.7
[admin@F5:Active] images # bigpipe software
SOFTWARE
+-> SOFTWARE STATUS
| Key Slot Product Version Build Active Status
| HD1.1 0 none none none no complete
| HD1.2 0 BIG-IP 10.0.1 283.0 yes complete
| HD1.3 0 BIG-IP 10.0.1 402.7 no installing hotfix
[admin@F5:Active] images #

c) Boot into the volume containing the hotfix. Apply the following command:

switchboot -b HD1.3
reboot

Sample Output:
[admin@F5:Active] images # switchboot -b HD1.3
[admin@F5:Active] images # reboot

Broadcast message from root (pts/0) (Tue Jan 25 12:00:58 2011):

The system is going down for reboot NOW!
[admin@F5:Active] images #

References
F5: Manual Chapter: Using the image2disk and diskinit Utilities
F5: SOL11496

Sunday, March 4, 2012

Checkpoint : Spalt - Disable CD/DVD Rom

How to disable the cd rom from CLI

cd /lib/modules/2.6.18-92cp/kernel/drivers/cdrom

mv cdrom.ko cdrom.ko.orig

Reboot

or

modprobe -r sr_mod

Saturday, March 3, 2012

Cluster XL HA - Going ACTIVE/ACTIVE - BOTH ACTIVE

HA Cluster XL - Going ACTIVE/ACTIVE=============
Model : Power-1/UTM-1/Secure Platform
Things need to be checked to make the pairs identical and to avoid Active / Active stituation and an outage
1. Check Cable of Sync - it should be either cross cable (I have seen the use of a convertor in straight cable to make the cable cross, this can be used) or straight cable thru a dedicated switch/Vlan - THIS IS MOST important
2. Check the cluster XL method - broadcast /multicast , it should be same in both the members
Verify :
[Expert@gehfgmuswaudc31]# cat $FWDIR/boot/ha_boot.conf ha_installed 1 ccp_mode broadcast [Expert@gehfgmuswaudc31]#
in above example it is broadcast mode, even the default is multicast, in cisco gear I found issues with multicast having a low priority and packet dropped eventually in busy networks.
To make it broadcast mode "cphaconf set_ccp broadcast" To make it multicast mode "cphaconf set_ccp multicast"
You will find error logs in tracker when interface is flapping, you must set the mode to broadcast
3. check the values in $FWDIR/boot/modules/fwkern.conf, this value should be same in all members
verify :
[Expert@gehfgmuswaudc31]# cat /opt/CPsuite-R70/fw1/boot/modules/fwkern.conf fwha_mac_magic=0x1f fwha_mac_forward_magic=0x20
5. Disable all interfaces which are not used
you can either disable in webui or use the CLI command as follows
ifconfig down ifconfig --save
You may require reboot after this
I have observed that some case, need to explicitly tell clusterXL about the unused interafces - sk30060 - I never used it, always diabled interfaces
ie , declare the interface which are not used in the below file cpstop
$FWDIR/conf/discntd.if
cpstart
to get the interface name, use command : fw getifs
6. Check CoreXL disabled or enabled in all boxes - coreXL can be enabled in boxes with have min 4 core or more. Licenses should be there for those many cores
- So better disable it if not used in all boxes
7. If the above steps do not resolve the reported behavior, then open ticket with CP with following info
A) make sure the cluster is enabled on both members
B) make sure the problem is replicated
C) collect at the same time CPinfo file from both members
D) collect at the same time CPinfo file from MGMT server
E) run the following debug on both members for 5 minutes
# fw ctl debug 0 # fw ctl debug -buf 32000 # fw ctl debug -m cluster + conf if pnote stat # fw ctl kdebug -T -f 1>> /var/log/debug.txt 2>> /var/log/debug.txt let the debug run for 5 minutes press CTRL+C # fw ctl debug 0
Collect /var/log/debug.txt from each member