Wednesday, March 28, 2018

Palo Alto Firewall: Amber STS LED When Booting

What does that STS amber LED mean?  Well, its still bootIng firewall services.  You can login to the console, but you still may have to wait for a few minutes for all the services to come up.  You should see a "System initializing; please wait... (CTRL-C to bypass)" in the CLI during this time.  When the STS amber LED goes green, then you should be good to go for CLI config.
I had a unit that kept the amber LED on STS. I had to do a factory reset to overcome this problem.

Friday, March 23, 2018

Brocade ICX Switch: Password Recovery

Quick post on how to do a password recovery on the ICX Brocade products. Just stop the boot process in the beginning by pressing "b", and type in "no password" at the prompt. See below:

Enter 'b' to stop at boot monitor:  0
ICX64XX-boot>> no password
OK! Skip password check when the system is up.
ICX64XX-boot>> boot
Booting image from Primary

ICX6450-48 Switch>
Stack unit 1 PS 1, Internal Power supply detected and up.

ICX6450-48 Switch>en
No password has been assigned yet...
ICX6450-48 Switch#

Thursday, March 22, 2018

I Can Only Imagine Movie

Have you ever heard of a guy named Bart Millard? If you like good stories, I would encourage you to go see the movie I Can Only Imagine.

Wednesday, March 21, 2018

100 Gig Uplinks

Do you really need 100gig uplinks? I do work with a lot of big networks. And honestly, a lot of those networks don't even come close to fully utilizing 40gig uplinks, even in the data center.
I'm sure Google probably does. But for most? My guess is probably not. But, when buying, you still have to consider the five year plan. What does your five year plan look like?

Monday, March 19, 2018

Cisco 9500 Series Switches

I have a few network refreshes coming up and I've been looking at different options for the core switches. As you know from my recent posts here, I look for three things: price, performance, and features.
In the scenarios I'm working with, they are Cisco shops. I've been looking at the newer 9500 series switches, and they don't look half bad. They do all the things I need it to do: PBR, multi VRF, etc. And if you are used to catalyst IOS, it should be comfortable from a management standpoint. We will see what the price turns out to be. I'm still considering the nexus 93180 also though. It also does what I need it to do, with the 100gig uplink capability, which is a nice thing.

Friday, March 16, 2018

Check Point: R80.10 Install

I did another install of a Check Point firewall on a 4600 today.  Check Point is a good product, right up there with Palo Alto.  When considering your firewall replacement, these two are the front runners.
Inside the 4600:

Friday, March 9, 2018

Capsa, Again

As most of you know, I use capsa, by Colasoft, a lot. It's my troubleshooting "go to" when I need to know what's going on, on the network. I just used it again the other day to figure out why a switch was performing slowly.
Get capsa for your toolkit.

Wednesday, March 7, 2018

Cisco Data Center: 9372 vs 93180

I was getting together a list of equipment for a co-location site yesterday, when I realized that the Cisco Nexus 9372 was end of sale last month. So I found the replacement 93180. It appears that the only real difference in the two are the hardware ASICs, from what I read.  And that would be to support certain features.
It also appears that the performance specs are better, but only because the 6 40gig ports also support 100gig. I'll have to go do the math to see if this is a line rate switch or not. The 9372 is, so I suspect the 93180 is also. I'll check on that to make sure.

Monday, March 5, 2018

Check Point Firewall: ZDEBUG

In doing some troubleshooting Sunday night, I think the best way to look for dropped packets, when you know the IPs involved, is to just go direction to zdebug in CLI.
I was helping a SAN guy troubleshoot an issue with SAN to SAN replication, which was failing on him.  In getting into the Check Points, I didn't even bother going to the Smartview Tracker.  I just SSH'ed into the active Check Point (in a HA pair) and did the zdebug, and found what I needed.  It is just easier for me, I guess.
I was getting this message below:
;[cpu_15];[fw4_0];fw_log_drop_ex: Packet proto=6 10.X.X.X:11105 -> 10.X.X.X:18347 dropped by fwpslglue_chain Reason: PSL Reject: ASPII_MT;
Turns out the reason for this was stated here, based on initial research.  Ill have to do more later on this.
Ill stick with the CLI.  The tools are powerful and reliable.  With zdebug, you see not only what could be dropped by the Check Point application itself, but also the OS.  Its just a better tool than Smartview Tracker, in my opinion.

Saturday, March 3, 2018

Thursday, March 1, 2018

Sunday Thought: What Were The Three Miracles That Would Tell The Jews Who The Messiah Was?

In studying how the Jews would recognize the coming Messiah, I recalled how I had learned from a local messianic Christian church that the Messiah would perform a few certain miracles. I couldn't remember what they were, so I set out to remind myself exactly what they were.
In that pursuit, I came across a very interesting post. Click on the link below for that read.
Click here for the interesting read...
It's a long description, but it's well worth the time.  I'd like to encourage you, take the time to understand it. It's pretty important to our faith.