Have you ever needed to disable a cluster in Check Point? Well, I had a situation where two IP 5070 appliances were really giving us some problems. It always seems to revolve around clustering with Check Point in my recent troubleshooting experiences. Well, there are two places you need to go to disable clustering. First in is the Dashboard, and second is in the OS. See below what I did to disable clustering on SecurePlatform.
[Expert@CheckPoint]# cpconfig
This program will let you re-configure
your Check Point products configuration.
Configuration Options:
----------------------
(1) Licenses and contracts
(2) SNMP Extension
(3) PKCS#11 Token
(4) Random Pool
(5) Secure Internal Communication
(6) Disable Advanced Routing
(7) Disable cluster membership for this gateway
(8) Disable Check Point SecureXL
(9) Configure Check Point CoreXL
(10) Automatic start of Check Point Products
(11) Exit
Enter your choice (1-11) :7
Disable cluster membership for this gateway...
===============================================
You have selected to disable cluster membership for this Security Gateway.
Are you sure? (y/n) [y] ? y
Cluster membership for this gateway was disabled successfully
Important: This change will take effect after reboot.
[Expert@CheckPoint]#
Friday, October 26, 2012
Tuesday, October 23, 2012
Cisco ASA: ERROR: Command authorization failed
I had this pair of ASA 5520s that I could log in just fine on, but I couldnt run any commands except a 'show version' and a 'show curpriv', that I was aware of. As it turns out, there was an authorization command on the ASA that had gotten on there, and all the usernames on the ASA had a priv level of '2'. Not good. I kept getting this error when I typed in a command I wanted:
So, just so you can see, here is what I ran to verify that.
CiscoASA5520# sho curpriv
Username : skillen
Current privilege level : 15 <----- Before this process, it said '2'.
Current Mode/s : P_PRIV
CiscoASA5520#
So, I reboot the ASA to do a password recovery, so that I could reset my privilage level. So, I disconnected the primary ASA interface cables and I type in "reload".
At this point, Im hitting ESC to stop the booting process of the ASA. I then get to ROMMON mode. Below is the process I went through to do a password recovery.
rommon #0> confreg
Current Configuration Register: 0x00000001 <------- Note this number
Configuration Summary:
boot default image from Flash
Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]:
enable Flash boot? y/n [n]:
select specific Flash image index? y/n [n]:
disable system configuration? y/n [n]: y <--------- This is the only option you change out of these questions. Type 'Y'.
go to ROMMON prompt if netboot fails? y/n [n]:
enable passing NVRAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]:
Current Configuration Register: 0x00000040 <---------- Notice this config register is different than above.
Configuration Summary:
boot ROMMON
ignore system configuration
Update Config Register (0x40) in NVRAM...
rommon #1> boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa804-k8.bin... Booting...
Loading...
SHORTENED FOR BRIEVITY....
ciscoasa> en
Password:
ciscoasa# copy start run
Destination filename [running-config]?
...INFO: Non-failover interface config is cleared on GigabitEthernet0/2 and its sub-interfaces
INFO: Non-failover interface config is cleared on GigabitEthernet0/3 and its sub-interfaces
INFO: Global 4.4.4.38 will be Port Address Translated
INFO: Global 4.4.4.45 will be Port Address Translated
..WARNING: crypto map has incomplete entries
WARNING: No 'svc image' commands have been issued
..
Cryptochecksum (unchanged):
14389 bytes copied in 2.390 secs (7194 bytes/sec)
CiscoASA5520# config t
CiscoASA5520(config)# no username userlogin
CiscoASA5520(config)# username userlogin pass guessthispassword pri 15
CiscoASA5520(config)# config-register 0x00000001
CiscoASA5520# wr mem
CiscoASA5520# reload
Proceed with reload? [confirm]
CiscoASA5520#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Rebooting....
Booting system, please wait...
There you go, password reset.
CiscoASA5520# conf t
^
ERROR: % Invalid input detected at '^' marker.
ERROR: Command authorization failed
CiscoASA5520#So, just so you can see, here is what I ran to verify that.
CiscoASA5520# sho curpriv
Username : skillen
Current privilege level : 15 <----- Before this process, it said '2'.
Current Mode/s : P_PRIV
CiscoASA5520#
So, I reboot the ASA to do a password recovery, so that I could reset my privilage level. So, I disconnected the primary ASA interface cables and I type in "reload".
At this point, Im hitting ESC to stop the booting process of the ASA. I then get to ROMMON mode. Below is the process I went through to do a password recovery.
rommon #0> confreg
Current Configuration Register: 0x00000001 <------- Note this number
Configuration Summary:
boot default image from Flash
Do you wish to change this configuration? y/n [n]: y
enable boot to ROMMON prompt? y/n [n]:
enable TFTP netboot? y/n [n]:
enable Flash boot? y/n [n]:
select specific Flash image index? y/n [n]:
disable system configuration? y/n [n]: y <--------- This is the only option you change out of these questions. Type 'Y'.
go to ROMMON prompt if netboot fails? y/n [n]:
enable passing NVRAM file specs in auto-boot mode? y/n [n]:
disable display of BREAK or ESC key prompt during auto-boot? y/n [n]:
Current Configuration Register: 0x00000040 <---------- Notice this config register is different than above.
Configuration Summary:
boot ROMMON
ignore system configuration
Update Config Register (0x40) in NVRAM...
rommon #1> boot
Launching BootLoader...
Boot configuration file contains 1 entry.
Loading disk0:/asa804-k8.bin... Booting...
Loading...
SHORTENED FOR BRIEVITY....
ciscoasa> en
Password:
ciscoasa# copy start run
Destination filename [running-config]?
...INFO: Non-failover interface config is cleared on GigabitEthernet0/2 and its sub-interfaces
INFO: Non-failover interface config is cleared on GigabitEthernet0/3 and its sub-interfaces
INFO: Global 4.4.4.38 will be Port Address Translated
INFO: Global 4.4.4.45 will be Port Address Translated
..WARNING: crypto map has incomplete entries
WARNING: No 'svc image' commands have been issued
..
Cryptochecksum (unchanged):
14389 bytes copied in 2.390 secs (7194 bytes/sec)
CiscoASA5520# config t
CiscoASA5520(config)# no username userlogin
CiscoASA5520(config)# username userlogin pass guessthispassword pri 15
CiscoASA5520(config)# config-register 0x00000001
CiscoASA5520# wr mem
CiscoASA5520# reload
Proceed with reload? [confirm]
CiscoASA5520#
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Rebooting....
Booting system, please wait...
There you go, password reset.
Thursday, October 11, 2012
Brocade 7131: How To Configure As A Stand Alone AP
Plug in 7131 AP.
You need DHCP to give it an ip address. 10.1.1.1 will not work. The manual says it come with 10.1.1.1.
Web browse into http://192.168.0.12/. (From my DHCP server)
Go to Firmware Update on the left side. It has the 4.x code on it and you need 5.x.
Turn on your TFTP server on your laptop.
AP reboots after upgrade.
Web browse into https://192.168.0.12/
Change password.
Setup Wizard comes up.
Select next.
Select Standalone AP, then next.
Select Bridge Mode, then next.
Select Static IP address. Put in an IP address.
Configure Radio1 and Radio2, increase power on both to 23.
Configure WLAN Setting.
Set Country/Time info.
Save/Commit.
NOTE** Any new SSIDs you create, you must go and add them here: Configuration --> Devices --> System Profile --> Interfaces --> Radio --> (radio1 and radio2) --> WLAN Mapping tab
Thursday, October 4, 2012
Access Closet: What Not To Do
I found this interesting the other day. I went out to a customer site to replace a switch in this closet and look what I found. Notice inside the red box the patch panel. And, Ive never seen one of those old Nortel switches before. I dont know, I just found it funny.
Wednesday, October 3, 2012
Cisco ASA: How To Downgrade To Pre-8.3 Code / Downgrading From 8.3
Man, this is a sinking feeling when you know you looked up the memory requirements for the 8.3 code for the ASA and you still get this after an upgrade:
ASA# sh ver
***************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 1024 MB **
** Required RAM: 2048 MB **
** Upgrade part#: ASA5520-MEM-2GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Well, if you get this, you are going to have to downgrade back to 8.3 because of instability, crashes, etc. So, here is the command you run to get you back to the pre-8.3 code (8.2.2 in my case):
downgrade asa822-k8.bin 8_2_2_0_startup_cfg.sav
That file name '8_2_2_0_starup_cfg.sav' is my config name that was created when I upgraded to 8.3. Its not there before that upgrade. This is the proper process you can run to go back if you ever need to.
ASA# sh ver
***************************************************************************
** **
** *** WARNING *** WARNING *** WARNING *** WARNING *** WARNING *** **
** **
** ----> Minimum Memory Requirements NOT Met! <---- **
** **
** Installed RAM: 1024 MB **
** Required RAM: 2048 MB **
** Upgrade part#: ASA5520-MEM-2GB= **
** **
** This ASA does not meet the minimum memory requirements needed to **
** run this image. Please install additional memory (part number **
** listed above) or downgrade to ASA version 8.2 or earlier. **
** Continuing to run without a memory upgrade is unsupported, and **
** critical system features will not function properly. **
** **
*************************************************************************
Well, if you get this, you are going to have to downgrade back to 8.3 because of instability, crashes, etc. So, here is the command you run to get you back to the pre-8.3 code (8.2.2 in my case):
downgrade asa822-k8.bin 8_2_2_0_startup_cfg.sav
That file name '8_2_2_0_starup_cfg.sav' is my config name that was created when I upgraded to 8.3. Its not there before that upgrade. This is the proper process you can run to go back if you ever need to.
Monday, October 1, 2012
Memory Upgrade: HP 320-1030
I bought a new HP 320-1030 desktop. Its pretty cool, but I needed to upgrade the memory in it, as this one only came with 4 Gig. Here is what I had to do to get this done:
Below, you see the back of the PC. There are two screws that you have to take out. See the circled screw location below.
Now that the cover is off, there are two side snaps that you have to pull and pop out the old memory. Get the new memory in and put the cover back on. Thats it.
\
Below, you see the back of the PC. There are two screws that you have to take out. See the circled screw location below.
Now that the cover is off, there are two side snaps that you have to pull and pop out the old memory. Get the new memory in and put the cover back on. Thats it.
Subscribe to:
Posts (Atom)