Monthly Archives: November 2016

How to extend SLR in PAN for more than 7 days

By default the report is only generated for the last 7 days, using the GUI. I will show you next how to extend the time for the report.

You have to identify the start and end date and the export method, TFTP in this case.

[email protected]> tftp export stats-dump start-time equal 2016/10/[email protected]:00:00 end-time equal 2016/10/[email protected]:00:00 to 192.168.169.147

show system info…
Generating Application Report…
Generating HTTP Application Report…
Generating Category Report…
Generating Risk Report…
Generating Threat Report…
Generating Source Country Report…
Generating Destination Country Report…
Generating URL Category Report…
Generating Subcategory Report…
Generating Technology Report…
Generating Data Report…
Generating V2 Application Report…
Generating V2 Threat Report…
Generating V2 Wildfire Report…
Generating V2 Data Report…
Generating V2 URL Category Report…
Generating V2 Application Non-standard port Report…
Generating V2 HTTP Application Report…
show_system_info.txt
reports/
reports/ThreatReport.xml
reports/TechnologyReport.xml
reports/SourceCountryReport.xml
reports/SubcategoryReport.xml
reports/URLCategoryReport.xml
reports/error.log
reports/RiskReport.xml
reports/ApplicationReport.xml
reports/DestinationCountryReport.xml
reports/DataReport.xml
reports/CategoryReport.xml
reports/HTTPApplicationReport.xml
statsv2/reports/
statsv2/reports/ThreatReport.xml
statsv2/reports/WildfireReport.xml
statsv2/reports/URLCategoryReport.xml
statsv2/reports/error.log
statsv2/reports/ApplicationNonStandardPortReport.xml
statsv2/reports/ApplicationReport.xml
statsv2/reports/DataReport.xml
statsv2/reports/HTTPApplicationReport.xmlFinished generating reports. Please press enter to continue…
mode set to octet
Connected to 10.10.10.24 (10.10.10.24), port 69
putting logdbcsv_20161119_2009.tar.gz to 10.10.10.24:logdbcsv_20161119_2009.tar.gz [octet]
Sent 16506 bytes in 0.3 seconds [478106 bit/s]

[email protected]>

Once the report is exported, the Security Lifecycle Review (SLR) can be used for analysis.

BigIP Factory default in 3 steps

When you restore the BIG-IP configuration to factory default settings, the system performs the following tasks:

Retains:

  • the management IP address
  • BIG-IP license file
  • files in the /shared partition
  • manually-modified bigdb database variables
  • Flags the Setup utility to run when the next user logs in to the Configuration utility

Removes:

  • All BIG-IP local traffic configuration objects
  • All BIG-IP network configuration objects
  • All non-system maintenance user accounts
  • System maintenance user account passwords (root and admin)
  • BIG-IP module data and policies
  • Current host name
  • local trust domain

These are the steps:

  1. Go to TMS
  2. Load the default config
  3. Save the config

After execute the 3 steps the big-ip daemon will restart using the default config, and it is ready to go again.

This is a factory default for a 11.x and 12.x code to execute on 10.x use load sys default-config

[email protected](backend)(cfg-sync Standalone)(Active)(/Common)(tmos)# load sys config default

Reset the system configuration to factory defaults? (y/n) y
Loading system configuration…
/defaults/asm_base.conf
/defaults/config_base.conf
/defaults/ipfix_ie_base.conf
/defaults/ipfix_ie_f5base.conf
/defaults/low_profile_base.conf
/defaults/low_security_base.conf
/defaults/policy_base.conf
/defaults/wam_base.conf
/defaults/analytics_base.conf
/defaults/apm_base.conf
/defaults/apm_saml_base.conf
/defaults/app_template_base.conf
/defaults/classification_base.conf
/var/libdata/dpi/conf/classification_update.conf
/defaults/daemon.conf
/defaults/pem_base.conf
/defaults/profile_base.conf
/defaults/sandbox_base.conf
/defaults/security_base.conf
/defaults/urldb_base.conf
/usr/share/monitors/base_monitors.conf
/usr/local/gtm/include/gtm_base_region_isp.conf
/usr/share/monitors/gtm_base_monitors.conf
Loading configuration…
/defaults/defaults.scf
Resetting trust domain…
Setting flag to reset ASM data…

[email protected](localhost)(cfg-sync Standalone)(INOPERATIVE)(/Common)(tmos)# save /sys config

Nov 14 02:54:37 localhost emerg logger: Re-starting bigd

Saving running configuration…
/config/bigip.conf
/config/bigip_base.conf
/config/bigip_user.conf
Saving Ethernet mapping…done

[email protected](localhost)(cfg-sync Standalone)(Active)(/Common)(tmos)#quit

 

F5 BIG-IP iSeries more robust

F5 came out with new platforms called BIG-IP iSeries with the following features/innovations:

  • TurboFlex optimization technology that offloads specialized functions from the general CPU
  • Due the complexity of SSL offloading and traffic growing exponentially due IoT, this new platforms have more capacity (TPS) than their previous versions, in some cases 2.5 times more

Platforms Available:

f5-iseries

The BIG-IP iSeries is the next generation of ADCs, with key innovations that enable customers to meet the challenges of rapidly shifting landscapes. Beyond a significant increase in capacity, the BIG-IP iSeries mixes the power of dedicated hardware with the flexibility of a programmable, updatable platform

References:

iSeries: Not Just a Better, Bigger, and Faster BIG-IP

BIG-IP System Hardware datasheet

VMware vSphere 6.5 is available now!

VMware made it available what we were expecting later, VMware vSphere 6.5 is now available for download,

Some direct links where to find some relevant information:

Downloads:

Documentation:

Cisco Champion 2017 is open

I was one of the fortunates to be Cisco Champion 2016, now i also applied to be 2017. I’ve been participating in the Cisco Communities, on social media and also write a few articles about Cisco Technologies.

If you live and breath Cisco this is the right time! How to participate? You have to submit your application by December 15th, 2016. Check here

Update [12/12/2016]

Application Deadline Extended until 12/21/2016!

References:

Cisco Champion Program

Cisco Champion 2017