secure.f5.com
activate.f5.com
f5.com
DATE E HORA F5 BiG-IP
Formato MMDDHHYYY.SS
Exemplo: date 040508432021.00
TROUBLESHOOTING iRULE F5 BiG-IP
log local0. “Cliente:[IP::client_addr]:[TCP::client_port] host:[HTTP::host] path:[HTTP::path] uri:[HTTP::uri] TESTE”
tail -f /var/log/ltm | grep TESTE
TROUBLESHOOTING VPN FORTIGATE
Habilitar
diagnose vpn ike log-filter clear
diagnose vpn ike log-filter src-addr4 191.177.130.225
diagnose debug application ike -1
diagnose vpn ike log-filter list
diagnose debug enable
Desabilitar
diagnose debug disable
diagnose vpn ike log-filter clear
CORRIGIR ERRO ESXi LookupAndOpen[file]
Mensagem de erro.
Failed to power on virtual machine SRVXX. File system specific implementation of LookupAndOpen[file] failed Click here for more details
Para verificar se o disco está com erro
.vmkfstools -x check /vmfs/volumes/datastorepath/vm name/vm name main base disk.vmdkPara corrigir o disco
vmkfstools -x repair /vmfs/volumes/datastorepath/vm name/vm name main base disk.vmdkLISTAR MAC ADDRESS NO ESXI
vi lista_mac.sh
#!/bin/sh
#vmrale
for VSWITCH in `vsish -e ls /net/portsets/ | cut -c 1-8`
do
echo $VSWITCH
for PORT in `vsish -e ls /net/portsets/$VSWITCH/ports | cut -c 1-8`
do
CLIENT_NAME=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep clientName | uniq`
ADDRESS=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep unicastAdd | uniq`
echo -e “\t$PORT\t$CLIENT_NAME\t$ADDRESS”
done
done
chmod 755 lista_mac.sh
HABILITAR CERTIFICADO NO APACHE
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/letsencrypt/live/srv1.seudominio.com.br/privkey.pem
SSLCertificateKeyFile /etc/letsencrypt/live/srv1.seudominio.com.br/chain.pem
SSLCertificateChainFile /etc/letsencrypt/live/srv1.seudominio.com.br/cert.pem
a2enmod rewrite
a2enmod ssl
a2ensite default-ssl.conf
service apache2 restart
FORWARD COM IPTABLES
Criar as regras
NAT de destino
iptables -t nat -A PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”
NAT de origem
iptables -t nat -A POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”
Liberação de encaminhamento
iptables -A FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”
Deletar as regras
NAT de destino
iptables -t nat -D PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”
NAT de origem
iptables -t nat -D POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”
Liberação de encaminhamento
iptables -D FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”
CERTIFICADO LET’S ENCRYPT
Instalação
apt-get update
apt-get install certbot
Gerar certificado
certbot certonly –non-interactive –standalone –agree-tos –email [email protected] -d srv1.seudominio.com.br
Revogar e deletar certificado
certbot revoke –cert-path etc/letsencrypt/live/srv1.seudominio.com.br/fullchain.pem
certbot delete
Renovar certificado
certbot renew –noninteractive
ZERAR HIT EM TODAS AS POLÍTICAS FORTIGATE
diagnose firewall iprope clear 100004