Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us $3,400 per month for bandwidth bills alone, and since we don't believe in shoving popup ads to our registered users, we try to make the money back through forum registrations.
  • Post
  • Reply
MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Looking for a bit of help from dudes that know a lot more than I do. I'm working wth 2 (well currently 1, because the second one bricked on me) AIR-CAP1532I-A-K9 devices, supposedly they should pull an address from DHCP out of the box instead of being static, which is completely false. I've never once configured cisco gear and I'm trying to blunder my way through this. How can I configure this thing to pull an address from DHCP? It's currently statically assigned 10.0.0.1, but I can't access the web interface, perhaps HTTP/HTTPS is turned off natively or something. I've got console access for the one that isn't broken (the bricked one is not showing anything on the console connection even during reboot, so I'm guessing the flash memory got wiped) but I'm apparently an idiot and don't know how to google for what I'm trying to do. So either A) I need to figure out how to turn on http/https so I can access the web GUI, or B) I need to just figure out how to configure it to pull an address from my DHCP server via the CLI.

This was supposed to be easy, configure option 43 on my server and voila, it talks to our WLC and we're good to go, but of course nothing is that easy

Adbot
ADBOT LOVES YOU

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Hopefully this isn't a stupid question, but I have no way to test this and I can't really find any definitive answers from googles. We have a couple SG500-52p in a stack, one of them has a bunch of bad ports out of the box so we've just gotten an RMA'd device and I want to swap it out, do we need to pre-configure the device before removing the old one and popping this one in? Does firmware need to match, or will it download from the master?

From what I've read we might be able to just plug and play (probably forcing the switch number so things don't get goofy) but other than that it seems like it should download firmware if needed and pull the config from the master, or am I wrong and going to break poo poo?

We don't have a way to test this, no spares and this poo poo is running in production so I don't want to cause an outage by going all cowboy on it and just plugging it in without doing due diligence, but I don't want to have to do more work than needed, especially since this will (probably) not be the last time we have to swap one of these in a stack.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Thanks Ants posted:

It won't sync firmware, you will have to match the firmware versions, set the stacking ports, save the config, power it down, connect the stack cables and power it back up again.

Cisco SMB switches are complete garbage.

Believe me, I don't doubt that, though we have 2 running here (not-stacked) that work fine for cheap access switches, haven't had issues with them, but I'd prefer the real guys though you can't always justify the cost.

Thanks for the info though!

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


anthonypants posted:

Can I stack a SG350X switch and a SG350XG switch?

You can for sure, a client of ours has pre-existing stack of 2 or 4 that are 50/50 of these.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Biowarfare posted:

What happens on an err-disable? Is the port still "powered on" or negotiable at all?

I'm trying to figure out why my Linux machine does not detect anything at all and has no link state change notifications when I have a port err-disabled, but the cable is plugged in still.

err-disabled the port is effectively shut down, as in, it won't send or receive traffic and you have to manually go in to open the port again.

It's being disabled for some reason (negotiation issues are common, sometimes an issue with the modules you're using etc), if you do a "show interface X status" I believe it should tell you why the interface is in that state.



v-- Yeah, I agree, it's odd that your device on the other end of the cable is not detecting the lack of connectivity.

MF_James fucked around with this message at 20:04 on Jan 15, 2018

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Thanks Ants posted:

it's loving terrible

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Holy poo poo I need some help here. I have a loving old rear end Brocade switch (running FW 7.0.0) that a co-worker did not save the config on like a year ago when he configured it, well it finally lost power and lost the configuration for a port that's the trunk port off of our firewall, he didn't document his config nor does he remember how he did it.

I've mostly got it correct, but I can't for the life of me figure out how to turn the port into a trunk port or at least ciscos version of a trunk port. Is dual-mode Brocade speak for trunk port? It seems like it is, but I'm not entirely sure. Their actual trunk command seems more like Cisco's port-channel group, though I'm having issues finding documentation on this old OS version, there's a bunch of poo poo I'm finding that is not actually applicable because the commands just do not exist.

MF_James fucked around with this message at 20:31 on Jan 25, 2018

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Thanks Ants posted:

switchport mode trunk? Is this a FastIron or something else?

Just figured it out, dual-mode is trunk mode, it's an FCX648S, which runs fastiron, I think, it's v7.0.0, so seems somewhat old. I'm not sure according to the login it does run fastiron, but half of the commands I found documented online are totally different in the switch, it's awful, but I was right, dual-mode = cisco trunk mode and trunk mode is actually port-channels, loving dumb. Half of the commands on the switch are straight ripped from IOS, the rest are differently named or named the same but do different stuff.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Thanks Ants posted:

If in doubt, smash the tab key and the question mark and fluff your way through

That's what I did.


Docjowles posted:

dual-mode 123 is basically the equivalent of switchport trunk native vlan 123. It tells the port to treat untagged frames as belonging to vlan 123.

Yeah.

The REALLY annoying thing is that you cannot dual-mode a port without tagging a VLAN on it first, I didn't think about it at first, but I was like Ok that's fine, weird, but fine. #tag int e 1/1/1 --- Connection lost ---- fuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuck

Yeah so doing that on my only connection into the environment was a bad idea. Thankfully just had them boot the switch and I configured the only other open port, but it's just a weird thing, you have to tag a VLAN on the port, then you can dual-mode (trunk) the port and it'll be happy again.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


I have once again been owned by co-workers because entering "wr" into the CLi is too hard.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Bigass Moth posted:

But what if I save something I don't like????

that's what the goddamn backup config is for!

Honestly this turned out to not be too bad because I was the one that documented the changes and commands needed to do the work, just someone else was doing it, though it's painfully clear that certain someone's have issues with Following Instructions and fail at the ever so difficult Copy-Paste.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


FatCow posted:

So is running RANCID?

You're funny, I like you. I work for an MSP.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Thanks Ants posted:

Isn't Adtran pretty much the go-to for that requirement?

Yeah, I'd recommend Adtran's, that's what we use.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


We use 908's, the T1 is used for data and VOIP, they work perfectly and they are pretty tanky as we have them in some poo poo environments and they are generally fine as long as someone doesn't go loving nuts and power on/off repeatedly.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


FatCow posted:



Those are all T1s and DS3s. There are rows and rows that look like this in 60 Hudson. About 30% of our voice network is TDM these days.

Ethernet completely dwarfs TDM, but there is still a poo poo ton out there.

This is someone's hell, minus the supposed labels.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


You should also have your current space in there so you don't miss things.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Apex Rogers posted:

In any case, I tried the powershell command mentioned here:
https://4sysops.com/archives/native...virtual-switch/ , but I am getting a message about how "The term 'New-VMSwitch' is not recognized". I have not gone any further than that.

Thanks in advance for any help.

New-VMSwitch is a hyper-v module command, it's likely you don't have hyper-v installed and, by extension, the powershell commandlets that go with it, which is why you're getting that error.

As for how to get NAT working via windows routing, it (looks) like it's done through the "Routing and Remote Access" mmc - https://technet.microsoft.com/pt-pt...ror=-2147217396

I have never attempted to turn a windows device into a router, so perhaps that link isn't going to help, but it seems to be what you're looking for.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Methanar posted:

I will never be complicit in purchasing anything from cisco that is not a router again.

What's wrong with their switches?

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Haven't had the opportunity to work with Arista, all cisco and then garbage barely above consumer grade stuff, and a single brocade switch.... holy gently caress why do you steal 99% of cisco terminology and then make trunk ports NOT TRUNK PORTS!! maybe cisco stole their terms I dunno, but drat was that annoying.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Docjowles posted:

No, Brocade is bad and you are correct for being mad at how awful they are to work with

Our client that uses it is bad an awful and we should drop them but MSP lyfe, so it is very fitting they use it.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Lonoxmont posted:

Thanks guys, looks like I got lucky, and all that happened was the sonicwall has to do the routing for the new range until I get all the /24 changed to /22 on the clients on my end. So everything stayed up and running, but until everything has the new hostmask it is still a bottleneck through the sonicwall (I presume). At some point I will probably get around to moving the default gateway etc where the sonicwall lives to somewhere closer to the beginning of the address space, where networking stuff should go. Not looking forward to running through all the clients again for that.

If your clients are all windows based, you could use powershell to do it!

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Lonoxmont posted:

Oh? I was vaguely toying with trying to finagle something through Group Policy to do that, but if there is an easier way I am

This guy has some powershell that can do it locally, you just need to invoke via remote powershell and possibly step through an array of computer names, make a few other changes, and possibly have it step through each netadapter found in the event you have wireless, wired and other possibilities.

The thing I'm not sure about, and possibly someone else can comment on, is if you will run into a problem running the script part-way through due to the changes being made.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Chuck Finley posted:

Couldn't you just readdress everything major that needs to be statically assigned and then pull the client PC MACs from the ARP table on the SonicWall, put some reservations on via DHCP, presto blamo. Unless I'm missing something here, that seems the most straightforward way unless you really want things to stay statically assigned without the use of DHCP. We recently migrated from a very old server running an also old version of pfSense to a Netgate appliance, resubnetted our entire company LAN (broke up our dwindling /24 full of statics into 5 /22's by dept), and that's essentially how we did it. Pulled the MACs, binded via DHCP, and then slowly told everyone to switch to DHCP (mind you we kept two active firewalls live for the transition).

Yeah there are a lot of ways to do it, I was just giving an option that fit within the current framework.

I'm often bad about that, I'm used to doing hacky poo poo and not having any options to change things to the correct/a better way of doing things.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Sepist posted:

king of the router.

What if I want to be King of the Hub

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Working with some SonicWALLs, I'm familiar with them but haven't really touched more advanced features... until now.

Trying to implement bandwidth management and I'm having issues finding something out for sure. If I create a BWM object and apply it to multiple policies, is the bandwidth shared across all those policies?
i.e. I guarantee 5Mb and limit to 10Mb maximum, will it allow each policy to hit a maximum of 10Mb, or will it share that 10Mb across all policies?

I am assuming it's shared, but this customer's circuit is ridiculously under-speced so it's maxed constantly even after applying limitations to a bunch of different policies.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Thanks Ants posted:

If you apply a 5Mb limit on multiple firewall rules then each traffic handled by each rule shares that 5Mb, not 5Mb total across all rules. If you do them in an app control policy then you should be able to set the limit and choose the bandwidth management action object to be a shared 5Mb across all the affected policies.

Having to take wildly different approaches to what seem like small requirements changes is one of the most infuriating things about Sonicwalls.

Yeah, after screwing around with it for a bit more yesterday I realized that the BWM objects are shared bandwidth.

Working with these makes me miss Fortigate devices a lot.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Moey posted:

Anyone here working with Fortinet firewalls? What are your opinions on them?

Looking to replace a half dozen SRX240H2 firewalls. My kneejerk reaction was just 2x SRX1500 clustered at each site, but at a similar price point, the FortiGate 500E seems to exceed the performance and are pretty highly reviewed.

I really like Fortigate's but I've never worked with Juniper devices so not sure how they compare. The downside to Fortigate (and a lot of products) is that support can be difficult to work with but otherwise they are pretty drat solid products.

Management is relatively easy, a lot of things Just Work, interface is pretty drat user friendly and the CLi 95% of the time makes sense once you understand their structure.

Do you have any specific questions?

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Yeah pfsense is fine if you want something at home and don't mind tinkering; heck maybe even in a small business, but I'd still be hesitant due to lack of proper support, I'd rather roll a sonicwall.

Anything bigger and you definitely want to stick with the major players.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Sepist posted:

Yea we all just came to that conclusion but now I need to compare fortinet as well. I dont think were gonna change because the campus firewalls are palo with panorama and diversifying would be annoying but fortinet is half the price. Doubt saving 10k a year is worth it when our monthly cloud spend is over a million

Fortinet's are on par with Palo Alto, but switching is gonna be a pain because you'll have to learn totally new systems.

Also, I'm surprised the Fortinet's that are comparable to your Palo Alto's are half the price, I thought they were closer in price than that. What Palo's do you have and what Fortinet's are you looking at to replace them with?

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Can a cisco device syslog to the same IP twice but on different ports?

I have a want/need to condense 2 syslog "servers" (aka windows 7 workstations set up by my predecessor) and I'd prefer to just have one listen on something like UDP/1025 while the other listens on UDP/514, but I'm not sure if that will actually work; other option is obviously give the new VM 2 IP addresses and just have each one listen on its' own IP.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Cool, yeah I dropped the commands in and they worked but I wasn't sure if it would actually happen.

Then I realized I could set it to use TCP and just cap the traffic and see if it actually is sending logs messages.

I didn't get a lot of sleep last night OK!

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Since we are general networking in here, I'll ask for some ideas/info here.

Client is balking at the total cost of ownership of an SG250 48-port switch, he is crying because over the life of the switch he will have paid for the switch a second time in SmartNET costs. I mean, sure, but do you not want a service agreement when the thing goes tits up in 2 years? Also, it's not really that much but WHATEVER

Anyway, looking at alternatives, I've come up with Aruba (same issue, actually their support agreements are like double/triple the cost).

Looks like there are some low/mid-end HPE branded switches like this https://www.cdw.com/product/hpe-195.../4360627pfm=srh I'm not at all familiar with, so not sure how they are, anyone have experience?

Dell EMC devices like this: https://www.cdw.com/product/dell-em...3860905?pfm=srh

Any actual/other recommendations? 48 ports, rack mountable, no PoE needed; it's going to be a client access switch.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE



I would rather kill myself, also they don't have 48 port options and we only have 1U of rack space.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


So, I'm mildly perplexed by this, the situation is that I have an ASA5515 pair that is logging to a syslog server, I have moved the syslog server to a new machine (from a win7 desktop to a server 2019 VM), since doing that I'm no longer getting netflow logs.

We don't have netflow specifically set up, but we are doing debug logging; the only configuration change that was made on the ASA was removing the old server and adding the new in its' place.

I confirmed the server is not seeing those logs via pcap on the server, but it does get other debug level logs without issue.

I confirmed that those logs appear on the ASA by logging to the console directly.

It does not (appear) the traffic is being dropped by the switch, I looked at counters and they aren't going up.

I ran a cap on the ASA itself to try to confirm 100% that it's sending the logs to the syslog server, but the capture only shows date, time source IP/port, destination IP/port and packet count, doesn't show the actual content of the packet.

Anyone have any ideas about where I can look next? I was really hoping to validate the ASA is sending the logs with more verbose capture but I don't see how to do that. Even if it is, I don't see what the hell could be happening to the packets, they seem to be disappearing into the ethernet

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


uhhhhahhhhohahhh posted:

Did you add the new IP in both places? If you're doing it through ASDM, you do it on the device management page and on the Service Policy page.

Both places? We don't have netflow explicitly configured, it (should) be sent because logging level is set to debugging and debug-trace is on; if that's what you mean. Doing this all through the CLi, I don't really use ASDM.

Perhaps I am mis-using netflow, but I assumed that's what they were... here's an example log that I'm not getting now that I was before:

<166><1566403763000>ASA-6-302014:Teardown TCP connection 24157561 for outside: X.X.X.X/443 to inside: X.X.X.X/21135 duration 0:00:00 bytes 0 TCP FINs from inside

MF_James fucked around with this message at 17:51 on Sep 13, 2019

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


BaseballPCHiker posted:

What syslog software are you using?

What does your config look like for the ASA if you do a show run?

Did you specify an interface for the logging host? For example:

code:
logging host INSIDE 192.168.1.1 Port#

ALB5515# show run logging
logging enable
logging timestamp
logging buffer-size 65535
logging buffered informational
logging trap debugging
logging asdm informational
logging host inside 192.168.86.6
logging debug-trace


Configuration worked fine before changing to the new server, all I did was change the host IP; we're using Log360 it is listening on 513 and 514 UDP.

The issue is still that the logs do not even get TO the syslog server, it's not sending anything about connections etc, it's only sending information about login/out/configuration change and possibly a few other little things, but nothing about allowed/denied/created/destroyed connections.


uhhhhahhhhohahhh posted:

I don't think that's technically netflow, just the standard ASA log about connections being created, ended or denied.

This is the guide I used to get started with it: https://community.cisco.com/t5/secu...dm/ta-p/3119466

Ahh guess it's not netflow then, just need info about the connections.

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


BaseballPCHiker posted:

Try putting the port numbers at the end up that IP. Like: logging host inside 192.168.86.6 UDP/513.

I just fought a similar battle and am trying to look through my notes to figure out how and the heck I got it working.

explicitly marking the port made no change.

Gonna have our architect look at it on Monday I guess, I'm just spinning my wheels at this point, unless you come back with your solution.


*edit*

aaaaaaaaaaaaaaaaaand gently caress everything it's working now, all I had to do was completely remove the logging config and re-add it all...

MF_James fucked around with this message at 21:21 on Sep 13, 2019

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Nuclearmonkee posted:

lmao was about to recommend "reboot or rip it all out and put it back to restart the process"

ASAs are creaky old bullshit and that works more often than it should. I have to do this with my SNMPv3 configs from time to time when they just stop working and the monitoring server stops being able to poll them. It's a regular enough task that it's now a script.

I feel dumb for not trying that before but really wtf come on.

Live and learn I suppose, now I know not to trust the config of an ASA

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Nuclearmonkee posted:

To be fair, it could also have been a firmware bug that's hopefully resolved in an update. That would be next on my list if you are 100% confident the config is correct.

On other ASA related awesomeness, I see that the default 5506x configuration still doesn't do management properly over VPN because lmao https://bst.cloudapps.cisco.com/bug...ing_site=dumpcr This has been outstanding for literal years.

Had to throw one of these out for a one-off remote instrumentation site but forgot about that one until the local guy actually installed it and none of the management would work over the L2L tunnel. Have to delete the BVI and use individual interfaces because "management-access interface " cannot bind to a BVI, which is how they come out of the box.

Add the fiasco that is getting firepower work properly and stay working on top of that and I really am quite annoyed that I have to deal with this crap when there are other NGFWs for comparable cost that are much less of a nightmare to manage.

Thankfully we don't do firepower at all, we have a config standard that removes BVI as well (for devices that need it), though I don't think the 5515/5516s come by default like the 5506's. I do long for Fortinet's as lovely as that sounds, but it looks like we're moving to SonicWALL

Adbot
ADBOT LOVES YOU

MF_James
May 8, 2008
I CANNOT HANDLE BEING CALLED OUT ON MY DUMBASS OPINIONS ABOUT ANTI-VIRUS AND SECURITY. I REALLY LIKE TO THINK THAT I KNOW THINGS HERE

INSTEAD I AM GOING TO WHINE ABOUT IT IN OTHER THREADS SO MY OPINION CAN FEEL VALIDATED IN AN ECHO CHAMBER I LIKE


Client requirement is to capture all the logs for compliance (they are a bank). Used UDP in the end, but i might have swapped to TCP temporarily, I forget, been a while now.

I found that if you have 2 syslog servers configured, it won't send everything to both log servers (I haven't tested if it's because they are the same IP but different ports or if that will happen with 2 completely separate IPs), it will only send everything to the first server in teh list and then admin level events only to the second server.

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply