User contributions for Saurabh
From Notes_Wiki
- 06:10, 8 September 2023 diff hist +773 N Paltalto firewall Monitor allowed/denied traffic Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor allowed/denied traffic Go to Monitor -> Logs -> Traffic. Here we filter for source/destination. Here unlike session monitoring we can see historic (Based on log storage capacity of firewall) sessions and whether they were allowed or denied. Example filter ( addr.dst in 192.168.0.0/24 ) Same as monitor ->..."
- 06:09, 8 September 2023 diff hist +961 N Paltalto firewall Monitor Session Browser Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto troubleshooting options > Paltalto firewall Monitor Session Browser We can monitor for sessions from specific source or to specific destinations to see whether they are even going through firewall. Once we go to Monitor -> Session Browser and configure filters. For filter click on any source / destination etc. listed and change the value. Example filter to s..."
- 06:08, 8 September 2023 diff hist +78 m Paloalto firewall packet capturing current
- 06:06, 8 September 2023 diff hist +1,529 N Paloalto Policy based forwarding (PBF) Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto Policy based forwarding (PBF) On PBF note that: * We dont need PBF for incoming NAT reply packets. Using ECMP with symmetric return on router is enough. * Dont do PBF with a specific ISP when the same source machine LAN machine is NAT with public IP of other ISP. In that case reply packets try to use a different ISP (As per PBF) and configuration does not works..." current
- 06:03, 8 September 2023 diff hist +2 m Paloalto using ECMP for active/active ISP connectivity current
- 06:00, 8 September 2023 diff hist +1,866 N Paloalto using ECMP for active/active ISP connectivity Created page with "Home > Enterprise security devices or applications > Paloalto firewall > aloalto using ECMP for active/active ISP connectivity =Enabling ECMP= If organization has multiple ISPs then: # Enable ECMP in virtual router with symmetric return. We can enable up to 4 equal cost routes via ECMP # After commit check "runtime stats" local routing table of the device (Should be done on device, cant be done via panorama) and validate that we have default r..."
- 05:46, 8 September 2023 diff hist +779 m Paloalto NAT examples
- 05:44, 8 September 2023 diff hist +781 N Paloalto NAT examples Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto NAT examples =NAT of public IP to private IP on a few ports= To NAT a public IP:port to private IP:port use: # Create WAN to WAN Security rule with destination as NATed public IP with all services and all ports # Create NAT rule from WAN to LAN with source IP as any and destination IP as WAN public IP. After NAT change the destination IP to LAN IP. Here in NAT..."
- 05:41, 8 September 2023 diff hist +2,779 N Paloalto Configure firewall for proxy DNS Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto Configure firewall for proxy DNS Palo Alto Networks firewalls can act as DNS servers for local users. By configuring DNS Proxy on the firewall, you can intercept DNS requests from internal clients and forward them to external DNS servers or resolve them locally. =Configure DNS proxy via setup and service route configuration= To check the DNS settings on a Palo A..." current
- 05:34, 8 September 2023 diff hist +543 N Paloalto general notes or best practices Created page with "Home > Enterprise security devices or applications > Paloalto firewall > Paloalto general notes or best practices =Add /32 netmask for a single IP= Adding netmask eg /32 for a single IP is important. Without this the policy / rule may get accepted and committed but does not works unless we add /32 netmask. This should be followed for all address objects without fail. Home > Enterprise security devices or applications >..."
- 04:48, 8 September 2023 diff hist +196 m Configuring nrpe based internal service checks current
- 04:46, 8 September 2023 diff hist +45 m CentOS 8.x systemd or systemctl
- 04:46, 8 September 2023 diff hist +435 m Check cluster status via systemd service current
- 04:45, 8 September 2023 diff hist +103 m Check cluster status via systemd service
- 04:44, 8 September 2023 diff hist +118 m Check cluster health via nagios plugin current
- 04:43, 8 September 2023 diff hist +163 m SAP setup and maintenance
- 04:43, 8 September 2023 diff hist +2,910 N Check cluster health via nagios plugin Created page with "Home > Suse > SAP setup and maintenance > Check cluster health via nagios plugin We can monitor cluster health using nagios plugin using: '''Not tested in production''' #Create a plugin to be called via nrpe on the cluster host '<tt>/usr/lib64/nagios/plugins/cluster_check.sh</tt>' with: <source type="bash"> #!/bin/bash # Run crm status command and capture output crm_output=$(crm status 2>&1) # Check for error or warning in output, ignoring ca..."
- 04:33, 8 September 2023 diff hist +71 m Systemd
- 04:33, 8 September 2023 diff hist +285 m CentOS 8.x systemd or systemctl
- 04:31, 8 September 2023 diff hist +2,798 N Check cluster status via systemd service Created page with "Home > Suse > SAP setup and maintenance > Check cluster status via systemd service We can check cluster status via a systemd script using: '''Not tested in production''' # Setup outgoing email via postfix on the system so that email can be sent using mail command via CentOS 8.x postfix send email through relay or smarthost with smtp authentication # Create a systemd script '<tt>/etc/systemd/system/cluster_status_check.service</tt>' with: <s..."
- 04:23, 8 September 2023 diff hist +456 m CentOS 8.x Systemd based reverse ssh tunnel service current
- 04:20, 8 September 2023 diff hist +126 m CentOS 8.x SAP setup and maintenance current
- 04:15, 8 September 2023 diff hist +3,658 m CentOS 8.x postfix send email through relay or smarthost with smtp authentication
- 04:11, 17 August 2023 diff hist +557 m Rsnapshot current
- 14:01, 22 July 2023 diff hist +452 m Rocky 8.x SSH client Connecting to old network devices with legacy protocols and ciphers current
- 05:56, 19 July 2023 diff hist +43 m Rocky 9.x System Administration
- 05:56, 19 July 2023 diff hist +930 N Rocky 9.x Add UEFI boot option in BIOS Created page with "Home > Rocky Linux or CentOS > Rocky Linux 9.x > System Administration > Add UEFI boot option in BIOS If for some reason UEFI boot option from BIOS for Rocky is removed and you want to add it again use: # Disable secure boot. This may require shimx64 efi image # Add a new option for Rocky pointing to '<tt>EFI/rocky/grubx64.efi</tt>' file under EFI boot partition # Eithe..." current
- 08:10, 26 June 2023 diff hist +3,011 m Upgrading 12SP4 LPAR to 15SP1 current
- 05:19, 26 June 2023 diff hist +158 m Paloalto firewall Configure dual ISP dual site-to-site IPSec VPN tunnel failover current
- 05:08, 26 June 2023 diff hist +224 m Rocky 9.x Upgrade Rocky 8.x to Rocky 9.x
- 05:04, 26 June 2023 diff hist +1,226 m Rocky 9.x Upgrade Rocky 8.x to Rocky 9.x
- 01:35, 24 June 2023 diff hist +63 m Rocky 9.x Configure new laptop for personal use
- 01:34, 24 June 2023 diff hist +63 m Rocky 8.x New laptop OS configuration
- 06:45, 23 June 2023 diff hist +72 m RHEL 8.x Spectrum Protect Backup Agent installation in RHEL client current
- 06:44, 23 June 2023 diff hist +134 m RHEL 8.x Spectrum Protect Backup Agent installation in RHEL client
- 06:19, 23 June 2023 diff hist +387 m RHEL 8.x Spectrum Protect Backup Agent installation in RHEL client
- 10:47, 16 June 2023 diff hist +43 m CentOS 8.x Zabbix current
- 10:47, 16 June 2023 diff hist +330 m Ubuntu 20.04 Zabbix agent installation current
- 10:47, 16 June 2023 diff hist +44 m Ubuntu Server or Desktop administration current
- 10:47, 16 June 2023 diff hist +1,025 N Ubuntu 20.04 Zabbix agent installation Created page with "Home > Ubuntu > Server or Desktop administration > Ubuntu 20.04 Zabbix agent installation To install Zabbix agent in Ubuntu 20.04 machine use: # Install Zabbix repository #:<pre> #:: wget https://repo.zabbix.com/zabbix/6.4/ubuntu/pool/main/z/zabbix-release/zabbix-release_6.4-1+ubuntu20.04_all.deb #:: dpkg -i zabbix-release_6.4-1+ubuntu20.04_all.deb #:: apt update #:</pre> # Install Zabbix agent using: #:<..."
- 09:41, 16 June 2023 diff hist +44 m Monitor esxi resource utilization via esxtop command current
- 08:39, 16 June 2023 diff hist +58 m VMWare vSphere or ESXi
- 08:39, 16 June 2023 diff hist +2,841 N Monitor esxi resource utilization via esxtop command Created page with "Home > VMWare platform > VMWare vSphere or ESXi > Monitor esxi resource utilization via esxtop command esxtop is a command-line tool that provides real-time information about resource usage in your ESXi environment. It can provide you with a wealth of data on CPU, memory, disk, and network usage. Here's a step-by-step guide on how to use esxtop to monitor an ESXi host: # Connect to the ESXi host via SSH #: This assumes SSH to ESXi host is ena..."
- 07:59, 16 June 2023 diff hist +83 m Accessing VIOS console via HMC console current
- 07:59, 16 June 2023 diff hist +231 m Add power servers to vHMC current
- 07:56, 16 June 2023 diff hist +385 m Accessing VIOS console via HMC console
- 07:50, 16 June 2023 diff hist +23 m Enterprise security devices or applications
- 07:50, 16 June 2023 diff hist +235 N Cisco ASA firewall Created page with "Home > Enterprise security devices or applications > Cisco ASA firewall *Cisco ASA firewall basic initialization Home > Enterprise security devices or applications > Cisco ASA firewall" current
- 07:50, 16 June 2023 diff hist +2,097 N Cisco ASA firewall basic initialization Created page with "Home > Enterprise security devices or applications > Cisco ASA firewall > Basic initialization Consider requirement as follows to initialize a ASA firewall: * DMZ IP of 192.168.11.1/24 for servers * WAN public IP 1.1.11.213/30 for Internet * LAN IP of 192.168.100.1/24 for LAN users * Additional 192.168.10.0 subnet for LAN accessible via L3 switch 192.168.100.2 * Outgoing internet access for LAN users from..." current
- 07:07, 16 June 2023 diff hist +79 m VMWare platform current