Wednesday, March 13, 2019

Home Projects: Big Fan

I've always wanted one of these big fans. We had the opportunity and decided to get one for this house redo. It certain moves the air in the room and I really like it.

Tuesday, March 12, 2019

Fortinet Firewall: Packet Capture By Port Number In CLI

I like packet captures.  I have probably said that a million times, because it "proves" what is going on, on a network, instead of guessing what is going on.  Packet captures are a Net Admins best friend, plain and simple. 
So here is how you do a packet capture when you are looking for traffic using a specific port number in particular in CLI of a Fortinet:
diagnose  sniffer packet any 'tcp port 8883' 4 0 a

Above, Im looking for traffic on TCP port 8883.  Ill see everything that passes through the firewall.

Monday, March 11, 2019

Home Projects: More Shiplap

We still have to paint this, but I like the look of this. We will paint this white, even though it's already primed white. It should be s good look.

Friday, March 8, 2019

Home Projects: Kick Switch For Disposal

Working on this house has been really slow. That's ok though, White Rhino comes first. But I did need an easy win on this house. So, we installed this foot switch for the garbage disposal. It's just easier to grind food waste down the drain and the foot/kick switch works really well. It fits right under the cabinet and it's out of sight. Just use your foot to kick the switch and it's done. It's about a 10 minute install and I was really glad for this easy win. Looks like I need to clean up some of the saw dust, but I'm sure it's done by the time you have read this.

Here is the view from above. I'm pointing to the kick switch.

Wednesday, March 6, 2019

Brocade (Ruckus) ICX Password Recovery

Real quick, here is how you do a password reset on an ICX switch.  I had a 6450 in this case, but this will work on any of the ICX models. 
Boot up, then hit "b".

Enter 'b' to stop at boot monitor:  0
ICX64XX-boot>> no password
OK! Skip password check when the system is up.
ICX64XX-boot>> boot
Booting image from Primary

Monday, February 11, 2019

Palo Alto Firewall: Testing PBF (Policy Based Forwarding) In CLI

PBR (or PBF as Palo calls it), is a really great feature.  Policy Based Forwarding (in the network world, we call it policy based routing) is a feature where you can control where packets go without using the routing table.  You set a destination based on certain parameters that you define (like source, protocol, etc) and it catches this PBF policy BEFORE it hits the routing table.  Here is how you test it in CLI, to verify it works the way you want it to.

PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source 192.168.1.5 destination 5.5.5.5 protocol 6 destination-port 443

"Exchange; index: 8" {
        id 9;
        from L3-Inside;
        source 192.168.1.5;
        destination any;
        user any;
        application/service  any/any/any/any;
        action Forward;
        symmetric-return no;
        forwarding-egress-IF/VSYS ethernet1/3;
        next-hop 68.68.68.68;
        terminal no;
}

Sunday, February 10, 2019

Sunday Thought:

No real thought in particular here.  I just pray that God will bless your life and that you will know the grace and love of our Lord and Savior Jesus (Yeshua) Christ, the Messiah that was written about in the Old Testament.

Thursday, January 31, 2019

Integrity: What Is It?

Can you spot good integrity in the people around you or in yourself? Or bad integrity? So what is it? It's real simple.

Wednesday, January 30, 2019

Home Projects: Closet Shelving

My wife put this together from IKEA. I'm pretty sure she could do this house without me if she wanted to.

Friday, January 25, 2019

Palo Alto Firewall: CLI Command To Verify Optic Module

Guys, real quick, if you need to check the SFP status to know if the Palo is seeing it or not, here is a CLI command to help you determine if it is.  The below is a Proline SFP.

killen@PA-850> show system state filter sys.s1.p9.phy

sys.s1.p9.phy: { 'link-partner': { }, 'media': SFP-Plus-Fiber, 'sfp': { 'connector': LC, 'encoding':
 8B10B, 'identifier': SFP, 'transceiver': 1000B-SX, 'vendor-name': PROLINE         , 'vendor-part-nu
mber': PAN-SFP-SX-PRO  , 'vendor-part-rev': A3  , }, 'type': Ethernet, }

Wednesday, January 23, 2019

Palo Alto Firewall: PBF (Policy Based Forwarding) Testing In CLI

Did you know you can test your policy based forwarding yourself in CLI on the Palo Alto firewall?  You sure can.  Below, Im testing my zone L3-Inside (my inside zone) to verify it will go out Ethernet 1/3 port.  Based on the response below, it looks like it does work without having to involve the server guys.

killen@PA850-1(active)> test pbf-policy-match from L3-Inside application web-browsing source 192.168.5.5 destination 77.77.77.77 protocol 6 destination-port 443

"Exchange; index: 8" {
        id 9;
        from L3-Inside;
        source 192.168.5.5;
        destination any;
        user any;
        application/service  any/any/any/any;
        action Forward;
        symmetric-return no;
        forwarding-egress-IF/VSYS ethernet1/3;
        next-hop 65.65.65.65;
        terminal no;
}

killen@PA850-1(active)>

Monday, January 21, 2019

Fortinet Firewall: How To Do A Factory Reset In CLI

If you know the admin password to get in, then this is what you do to do a factory reset in CLI:


FG100DXXXXXXXX# execute factoryreset
This operation will reset the system to factory default!
Do you want to continue? (y/n)y

System is resetting to factory default...

The system is going down NOW !!

FG100DXXXXXXXX #
Please stand by while rebooting the system.

Tuesday, January 8, 2019

Palo Alto Firewall: Adding A Static Route In CLI

Real quick, I think this is useful for adding a lot of static routes into a Palo Alto.  SSH in and do this in CLI and type "configure".  Then type out the following:
set network virtual-router [name of virtual router i.e. default] routing-table ip static-route [name of route i.e. Shanes-Route] admin-dist 10 destination [network/subnet mask i.e 10.10.10.0/24] interface [name of interface to be used outgoing i.e. ethernet1/1] nexthop ip-address [next hop ip i.e. 4.4.4.4]

Add 50 or so of them from notepad at one time, then type in "commit".