vi lista_mac.sh
#!/bin/sh
#vmrale
for VSWITCH in `vsish -e ls /net/portsets/ | cut -c 1-8`
do
echo $VSWITCH
for PORT in `vsish -e ls /net/portsets/$VSWITCH/ports | cut -c 1-8`
do
CLIENT_NAME=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep clientName | uniq`
ADDRESS=`vsish -e get /net/portsets/$VSWITCH/ports/$PORT/status | grep unicastAdd | uniq`
echo -e “\t$PORT\t$CLIENT_NAME\t$ADDRESS”
done
done
chmod 755 lista_mac.sh
Mês: maio 2020
HABILITAR CERTIFICADO NO APACHE
ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf
nano /etc/apache2/sites-available/default-ssl.conf
SSLCertificateFile /etc/letsencrypt/live/srv1.seudominio.com.br/privkey.pem
SSLCertificateKeyFile /etc/letsencrypt/live/srv1.seudominio.com.br/chain.pem
SSLCertificateChainFile /etc/letsencrypt/live/srv1.seudominio.com.br/cert.pem
a2enmod rewrite
a2enmod ssl
a2ensite default-ssl.conf
service apache2 restart
FORWARD COM IPTABLES
Criar as regras
NAT de destino
iptables -t nat -A PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”
NAT de origem
iptables -t nat -A POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”
Liberação de encaminhamento
iptables -A FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”
Deletar as regras
NAT de destino
iptables -t nat -D PREROUTING -i eth0 -p tcp -d IP_DESTINO –dport 2000 -j DNAT –to-destination NOVO_IP_DESTINO:2000 -m comment –comment “Acesso ao Aplicativo”
NAT de origem
iptables -t nat -D POSTROUTING -p tcp -d NOVO_IP_DESTINO –dport 2000 -j SNAT –to-source NOVO_IP_ORIGEM -m comment –comment “Acesso ao Aplicativo”
Liberação de encaminhamento
iptables -D FORWARD -p tcp –dport 2000 -j ACCEPT -m comment –comment “Acesso ao Aplicativo”
CERTIFICADO LET’S ENCRYPT
Instalação
apt-get update
apt-get install certbot
Gerar certificado
certbot certonly –non-interactive –standalone –agree-tos –email [email protected] -d srv1.seudominio.com.br
Revogar e deletar certificado
certbot revoke –cert-path etc/letsencrypt/live/srv1.seudominio.com.br/fullchain.pem
certbot delete
Renovar certificado
certbot renew –noninteractive
ZERAR HIT EM TODAS AS POLÍTICAS FORTIGATE
diagnose firewall iprope clear 100004
FORÇAR UPDATE UTM FORTIGATE
diag debug app update -1
execute update-now
RESOLUÇÃO DNS DE OBJETO FORTIGATE
diagnose firewall fqdn list
diagnose test application dnsproxy 6
STATUS INTERFACE FORTIGATE
get system interface physical
diagnose hardware deviceinfo nic wan1
HABILITAR MULTIPLAS VPNs MESMO DESTINO FORTIGATE
No caso de vpn ipsec dialup, por exemplo, um escritório com VPN principal e outra de backup.
conf vpn ipsec phase2-interface
edit NOME_VPN_PHASE_2
set route-overlap allow
end
LISTAR SEÇÕES FORTIGATE
diag sys session full-stat
diagnose sys session filter src IP_DE_ORIGEM
diagnose sys session filter dintf INTERFACE_DESTINO
diag sys session list
Outro exemplo
diagnose debug flow filter addr 10.254.16.1
diagnose debug flow show console enable
diagnose debug flow show function-name enable
diagnose debug console timestamp enable
diagnose debug flow trace start 50
diagnose debug enable