What is iRule in F5 Load balancer

An iRule basically is a script that executes against network traffic passing through an F5 appliance. iRules can write simple, network-aware pieces of code that will manipulate network traffic in a variety of ways. Regardless of whether you’re looking to do some form of custom persistence, setting custom settings for the TCP/UDP protocols or rate-limiting [...]

F5 101 Application Delivery Fundamentals-Study Notes-OSI Layer

Explain, compare, and contrast the OSI layers http://www.tcpipguide.com/free/t_OSIReferenceModelLayers.htm  7 – Application Interacts with the user (FTP/HTTP/SMB/SSH/etc.) 6 – Presentation Converts information into data structures that are understandable by/useful to the system (XML/TLV/JSON) SSL/WEP/WPA 5 – Session Allows two endpoints to exchange data for a period of time. NetBIOS, TCP/IP Sockets, RPCs Not necessarily the length [...]

PCNSE Study Notes: Global Protect

Overview GlobalProtect: Solution to VPN Issues Extends NGFW to endpoints Deilvers full traffic visibility Simplifies Management Unifies policies Stops Advanced Threat Components Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal Gateways – Provide Security Enforcement for traffic External gateways provide security enforcement and VPN Access [...]

PCNSE Study Notes: Decryption

Decryption Concepts Encrypted traffic is growing every year PAN’s can decrypt SSHv2 and SSL/TLS inbound and outbound traffic SSL Establishment includes: Client – requests SSL connection Server – sends server public cert Client – Verifies Cert Client – sends encrypted session key Server – begins encrypted communications session When an SSL session is first established [...]

PCNSE Study Notes: Content-ID

Overview Scans traffic for/offers protection against/can do: Software Vulnerability exploits – detects attempts to exploit known software vulnerabilities Viruses – detects infected files crossing the firewall Spyware – detects spyware downloads and already infected system traffic Malicious URL’s – blocks URL’s known to be locations that host or assist any of the content scanned with [...]

PCNSE Study notes: App-ID

Application ID Overview An application is a specific program or feature who’s communication can be labeled, monitored and controlled App-ID does additional work beyond just port Port-based rules use ‘Service’ Application-based rules use ‘application’ Application rules will allow only the application traffic that is allowed (ex: FTP) and not other traffic using that port. Zero-day [...]

PCNSE Study Notes: Platforms and Architecture

Here is the datasheet for the hardware platforms, has some good information to look over! https://www.paloaltonetworks.com/resources/datasheets/product-summary-specsheet Security Platform Overview Recon, Weaponize, Deliver, Exploitation, Installation, Command & Control, Act on Objective NGFW: Identifies and inspects all traffic Blocks known threats Sense unknown to cloud Extends to mobile and virtual networks Threat Intel Cloud: Gathers potential threats [...]

F5 LTM Troubleshooting- Things to check if Pool member is down

Check if the server is reachable from the F5 Load balancer [[email protected]:Active:Standalone] config # ping PING ( 56(84) bytes of data. 64 bytes from icmp_seq=1 ttl=255 time=3.83 ms 64 bytes from icmp_seq=2 ttl=255 time=2.88 ms ———————————————————— If you want to ping from particular vlan you can specify vlan name after –I [...]

IP address and Subnetting

IP ADDRESS & SUBNETTING Private IP addressing – Subnet Mask calculation – If the CIDR value is /25 then subnet mask will be – In binary – 11111111.11111111.11111111.10000000  (8+8+8+1 = 25) Same way if subnet mask is – the CIDR value will be /18 (8+8+2) Wild card calculation – Whatever the subnet mask [...]