- Use '/usr/sbin/dmidecode | grep "Product Name" to view specific hardware name
!! Configuring the captures !! Method 1 - ACL Capture access-list ryan permit ip host <source> host <dst> capture ryan-inside access-list ryan int <int> show capture ryan-inside !! Method 2 - Match Capture (This is bidirectional) capture ryan-inside interface <int> match ip host <src ip> dest <dest ip> sh cap ryan-inside !! Obtaining capture as PCAP file !! 1.) Method 1 - Copying to another location copy /pcap capture:/<capture-name> <destination> !! Example: copy /pcap capture:/mycap ftp://18.104.22.168/incoming/mycap.pcap !! 2.) Method 2 - Downloading from the firewall Visit in Browser: https://<FW-IP>/admin/capture/<capture_name>/pcap !! Example: Visit in Browser: https://22.214.171.124/admin/capture/mycap/pcap
- To download the PCAP, ensure you are connecting on the same port as ASDM is configured ('show run http')
lvresize -L 20GB /dev/vg_splat/lv_current !! Sets the logical volume size Reboot into maintenance mode !! View boot menu to see 'Maintenance Mode' option - you do need the expert password. if your current acct has expert type "passwd root" to reset it. e2fsck -f /dev/mapper/vg_splat-lv_current resize2fs /dev/mapper/vg_splat-lv_current Reboot
- Especially useful for UTMs with small root partitions. Upgrades can fail due to this.
!! Define the traffic that will require the custom timeout access-list <Match-ACL-Name> extended permit <traffic-to-match> !! Define the class-map with the match of the ACL above class-map <Class-Map-Name> match access-list <Match-ACL-Name> !! Define the policy-map to be applied to an interface !! Note: Only one policy-map can be defined per interface. If you have one already defined for an interface, add the 'class' and settings to the existing policy-map policy-map <Policy-Map-Name> class <Class-Map-Name> set connection timeout idle <Timeout-in-HH:MM:SS-Format> !! Note: Only one policy-map can be defined per interface. If you have one already defined for an interface, the following line is not necessary service-policy <Policy-Map-Name> interface <interface>
access-list SSH-24Hour-ACL extended permit tcp object-group SSH_24Hour_Hosts any eq 22 class-map SSH-24Hour-ClassMap match access-list SSH-24Hour-ACL policy-map inside-policy-map class SSH-24Hour-ClassMap set connection timeout idle 24:00:00 service-policy inside-policy-map interface inside
- See documentation for information regarding the interface direction
- This was designed for versions 8.3+ although it may work on version 8.2
configure terminal config factory-default write memory
- Reboot device
- At prompt, hit escape to break the boot sequence
- 'confreg' !! prompt will start with 'rommon #'
- Note your current configuration register (0x1 is the default)
- Choose 'Y' to change the configuration
- Accept all the defaults EXCEPT 'disable system configuration'. Set this to 'Y'
- 'enable' after device has booted !! Just hit enter for the password
- 'copy startup-config running-config'
Reset the passwords in 'conf t':
password <password> enable password <password> username <username> password <password>
- 'copy running-config startup-config'
- Must be performed via the console port
interface Ethernet0/1 !! inside for instance ospf cost 10 ospf message-digest-key 1 md5 <md5 key> ospf authentication message-digest interface Ethernet0/2 !! outside for instance ospf cost 10 exit router ospf 1 network <internal ip> <internal network> area <area number> !! Each network that we will advertise log-adj-changes redistribute rip subnets !! redistribute RIP if needed ! exit