Learning, Sharing, Creating
set chassis cluster control-link-vlan enable Explanation: How to enable or disable VLAN tagging on the chassis cluster control port Show KB Properties SUMMARY: This article provides information on how to…
The UTM 272 is running R75.40. We found when it failed over to active, the load will push temperature higher than 60, which caused it shutdown itself. Called Checkpoint Support…
There is 2012 Appliance 4205 in the environment. Some basic configuration done, including internal interface and gateway. But after a couple of times failed attempt to upgrade OS from R75…
Created one local help desk account with temporary privilege 15, but seems does not workIn my case, the switch have been configured with following accounts: username localit privilege 15 secret…
interface GigabitEthernet0/0 no ip address ip virtual-reassembly duplex auto speed auto pppoe enable group global pppoe-client dial-pool-number 1 interface GigabitEthernet0/1 ip address 100.199.14.7 255.255.255.0 ip nat inside ip virtual-reassembly duplex…
1. Insert USB Pen Driver into USB port on SRX Firewall 2. log into SRX Firewall with root account. Create /var/tmp/usb folder root@fw-1-1% cd /var/tmp root@fw-1-1% ls cleanup-pkgs.log gksdchk.log idp_license_info…
Topology: using IOU Rack v3 from post My Cisco IOU Racks – from flyxj IOUv3 It looks like following screenshot: The goal is to achieve ipsec with third party trusted…
This lab will use Symantec Verisign Trial SSL Certificate and Checkpoint R76 installed on VMware to demonstrate the steps how to use external OPSEC PKI to authenticate IPSec VPN Tunnel…
TekRADIUS is a RADIUS software which can be easily integrated with AD. I have tested on one of pc , which even it is not in the domain. But AD…
PKI = Public Key Infrastructure(公钥基础设施) 基础设施: 就是一个普适性基础,它在一个大环境里起着基本框架的作用,,设施基本原理共通,操作简便,只要遵循基本原则,不同的实体就可以方便地使用基础设施提供的服务。 公钥基础设施: 用非对称密码算法原理和技术是实现并提供安全服务的具有通用性的安全基础设施。 公钥证书: 用户的身份与之所持有的公钥的结合,在结合之前,由一个可信任的权威机构——认证机构(CA)来证实用户的身份。然后由可信任的CA对该用户身份及对应公钥相结合的证书进行数字签名,用来证明证书的有效性。 一个PKI系统主要包括: 认证机构,证书库,密钥备份及恢复系统,证书撤销处理系统,PKI应用接口系统。 PKI主要包括四个部分: X.509格式证书,证书注销列表CRL; CA/RA操作协议; CA管理协议; CA政策制定。 密钥对产生的两种方式: 用户自己产生密钥对,然后将公钥以安全方式传给CA,该过程应保证用户公钥的可检验性和完整性(验证身份的密钥对应先产生) CA替用户产生密钥对,然后将其以安全方式传送给用户,必须保证密钥的机密性,完整性和可检验性。该方式下由于用户的私钥为CA所产生,故对CA的可信性有更高的要求。 证书签发两种方式: 离线方式发放:面对面发放,用于企业级高级证书的发放; 在线方式发放:通过Internet使用LDAP(Lightweight Directory Access Protocol ),在i500目录服务器上下载证书。 LDAP:http://www.microsoft.com/china/technet/prodtechnol/exchange/2003/insider/ldapquery.mspx 离线方式发放:…
SRX license expired yesterday, log into support site and renewed new license and added it into SRX. But NSM still shows ‘Attack/Detector Update License Validation Exception’ ————————————————————————————————-On SRX Device, system…
Cisco Switch Example Configuration: aaa authentication login default local group radius aaa authentication enable default enable group radius aaa authorization exec default local group radius radius-server host 10.9.2.4 auth-port 1812…