Search Results

(2024-08-28) Remember you need to have basic support in order for this db to be populated. Firewalls without a contract do not have this db. Search for a service: FortiGate80D # diagnose internet-service id | grep -i microsoft ID: 327681 name: "Microsoft-Web" ...

(2024-09-03) Problem SNMP on ASA please Solution snmp-server group GlobalRead v3 priv snmp-server user me GlobalRead v3 auth sha MyAuthString priv aes 128 MyPrivString snmp-server host inside 192.168.1.125 poll community myV2cCommunity version 2c snmp-server h...

(2024-09-05) Example ip access-list standard snmp-access permit 10.11.12.13 snmp-server view snmp-v3-ReadOnly-View iso included snmp-server group snmp-v3-ReadOnly v3 priv read snmp-v3-ReadOnly-View access snmp-access snmp-server user MY-SNMP-USER snmp-v3-ReadO...

2024-09-09 Problem xml is hard to read Solution set cli config-output-format set Now when in configure mode, the output will be copy/pasteable.

(2024-09-09) Problem: WARNING: The running configuration is not currently synchronized to the HA peer, and therefore, this commit will only be applied to the local device. Please synchronize the peers by running 'request high-availability sync-to-remote runnin...

(2024-09-18) SW# show logging

(2024-09-18) Problem: Can't ping my ASA. Design: With Cisco ASA, it is impossible to ping any interface of the ASA itself except the interface facing towards the pinging host, or an interface configured for "management-access" or as "management-only". So for e...

Why the fuck do PC guys think that they can "clean" infected PCs? I'm old-school unix -- if there's even a hint of compromise, you can't trust the box any more and it should be paved and rebuilt from scratch and carefully checked backups. So I'm the linux/netw...

(2018 sometime) 15 years ago, I accidentally ran a complicated shell command that muffed a couple variables and ended up trying to do a rm-f /. Through ssh. Via cron. On the NIS master system. Which was in New Jersey. From Ottawa. As a contractor. Fortunately,...

(2014-ish) What has been my best moment in IT? There have been several moments -- how about the overnight datacenter maintenance window when I discovered that I'd bricked the DC's main router redundant pair -- by following the documentation for doing something...

(2024-10-10) Problem: I want to ping something. Solution: ping host 1.1.1.1

(2024-10-10) Problem: Ping WAN interface IP from LAN Solution: Pinging from an internal host to an external interface when using source NAT is an incorrect test method. Packets are dropped since the source address is the external address of the firewall and t...

(2018-04-05) TL/DR: If you want something done right, you have to check the math and be willing to do it yourself. ...or, a descent into madness So we have a new internet service provider. Unlike our previous connections, this new connection is a burstable con...

(2011-12-04) Jonathan Zittrain explains that the personal computer is dead because our computing environments are becoming walled gardens. And he thinks this is bad. Personally I don't think this is the end of the world that he claims it is. First, you have to...

(2024-06-03) Found this set of recommendations for TCP tuning while chasing some iperf3 issues revolving around windowing problems. I created this as /etc/sysctl.d/20-network-tcp-tuning: # https://blog.cloudflare.com/optimizing-tcp-for-high-throughput-and-low-...

(2022-09-07) Prevent the certificate warning page from popping up on subsequent initial connections to a website: click a blank section of the denial page using your keyboard, type thisisunsafe -- this will add the website to a safe list where you should not ...

(2024-11-12) Most of the time I'm running iperf3 to understand the capability of a long distance link (think cross-continental or intercontinental), some of the tricks listed below won't apply or will be misleading if applied to a short distance link. Run the...

(2024-11-12) This page contains a quick reference guide for Linux tuning for Data Transfer hosts connected at speeds of 1Gbps or higher. Note that most of the tuning settings described here will actually decrease performance of hosts connected at rates less th...

(2024-11-13) Stronger encryption algorithms equals to lower MTU values. For example, the FortiGate sets an IPsec tunnel Maximum Transmission Unit (MTU) of: 1446 for 3des-sha1, 1438 for aes256-sha256, aes192-sha256, aes128-sha1, aes128-sha256 1422 for aes...

MTU can be adjusted via three ways: Adjusting the MTU of the physical interface where the IPsec tunnel is bound to. This method will not only affect the VPN traffic but all traffic which is traversing the physical interface as well. Changing the encryption...