learning forever
Important checkpoint database files:
Network objects
Host objects
Firewall gateway objects
Service objects
2. $FWDIR/conf/fwauth.NDB: It contains
User administrator accounts
3. $FWDIR/conf/rulebases_5_0_fws: It contains
Security rules
NAT rules
Checkpoint important services are mentioned below.
1.FWM Tasks:
2. FWD tasks:
3. CPD (Checkpoint Daemon) Tasks:
4. CPCA (Checkpoint certification Authority)
To obtain the Cluster members information, type the following command:
tmsh show sys cluster
Example:
[root@vhost:/S1-green-P:Active:Standalone] config # tmsh show sys cluster
—————————————–
Sys::Cluster: default
—————————————–
Address 192.168.1.3/24
Availability available
State enabled
Reason Cluster Enabled
Primary Slot ID 1
Primary Selection Time 07/23/17 22:01:49
—————————————————————————-
| Sys::Cluster Members
| ID Address Availability State Licensed HA Clusterd Reason
—————————————————————————-
| 1 192.168.1.4 available enabled true active running Run
| 2 192.168.1.5 available enabled true active running Run
| 3 192.168.1.6 available enabled true active running Run
| 4 192.168.1.8 available enabled true active running Run
To obtain the configured vCMP guest information, type the following command:
tmsh show vcmp guest
Example:
[root@vhost:/S1-green-P:Active:Standalone] config # tmsh show vcmp guest
———————————————————————————–
Sys::Vcmp::Guest
Name Slot ID Status Requested Request Retries Uptime Comment
State Complete
———————————————————————————–
test1 3 running deployed true 0 07/23/17 22:18:16
test2 4 running deployed true 0 07/23/17 22:19:41
test3 1 running deployed true 0 07/24/17 19:24:16
test4 2 running deployed true 0 07/24/17 19:29:25
vguest1 3 running deployed true 0 07/24/17 19:28:49
vguest2 4 running deployed true 0 07/24/17 19:28:49
To access the vGuest console you may run the following command.
vconsole <guest name> <slot#>
Example:
[root@vhost:/S1-green-P:Active:Standalone] config # vconsole guest 1
Trying 127.3.0.1…
Connected to 127.3.0.1.
Escape character is ‘^]’.
BIG-IP 12.0.0 Build 0.0.606
Kernel 2.6.32-431.56.1.el6.f5.x86_64 on an x86_64
guest1.f5.com login:
[root@guest1:/S1-green-P:Active:Standalone] config #
SSH into a specific slot:
ssh <slot number>
Example:
[root@guest1:/S1-green-P:Active:Standalone] config # ssh slot2
Restarting, powering off, and powering off VIPRION Blades can be done via the following commands:
| Power-1 |
| P-30-00 Power-1 11000 |
| P-20-00 Power-1 9070 Appliance |
| P-10-00 Power-1 5075 Appliance |
| P-10-00 Power-1 5070 Appliance |
| Smart-1 |
| S-10-00 Smart-1 5 |
| S-20-00 Smart-1 25 |
| S-21-00 Smart-1 25B |
| S-30-00 Smart-1 50 |
| S-40-00 Smart-1 150 |
| ST-5-00 Smart-1 205 |
| ST-10-00 Smart-1 210 |
| ST-25-00 Smart-1 225 |
| ST-50-00 Smart-1 3050 |
| ST-150-00 Smart-1 3150 |
| U-40-00 Smart-1 3070 |
| ST-105-00 Smart-1 405 |
| ST-110-00 Smart-1 410 |
| ST-425-00 Smart-1 525 |
| ST-4050-00 Smart-1 5050 |
| ST-4150-00 Smart-1 5150 |
| TE |
| T-181-00 TE250 |
| P-231-00 TE1000 |
| P-371-00 TE2000 |
| TT-10-00 TE100X |
| TT-20-00 TE250X |
| TT-30-00 TE1000X |
| TT-40-00 TE2000X |
| IPS |
| U-31-00 IPS-1 2076 |
| P-11-00 IPS-1 5076 |
| P-21-00 IPS-1 9076 |
| DLP |
| P-22-00 DLP-1 9571 |
| U-42-00 DLP-1 2571 |
| SMB |
| L-50 Security Gateway 80 |
| L-50 Check Point 600 |
| S2 (SMB) Check Point 700 |
| L-50 Check Point 1100 |
| L-61i Check Point 1200R |
| S1 (Enterprise) Check Point 1430 / 1450 |
| S2 (Enterprise) Check Point 1470 / 1490 |
| L-71 Check Point 1430/1450 |
| L-71W Check Point 1430/1450 WiFi |
| L-72 Check Point 1470/1490 |
| L-72W Check Point 1470/1490 WiFi |
| L-72P Check Point 1470/1490 PoE |
| Appliance UTM-1 |
| U-40-00 UTM-1 3070 Appliance |
| U-30-00 UTM-1 2070 Appliance |
| U-20-00 UTM-1 1070 Appliance |
| U-15-00 UTM-1 570 Appliance |
| U-15-01 UTM-1 570 Appliance |
| U-10-00 UTM-1 270 Appliance |
| U-5-00 UTM-1 130 Appliance |
| T-180-00 UTM-1 4800 |
| T-160-00 UTM-1 4600 |
| T-140-00 UTM-1 4400 |
| T-120-00 UTM-1 4200 2012 Appliance |
| T-110-00 UTM-1 2200 2012 Appliance |
| C6P_UTM UTM-1 2050 Appliance |
| C6_UTM UTM-1 1050 Appliance |
| C2_UTM UTM-1 450 Appliance |
| Appliance 2012 |
| G-50 Appliance 21400 |
| G-70 Appliance 21600 |
| G-72 Appliance 21700 |
| G-75 Appliance 21800 |
| P-380-00 Appliance 13800 |
| P-370-00 Appliance 13500 |
| P-231-00 Appliance 12600 |
| P-230-00 Appliance 12600 |
| P-220-00 Appliance 12400 |
| P-210-00 Appliance 12200 |
| Appliance |
| PB-05-00 Appliance 3100 |
| PB-10-00 Appliance 3200 |
| PB-15-00 Appliance 5100 |
| PB-20-00 Appliance 5200 |
| PL-10-00 Appliance 5400 |
| PL-20-00 Appliance 5600 |
| PL-30-00 Appliance 5800 |
| PL-40-00 Appliance 5900 |
| PH-20-00 Appliance 15400 |
| PH-30-00 Appliance 15600 |
| PD-10-00 Appliance 23500 |
| PD-20-00 Appliance 23800 |
Step 1 :
Copy the designated website ssl certificate and key files to the tmp folder
SSL cert location:
/config/filestore/files_d/<partition>_d/certificate_d/
Key location:
/config/filestore/files_d/<partition>_d/certificate_key_d/
Step 2 :
Impact of procedure: There will be no impact to the system with the below procedure.
cp /config/filestore/files_d/Common_d/certificate_d/<Certificate-Filename> /var/tmp/<Destination-Filename>
3. Copy the key file to the /var/tmp directory
cp /config/filestore/files_d/Common_d/certificate_key_d/<Key-Filename> /var/tmp/<Destination-Filename>
4. verify the files using the below command
ls -las /var/tmp/<Destination-Filename>
Step 3 :
To export the certificate/key pair to PFX format, perform the following procedure:
Export the certificate/key pair to PFX format to /var/tmp/certificate.pfx using the following command syntax:
openssl pkcs12 -export -out /var/tmp/<PFX -CertificateName> -inkey /var/tmp/<Key-Filename> -in /var/tmp/<Certificate-Filename>
For example, to export the certificate test.crt and key test.key copied in the previous procedure, type the following command:
openssl pkcs12 -export -out /var/tmp/certificate.pfx -inkey /var/tmp/test.key -in /var/tmp/test.crt
The exported PFX file is named /var/tmp/certificate.pfx.
Step 1:
Use the below command to copy the file using SCP with key pair to EC2 Instance:
scp -i path/to/key file/to/copy user@ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com:path/to/file.
Step 2:
Use the below command to copy the directory to EC2 Instance:
scp -i path/to/key -r directory/to/copy user@ec2-xx-xx-xxx-xxx.compute-1.amazonaws.com:path/to/directory
A. Issue is MDS is down:
mdsstat
4. If everything is down including CMA’s, perform the below steps.
mdsstop
mdsstart
B. Issue is One of the CMA is down:
mdsstat
4. If one of the CMA is down, note it down the CMA IP and run the below command
mdsstart_customer <IP_address>
Web-ui Error:
F5 Viprion device slot is in failsafe fault mode
CLI Error logs:
tmm[12091]: 01010260:2: Hardware Error(Co-Processor): n3-crypto2 request queue stuck
Solution:
clsh reboot
4. If issue is not resolved after a reboot, please open a case with F5 vendor.
Format:
gcloud compute disks create <DISK_NAME> --type=<DISK_TYPE> --size=<SIZE> --zone=<ZONE>Example:
gcloud compute disks create disk-2 –size=100 –zone=us-east1-b
2. Resize disk using Gcloud command
Format:
gcloud compute disks resize <disk_name> --size=<size> --zone=<zone>Example:
gcloud compute disks resize disk-2 –size=150 –zone=us-east1-b
3. Attach Disk using Gcloud command:
Format:
gcloud compute instances attach-disk <instance> --disk=<disk_name> --zone=<zone>Example:
gcloud compute instances attach-disk windows-instance –disk=disk-2 –zone=us-east1-b
indepthtechnology 