!! Ensure ssh is allowed on the interface you are attempting to access
config system interface
edit <interface>
set allowaccess ping https ssh !! SSH added to the other allowed admin options
end
!! Enable SCP
config system global
set admin-scp enable
end
!! To backup the system
scp admin@<ip>:sysconfig <local-file>
Notes:
- SCP is disabled by default and may become disabled after an upgrade
config admin
edit <username>
set accprofile "super_admin"
set password <password>
set trusthost1 <ip>/<cidr>
set trusthost2 <ip>/<cidr> // Add as many as required
end
sync-prefs
debug wccp events
debug wccp packets
sh wccp
!! Traffic still needs to be allowed on the inside ACL. This ACL will still be hit first !!
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any eq https
!! The first ACL is for bypassing the proxy !!
access-list WCCP_Redirect extended deny ip object-group ProxyBypass any
access-list WCCP_Redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list WCCP_Redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq 443
!! Proxy ACL !!
access-list WCCP-Proxy extended permit ip host <Proxy Server> any
!! The service id (web-cache and 70 in the following cases) is configured on the proxy. We need to know this information from the client !!
!! Commonly used service IDs !!
!! web-cache or 0 - HTTP !!
!! 53 - DNS !!
!! 60 - FTP !!
!! 70 - HTTPS !!
!! The following redirects HTTP traffic based on the WCCP_Redirect ACL !!
wccp web-cache redirect-list WCCP_Redirect group-list WCCP-Proxy
wccp interface inside web-cache redirect in
!! The following redirects HTTPS traffic based on the WCCP_Redirect ACL !!
wccp 70 redirect-list WCCP_Redirect group-list WCCP-Proxy
wccp interface inside 70 redirect in
diag debug report
get sys !! Uptime
get perf session !! Connection Count
get perf cpu detail
get perf cpu all detail !! * means above threshold
get event level critical !! View failovers or other critical evens
get counter statistics !! CRC errors, etc
diag test app ipsmonitor <#>
- 1: Display IPS engine information
- 2: Toggle IPS engine enable/disable status
- 3: Display restart log
- 4: Clear restart log
- 5: Toggle bypass status
- 97: Start all IPS engines
- 98: Stop all IPS engines
- 99: Restart all IPS engines and monitor
firewall-<disable|enable>
set log exclude-id <#> user-id <username> event-type <event-id> scr-ip <ip> src-netmask <netmask> dst-ip <ip> dst-netmask <netmask> dst-port <port> <success|failure>
You can set any of the above options to attempt to hide specific log messages. For instance, let's assume I wanted to stop logging the following admin login messages:
Feb 10 00:00:01 192.168.1.1 LocalFirewall: NetScreen device_id=LocalFirewall [Root]system-information-00519: ADM: Local admin authentication successful for login name admin (2014-02-10 00:00:01)
The following would work to suppress all successful logins with mesage id 00519 for the 'admin' user
set log exclude-id 1 user-id "admin" event-type 519 success
Notes
- ScreenOS version 6.2+ required
- A maximum of 10 exclude rules are allowed