!! To Unregister
vi /etc/crm/policies/cml/NetworkProtector/mgmt/npmgmt1_0.xml
CHANGE
    <Config Enabled=\'true\' GroupNameHint=\'<group>\' HeartbeatInterval=\'900\' UseLocalSettings=\'true\'>
TO
    <Config Enabled=\'false\' GroupNameHint=\'<group>\' HeartbeatInterval=\'900\' UseLocalSettings=\'true\'>

service iss-spa restart

[ # ]

egrep -o " version='.*' xml" /etc/crm/policies/cml/NetworkProtector/fwm/npfwm1_0.xml        !! Firewall/VPN
egrep -o " version='.*' xml" /etc/crm/policies/cml/NetworkProtector/ssls/npssls1_0.xml      !! SSL VPN
egrep -o " version='.*' xml" /etc/crm/policies/cml/NetworkObjects/networkobjects1_0.xml    !! Network Objects Version

[ # ]

!! Snoop Filter - More basic capture
!! Enable
snoop filter ip src-ip <src IP> dst-ip <dest IP>
snoop
!! Disable
snoop off
snoop filter del

!! Flow Filter - Much more information on the packet flow
!! Enable
set ff src-ip <src IP> dst-ip <dest IP>
debug flow basic
!! Disable
undebug all
unset ff  !! Unset the filter op

Notes:

  • Use 'get db st' to view the output
  • Use 'clear db' to clear the capture but keep it running

[ # ]

tail -f /var/log/messages | grep vpn  !! View VPN logs
echo /config/userdb/list | igcli -n   !! View VPN Users
service sslvpn-plus status            !! View SSL VPN status
tail -f /var/log/messages | grep sslvpnstatslogd  !! View SSL VPN user logs

!! View VPN Tunnels
echo /config/sad/salist | igcli -n

echo "/config/sad/saflush *" | igcli -n           !! Teardown ALL ipsec SAs
echo /config/sad/saflush <vpn name> | igcli -n  !! Teardown a specific ipsec SA
echo /config/ike/saflush | igcli -n             !! Teardown ALL ike SAs

[ # ]

grep ruleorder /var/log/messages | awk -Fruleorder= '{print $2}' | sort | uniq -c | sort -nr | awk 'BEGIN {print "Rule\\tHits";}{print $2,"\\t",$1}'

[ # ]

egrep "iss-(spa|fvmCfg)" /var/log/messages

[ # ]

htpasswd /var/www/auth/htpasswd admin

Notes:

  • This resets the Admin password required to login to the LMI of the device.

[ # ]

service hearbeat restart

Notes:

  • Performed on the active unit

[ # ]

!! Traffic still needs to be allowed on the inside ACL. This ACL will still be hit first !!
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any eq https

!! The first ACL is for bypassing the proxy !!
access-list WCCP_Redirect extended deny ip object-group ProxyBypass any
access-list WCCP_Redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq 80
access-list WCCP_Redirect extended permit tcp 192.168.1.0 255.255.255.0 any eq 443

!! Proxy ACL !!
access-list WCCP-Proxy extended permit ip host <Proxy Server> any

!! The service id (web-cache and 70 in the following cases) is configured on the proxy. We need to know this information from the client !!
!! Commonly used service IDs !!
!! web-cache or 0 - HTTP !!
!! 53 - DNS !!
!! 60 - FTP !!
!! 70 - HTTPS !!
!! The following redirects HTTP traffic based on the WCCP_Redirect ACL !!
wccp web-cache redirect-list WCCP_Redirect group-list WCCP-Proxy
wccp interface inside web-cache redirect in

!! The following redirects HTTPS traffic based on the WCCP_Redirect ACL !!
wccp 70 redirect-list WCCP_Redirect group-list WCCP-Proxy
wccp interface inside 70 redirect in

[ # ]

debug wccp events
debug wccp packets
sh wccp

[ # ]