2016년 6월 29일 수요일

How to Modify Network Speed and Duplexing

Instructions

To modify network speed and duplexing, complete the following procedure:
  1. Run the following command to find the physical interface where you need to apply the settings:
    # xe pif-list host-uuid=<host_uuid>
    Note: xe pif-list command lists all the physical interfaces from all hosts in the pool. It is required to filter the interfaces by “host-uuid” if you need to find the right interface.
  2. Review current physical interface settings:
    # xe pif-list uuid=<UUID of physical interface> params=all
  1. Run the following command to set speed, duplex, and auto-negotiation:
    # xe pif-param-set uuid=<UUID of physical interface> other-config:ethtool-autoneg=off other-config:ethtool-speed=1000 other-config:ethtool-duplex=full
    Note: Turn off auto-negotiation before setting the speed manually.
  1. Apply the setting on the interface. 
  2. Unplug and plug the physical interface:
    Note: You do not need to unplug and plug the interface as follows. If you are unable to unplug the interface and skip the following step, then the settings will be applied after the next reboot.
    # xe pif-unplug uuid=<UUID of physical interface>
    # xe pif-plug uuid=<UUID of physical interface>
    Or
    Restart the host:
    # xe host-reboot host=<hostname>
작성자: 시간: 댓글 없음:

2016년 6월 23일 목요일

VPS in USA

VPS in USA
Just Launched the VPS in USA.
Please, visit and order it. It is easiest way to get a server.

visit at https://www.netdedi.com/index.php?/cart/ssd_vps_usa/

작성자: 시간: 댓글 없음:

2016년 6월 21일 화요일

Resetting the Device to Factory Defaults : Netscreen Device


Resetting the Device to Factory Defaults
 If you lose the admin password, or you need to clear the configuration of your device, you can reset the device to its factory default settings.
Resetting the device destroys any existing configurations and restores access to the device. You can restore the device to its default settings using one of these methods: „ Using the device serial number „ Using the CLI unset all command „ Using the Reset Config pinhole button The following sections describe how to use these methods to reset the device to its factory defaults.
Device Serial Number To use the device serial number to reset the device to its factory defaults:
1. Start a Console session as described in “Using a Console Connection” on page 30.
2. At the Login prompt, enter the device serial number.
3. At the Password prompt, enter the serial number again. The following message appears: !!! Lost Password Reset !!! You have initiated a command to reset the device to factory defaults, clearing all current configuration and settings. Would you like to continue? y/[n]
CAUTION: Resetting the device deletes all existing configuration settings and disables all existing firewall and VPN services.
NOTE: By default, the device recovery feature is enabled. You can disable it by entering the CLI unset admin device-reset command. Also, if the security device is in FIPS mode, the recovery feature is automatically disabled. Resetting the Device to Factory Defaults „ 43 Configuring the Device

4. Press the y key. The following message appears: !! Reconfirm Lost Password Reset !! If you continue, the entire configuration of the device will be erased. In addition, a permanent counter will be incremented to signify that this device has been reset. This is your last chance to cancel this command. If you proceed, the device will return to factory default configuration, which is: device IP: 192.168.1.1; username: netscreen, password: netscreen. Would you like to continue? y/[n] 5. Press the y key to reset the device. The system now resets and returns to the login prompt; the default login name and password are both reset to netscreen

To use the CLI unset all command, you will need to know the login name and password. To reset the device to its factory defaults:
1. Start a Console session as described in “Using a Console Connection” on page 30, then log in.
2. At the command prompt, enter unset all. The following message is displayed: Erase all system config, are you sure y/[n] ?
3. Press y
4. Enter reset.
Press n for the first question and y for the second question: Configuration modified, save? [y]/n
System reset, are you sure? y/[n]
 The system now resets and returns to the login prompt; the default login name and password are both reset to netscreen.
작성자: 시간: 댓글 없음:

2016년 6월 15일 수요일

Amazon Web Services outage causes Austrialian Website chaos


http://www.smh.com.au/technology/technology-news/amazon-web-services-outage-causes-australian-website-chaos-20160605-gpc41p.html

shoppers were left unable to pay for trolleys full of groceries, while websites and servers crashed around the nation in a spate of technical outages on Sunday.
Amazon Web Services, which hosts cloud computing services for many companies, listed a number of connectivity issues for its services based in Sydney. It is not yet known whether the storms that lashed Sydney over the weekend were responsible.
Some of the websites affected include those belonging to Fairfax Media, publisher of this website; Foxtel and Fox Sports; car sharing service Go Get; The Daily Telegraph's NRL Super Coach site; Nine and Fairfax-owned online streaming platform Stan; ticketing platform TryBooking; and online food ordering service Menulog.

Amazon Web Services' status dashboard lists a number of connectivity issues for its services based in Sydney.
Meanwhile, a separate technical outage caused numerous financial services including debit cards, ATMs and Eftpos machines  to fail on Sunday night. 
Advertisement
An AWS spokesman said the problem was not related to the website issues with Amazon Web Services. 
Customers from Westpac, Commonwealth Bank and ME Bank complained on the companies' Facebook pages, with some saying their eftpos payments did not work.
One person said he had to leave a trolley full of groceries in Aldi because his card did not work. 
A Commonwealth Bank spokeswoman said the bank was not aware of any systemic issues, but some individuals may be experiencing intermittent issues with other eftpos machines.


Read more: http://www.smh.com.au/technology/technology-news/amazon-web-services-outage-causes-australian-website-chaos-20160605-gpc41p.html#ixzz4BhlWkSdF 
Follow us: @smh on Twitter | sydneymorningherald on Facebook
작성자: 시간: 댓글 없음:

VPS Hosting Package is right for you.

VPS Package is launched!!
You can build your network easily.
If you need more resources, please, contact us.
visit at https://www.netdedi.com

Starter Package 15

$15.00 USD

 Starter Package 15

$15.00 USD
 
 Monthly
  • CPU 2 Cores
  • MEMORY 2 GB
  • SSD DISK 20GB
  • 1 Public IP Address
  • 1 TB BANDWIDTH
  • Build up to 2 Starter T1
  • NAT within Your Network
  • Load Balancing
  • Inbound/Outbound Firewall
  • VPN Service
  • Snapshots
  • Additional Storage
  • Port Forwarding

Business Package25

$25.00 USD
Monthly
  • CPU 3 Cores
  • MEMORY 3 GB
  • SSD DISK 40GB
  • 1 Public IP Address
  • 1 TB BANDWIDTH
  • Build Up to 3 T1
  • NAT within Your Network
  • Load Balancing
  • Inbound/Outbound Firewall
  • VPN Service
  • Snapshots
  • Additional Storage
  • Port Forwarding
 https://www.netdedi.com/index.php?/cart/vps-package/ 
 
 
작성자: 시간: 댓글 없음:

WordPress product Launched!!

Create an unforgettable website

netdedi.com powers beautiful websites for businesses, professionals, and bloggers
Please, visit at  
https://www.netdedi.com/index.php?/cart/wordpress/



작성자: 시간: 댓글 없음:

2016년 6월 9일 목요일

VPS Package Launched!!

VPS Package is launched!!
You can build your network easily.
If you need more resources, please, contact us.
visit at https://www.netdedi.com

Starter Package 15

$15.00 USD
Monthly
  • CPU 2 Cores
  • MEMORY 2 GB
  • SSD DISK 20GB
  • 1 Public IP Address
  • 1 TB BANDWIDTH
  • Build up to 2 Starter T1
  • NAT within Your Network
  • Load Balancing
  • Inbound/Outbound Firewall
  • VPN Service
  • Snapshots
  • Additional Storage
  • Port Forwarding

Business Package25

$25.00 USD
Monthly
  • CPU 3 Cores
  • MEMORY 3 GB
  • SSD DISK 40GB
  • 1 Public IP Address
  • 1 TB BANDWIDTH
  • Build Up to 3 T1
  • NAT within Your Network
  • Load Balancing
  • Inbound/Outbound Firewall
  • VPN Service
  • Snapshots
  • Additional Storage
  • Port Forwarding
작성자: 시간: 댓글 없음:

2016년 6월 8일 수요일

[ScreenOS] How do I create a Route Based LAN to LAN VPN by using preshared secrets (ScreenOS 6.0 and later)?






SUMMARY:
This article provides information on how to create a Route Based LAN to LAN VPN by using preshared secrets in ScreenOS 6.x.
PROBLEM OR GOAL:
Environment:
  • Preshared secrets

  • Route Based VPN

  • Static IP Addresses on both gateways of VPN
CAUSE:
 
SOLUTION:
  • This example assumes that static IP addresses are assigned on both of the VPN devices of the VPN tunnel.   

  • The tunnel interfaces are created in the Untrust zone. 

  • The preshared secret used is netscreen.

  • The following matrix displays the IP addresses and proposals that are used for this example:

    SiteAB
    Untrust IP of Firewall1.1.1.1 (eth0/0)2.2.2.1  (eth0/0)
    Trust Network10.1.1.0/24172.16.10.0/24
    Phase 1 Proposalpre-g2-3des-shapre-g2-3des-sha
    Phase 2 Proposalg2-esp-3des-shag2-esp-3des-sha


WebUI

Site A:
  1. Create tunnel interface:
    Click Network > Interfaces> List
    1. In upper right corner, select pulldown 'Tunnel IF', and Click New
      1. Interface Name: tunnel.1
      2. Zone: Untrust (trust-vr)
      3. Click unnumbered
      4. Interface ethernet0/0 (trust-vr)     (or whichever interface is in same zone (Untrust) that it can borrow an IP from)
      5. Click OK
  2. Click VPNs > AutoKey Advanced > Gateway
    Click New
    1. Gateway Name: Site B GW
    2. Remote Gateway: Click Static, and enter IP address 2.2.2.1
    3. Click Advanced
    4. Preshared Key: netscreen
    5. Outgoing Interface: ethernet0/0 (or whichever interface goes out to the Internet)
    6. Security Level, User-Defined:  Select Custom, and select Phase 1 Proposal: pre-g2-3des-sha
    7. Mode (Initiator): Main
    8. Click Return
    9. Click OK
  3. Click VPNs > Autokey IKE
    Click New
    1. VPN Name: Site B VPN
    2. Remote Gateway: Click Predefined, and select Site B GW from the pulldown menu
    3. Click Advanced
    4. Security Level, User Defined: Custom, and select Phase 2 Proposal:  g2-esp-3des-sha
    5. Bind To: Tunnel Interface. Select tunnel.1
    6. Click Proxy ID
      1. Local IP/Netmask: 10.1.1.0 / 24
      2. Remote IP/Netmask: 172.16.10.0 /24
      3. Service: ANY
    7. Click VPN Monitor  (recommended)
    8. Click Optimized  (recommended)
    9. Click Rekey  (recommended)
    10. Click Return 
    11. Click OK    (Important)
  4. Click Policy > Policies
    1. Select From Trust to Untrust Zone, and click New
      1. Source Address: Click New Address, and enter 10.1.1.0/24
      2. Destination Address: Click New Address, and enter 172.16.10.0/24
      3. Service: Any
      4. Action: Permit   (Note:  Do not select Tunnel or specify Tunnel VPN because this is a route-based VPN configuration)
      5. Position at Top: Enabled
      6. Click OK
    2. Select From Untrust to Trust Zone, and click New
      1. Source Address: Click New Address, and enter 172.16.10.0/24
      2. Destination Address: Click New Address, and enter 10.1.1.0/24
      3. Service: Any
      4. Action: Permit   (Note:  Do not select Tunnel or specify Tunnel VPN because this is a route-based VPN configuration)
      5. Position at Top: Enabled
      6. Click OK
  5. Create static route for destination network through VPN:
      1. Click Network > Routing > Destination
      2. Click New
      3. Network Address / Netmask: 172.16.10.0 / 255.255.255.0
      4. Click Gateway
      5. Interface: tunnel.1
      6. Click OK
Site B:
  1. Create tunnel interface:
    Click Network > Interfaces> List
    1. In upper right corner, select pulldown 'Tunnel IF', and Click New
      1. Interface Name: tunnel.1
      2. Zone: Untrust (trust-vr)
      3. Click unnumbered
      4. Interface ethernet0/0 (trust-vr)     (or whichever interface is in same zone (Untrust) that it can borrow an IP from)
      5. Click OK
  2. Click VPNs > AutoKey Advanced > Gateway
    Click New
    1. Gateway Name: Site A GW
    2. Remote Gateway: Click Static, and enter IP address 1.1.1.1
    3. Click Advanced
    4. Preshared Key: netscreen
    5. Outgoing Interface: ethernet0/0 (or whichever interface goes out to the Internet)
    6. Security Level, User-Defined:  Select Custom, and select Phase 1 Proposal: pre-g2-3des-sha
    7. Mode (Initiator): Main
    8. Click Return
    9. Click OK
  3. Click VPNs > Autokey IKE
    Click New
    1. VPN Name: Site A VPN
    2. Remote Gateway: Click Predefined, and select Site A GW from the pulldown menu
    3. Click Advanced
    4. Security Level, User Defined: Custom, and select Phase 2 Proposal:  g2-esp-3des-sha
    5. Bind To: Tunnel Interface. Select tunnel.1
    6. Click Proxy ID
      1. Local IP/Netmask: 172.16.10.0/24
      2. Remote IP/Netmask: 10.1.1.0/24
      3. Service: ANY
    7. Click VPN Monitor  (recommended)
    8. Click Optimized  (recommended)
    9. Click Rekey  (recommended)
    10. Click Return 
    11. Click OK    (Important)
  4. Click Policy > Policies
    1. Select From Trust to Untrust Zone, and click New
      1. Source Address: Click New Address, and enter 172.16.10.0/24
      2. Destination Address: Click New Address, and enter 10.1.1.0/24
      3. Service: Any
      4. Action: Permit   (Note:  Do not select Tunnel or specify Tunnel VPN because this is a route-based VPN configuration)
      5. Position at Top: Enabled
      6. Click OK
    2. Select From Untrust to Trust Zone, and click New
      1. Source Address: Click New Address, and enter 10.1.1.0/24
      2. Destination Address: Click New Address, and enter 172.16.10.0/24
      3. Service: Any
      4. Action: Permit   (Note:  Do not select Tunnel or specify Tunnel VPN because this is a route-based VPN configuration)
      5. Position at Top: Enabled
      6. Click OK
  5. Create static route for destination network through VPN:
      1. Click Network > Routing > Destination
      2. Click New
      3. Network Address / Netmask: 10.1.1.0 / 255.255.255.0
      4. Click Gateway
      5. Interface: tunnel.1
      6. Click OK
NOTE:
If the tunnel interface is bound to the trust zone (i.e. you specified Zone Trust in step 1.1.2), then no policies are needed (i.e. step 4), since everything is routed. The VPN communication is effectively a trust to trust policy.

CLI

Site A:
  1. Create tunnel interface
    1. set int tun.1 zone untrust
    2. set int tun.1 ip unnumbered interface e0/0
  2. Set Gateway
    1. set ike gateway "Site B GW" address 2.2.2.1 outgoing-interface e0/0 preshare netscreen proposal pre-g2-3des-sha
  3. Set Autokey Ike
    1. set vpn "Site B VPN" gateway "Site B GW" proposal g2-esp-3des-sha
    2. set vpn "Site B VPN" bind int tun.1
    3. set vpn "Site B VPN" proxy-id local-ip 10.1.1.10/24 remote-ip 172.16.10.0/24 any
    4. set vpn "Site B VPN" monitor optimized rekey
  4. Set Policies
    1. set address trust 10.1.1.0/24 10.1.1.0/24
    2. set address untrust 172.16.10.0/24 172.16.10.0/24
    3. set policy from trust to untrust 10.1.1.0/24 172.16.10.0/24 any permit
    4. set policy id xx move before (name of first policy) from trust to untrust
    5. set policy from untrust to trust 172.16.10.0/24 10.1.1.0/24 any permit
    6. set policy id xx move before (name of first policy) from untrust to trust
  5. Create static route
    1. set route 172.16.10.0/24 int tun.1
Site B:
  1. Create tunnel interface
    1. set int tun.1 zone untrust
    2. set int tun.1 ip unnumbered interface e0/0
  2. Set Gateway
    1. set ike gateway "Site A GW" address 1.1.1.1 outgoing-interface e0/0 preshare netscreen proposal pre-g2-3des-sha
  3. Set Autokey Ike
    1. set vpn "Site A VPN" gateway "Site A GW" proposal g2-esp-3des-sha
    2. set vpn "Site A VPN" bind int tun.1
    3. set vpn "Site A VPN" proxy-id local-ip 172.16.10.0/24 remote-ip 10.1.1.10/24 any
    4. set vpn "Site A VPN" monitor optimized rekey
  4. Set Policies
    1. set address trust 172.16.10.0/24 172.16.10.0/24
    2. set address untrust 10.1.1.0/24 10.1.1.0/24
    3. set policy from trust to untrust 172.16.10.0/24 10.1.1.0/24 any permit
    4. set policy id xx move before (name of first policy) from trust to untrust
    5. set policy from untrust to trust 10.1.1.0/24 172.16.10.0/24 any permit
    6. set policy id xx move before (name of first policy) from untrust to trust
  5. Create static route
    1. set route 10.1.1.0/24 int tun.1

 If you have performed the following procedure,and need help with troubleshooting, refer to the VPN Configuration & Troubleshooting Guide.
PURPOSE:
Configuration
작성자: 시간: 댓글 없음:

What is the difference between a Policy-based VPN and a Route-based VPN?


SUMMARY:
The article provides information about the differences between a Policy-Based VPN and a Route-Based VPN. Additionally, it provides information on how to quickly identify which type is configured for an existing VPN.
PROBLEM OR GOAL:
  • How to check if the VPN is configured as Route or Policy based?

  • When should I configure Route or Policy based?
CAUSE:

SOLUTION:
Policy Based:
  • A Policy Based VPN is a configuration in which a specific VPN tunnel is referenced in a policy whose action is set as Tunnel.  The tunnel icon appears as either a Lock or as a Lock with directional arrows as shown in the sample below. The icon below indicates that the policy is configured for a Bi-Directional Tunnel. 
    A Policy's Action Column with the Lock Icon indicating this is a Policy-Based VPN
You can identify whether a VPN is route or policy based via the Command line as well. In the get sa command, the value under the PID field lists the policy ID that is used for that SA:
SSG-> get sa
total configured sa: 1
HEX ID   Gateway Port  Algorithm SPI        Life:sec      kb     Sta PID  vsys
00000001< 1.1.1.1  500    esp:3des/sha1 e37791d3  3596    unlim  A/- 2    0
00000001> 1.1.1.1  500   esp:3des/sha1 883ebdb8  3596     unlim  A/- 1    0  
You can see the 2 and 1 values being listed under the PID column; that is policy ID’s 2 and 1 are used in that SA. if the VPN is route based, then this value will be -1.


Common reasons to use a Policy-based VPN:
  • The remote VPN device is a non-Juniper device

  • Need to access only one subnet or one network at the remote site, across the VPN.

Route Based:
  • A Route Based VPN is a configuration, in which the policy does not reference a specific VPN tunnel. Instead, a VPN tunnel is indirectly referenced by a route that points to a specific tunnel interface. The tunnel interface may be bound to a VPN tunnel or to a tunnel zone.

  • When a tunnel interface is in a security zone, a tunnel interface must be bound to a VPN tunnel. This is necessary to create a routing- based VPN configuration. The tunnel interface can be numbered or unnumbered. If it is unnumbered, the tunnel interface borrows the IP address from the security zone interface.

  • A tunnel is a means for delivering traffic between points A and B, and a policy as a method for either permitting or denying the delivery of that traffic. Simply put, ScreenOS allows you the freedom to separate the regulation of traffic from the means of its delivery.

  • If the tunnel interface does not need to support Policy Based NAT and the configuration does not require the tunnel interface to be bound to a tunnel zone,  the interface can be specified as unnumbered. An unnumbered tunnel interface must be bound to a security zone; it cannot be bound to a tunnel zone. An interface must also be bound to the security zone, whose IP address the unnumbered tunnel interface borrows.
In addition, the Route Based VPNs must include the following configuration information:
  • Tunnel Interface

  • Phase I VPN Gateway configuration (listed under VPNs > AutoKey Advanced > Gateway  on the WebUI)

  • Phase II VPN configuration (listed under VPNs > AutoKey IKE  on the WebUI); including:

    • Local and Remote Proxy ID 

    • VPN configuration bound to tunnel interface

  • Route for remote network pointing to tunnel interface

  • Policy specifying action of "Permit" to allow traffic
Common Reasons to use a Route-based VPN:
  • Source or Destination NAT (NAT-Src, NAT-Dst) needs to occur, as it traverses the VPN.

  • Overlapping Subnets/IP Addresses between the two LANs.

  • Hub-and-spoke VPN topology.

  • Design requires Primary and Backup VPN.

  • A Dynamic Routing Protocol (that is OSPF, RIP, BGP) is running across the VPN.

  • Need to access multiple subnets or networks at the remote site, across the VPN.
PURPOSE:
Troubleshooting
RELATED LINKS: 
작성자: 시간: 댓글 없음:
피드 구독하기: 글 (Atom)