What is iRule in F5 Load balancer

An iRule basically is a script that executes against network traffic passing through an F5 appliance. iRules can write simple, network-aware pieces of code that will manipulate network traffic in a variety of ways. Regardless of whether you’re looking to do some form of custom persistence, setting custom settings for the TCP/UDP protocols or rate-limiting [...]

F5 101 Application Delivery Fundamentals-Study Notes-OSI Layer

Explain, compare, and contrast the OSI layers http://www.tcpipguide.com/free/t_OSIReferenceModelLayers.htm  7 – Application Interacts with the user (FTP/HTTP/SMB/SSH/etc.) 6 – Presentation Converts information into data structures that are understandable by/useful to the system (XML/TLV/JSON) SSL/WEP/WPA 5 – Session Allows two endpoints to exchange data for a period of time. NetBIOS, TCP/IP Sockets, RPCs Not necessarily the length [...]

PCNSE Study Notes: Global Protect

Overview GlobalProtect: Solution to VPN Issues Extends NGFW to endpoints Deilvers full traffic visibility Simplifies Management Unifies policies Stops Advanced Threat Components Portal – Provides Management functions for GP; every client connecting to GP receives configuration information from the portal Gateways – Provide Security Enforcement for traffic External gateways provide security enforcement and VPN Access [...]

PCNSE Study Notes: Content-ID

Overview Scans traffic for/offers protection against/can do: Software Vulnerability exploits – detects attempts to exploit known software vulnerabilities Viruses – detects infected files crossing the firewall Spyware – detects spyware downloads and already infected system traffic Malicious URL’s – blocks URL’s known to be locations that host or assist any of the content scanned with [...]

PCNSE Study notes: App-ID

Application ID Overview An application is a specific program or feature who’s communication can be labeled, monitored and controlled App-ID does additional work beyond just port Port-based rules use ‘Service’ Application-based rules use ‘application’ Application rules will allow only the application traffic that is allowed (ex: FTP) and not other traffic using that port. Zero-day [...]

PCNSE Study Notes: Security Policies and NATs

Security Policy fundamental concepts All traffic must match a session and security policy (stateful firewall) Basics are a source and destination zone Granular includes Source/Dest Address, ports, application, URL Categories, Source user and HIP profiles. Sessions are established for bidirectional data flow. Policies > Security has the current security rules Columns on this page can [...]

PCNSE Study notes: Interface and Routing Configuratin

Security Zones and interfaces Security zones are used to group like-devices, user groups, locations or specific-use systems. In-band interfaces are traffic-passing ports, ex: ethernet1/1, 1/2, etc Each interface (or subinterface) can only be assigned to one zone A zone can have multiple physical or logical interfaces Traffic inside zones is allowed by default. Example: Trust [...]

PCNSE Study Notes: Platforms and Architecture

Here is the datasheet for the hardware platforms, has some good information to look over! https://www.paloaltonetworks.com/resources/datasheets/product-summary-specsheet Security Platform Overview Recon, Weaponize, Deliver, Exploitation, Installation, Command & Control, Act on Objective NGFW: Identifies and inspects all traffic Blocks known threats Sense unknown to cloud Extends to mobile and virtual networks Threat Intel Cloud: Gathers potential threats [...]

F5 LTM Troubleshooting- Things to check if Pool member is down

Check if the server is reachable from the F5 Load balancer [[email protected]:Active:Standalone] config # ping 172.16.20.10 PING 172.16.20.10 (172.16.20.10) 56(84) bytes of data. 64 bytes from 172.16.20.10: icmp_seq=1 ttl=255 time=3.83 ms 64 bytes from 172.16.20.10: icmp_seq=2 ttl=255 time=2.88 ms ———————————————————— If you want to ping from particular vlan you can specify vlan name after –I [...]

IP address and Subnetting

IP ADDRESS & SUBNETTING Private IP addressing – Subnet Mask calculation – If the CIDR value is /25 then subnet mask will be – 255.255.255.128. In binary – 11111111.11111111.11111111.10000000  (8+8+8+1 = 25) Same way if subnet mask is – 255.255.192.0 the CIDR value will be /18 (8+8+2) Wild card calculation – Whatever the subnet mask [...]

What are the STP times?

 Hello Timer  Forward delay Timer  Max-age Timer   Hello Timer: How often switches send BPDU’s by default every 2 seconds Forward delay Timer: how much long a port must spend time in both learning and listening state. By default 15 seconds Max-age Timer: How long a switch will retain BPDU information from a neighbor switch [...]