cphastop
mount -t iso9660 -o loop <iso_image> /mnt/cdrom
cd /mnt/cdrom
patch add cd

Notes:

  • It's best to verify these steps from Release Notes
  • After install, modify CP object in policy to reflect new version and push policy
  • HFAs will use ./UnixInstallScript instead of 'patch add cd'

[ # ]

route add -net <IP>/<cidr> gw <next hop IP>
route add -host <IP> gw <next hop IP>
route add default gw <gateway>
route del -net <IP>/<cidr> gw <next hop IP>
route --save

[ # ]

// Storing information in AWK
RuleNum             - { rule = substr($0, match($0, /rule=[0-9]+/)+5, RLENGTH-5) };
Origin                    - { orig = substr($0, match($0, /orig=[0-9.]+/)+5, RLENGTH-5) };
Protocol               - { proto = substr($0, match($0, /proto=[0-9a-zA-Z]+/)+6, RLENGTH-6) };
DstPort                 - { port = substr($0, match($0, /service=[0-9]+/)+8, RLENGTH-8) };
SrcIP                      - { srcip = substr($0, match($0, /src=[0-9.]+/)+4, RLENGTH-4) };
DstIP                     - { dstip = substr($0, match($0, /dst=[0-9.]+/)+4, RLENGTH-4) };
xSrc                  - { xsrc = substr($0, match($0, /xlatesrc=[0-9.]+/)+9, RLENGTH-9) };
NatRule                - { natrule = substr($0, match($0, /NAT_rulenum=[0-9]+/)+12, RLENGTH-12) };

// Example - The following will count the protocols and ports hitting a specific rule (note: lea log format may have changed since writing this so should not be relied on completely)
grep 'orig=<ip> ' <log-filename> | grep 'rule=<rule#> ' | awk '{ proto = substr($0, match($0, /proto=[0-9a-zA-Z]+/)+6, RLENGTH-6) }; { port = substr($0, match($0, /service=[0-9]+/)+8, RLENGTH-8) }; {print proto " " port};'  | sort | uniq -c | sort -nr | awk 'BEGIN {print "\nHits\tProto\tPort";}{print $1"\t"$2"\t"$3}'

Notes:

  • The LEA logs order and field locations may have changed since this was created. May need modifications before working.
  • Useful for parsing the logs from LEA and looking for specific rules

[ # ]

Delete lock file from the following possible locations

  • $FWDIR/tmp
  • $FWDIR/log

Notes:

  • This should only be done if a user is showing locked even when they are logged out. Do NOT perform while a user is actually logged in.

[ # ]

cp_conf admin get    !! View current administrators
cp_conf admin add <user> <passw> <r|w>    !! Add user with read-only (r) or write (w) permissions
cp_conf admin del <admin1> <admin2> ...   !! Delete user(s)

cp_conf client get   !! View currently defined GUI clients
cp_conf client add <ip/netmask> !! Add a GUI client
cp_conf client del <GUI Client 2> <GUI Client 2> ... !! Delete GUI client(s)
cp_conf client createlist <GUI Client 1> <GUI Client 2>...  !! Add new GUI clients list

Documentation

[ # ]

useradd -u 0 -g 0 -o -s /bin/bash <username>

[ # ]

webui enable <port>
webui disable

Documentation

[ # ]

cphaprob stat  !! view failover status
cphaprob -a if  !! view interface VIP configuration

[ # ]

fwha_vmac_global_param_enabled 1        !! Enable Until Reboot
fwha_vmac_global_param_enabled 0        !! Disable (default)

vi $FWDIR/boot/modules/fwkern.conf        !! Enable Permanently
fwha_vmac_global_param_enabled=1

Notes:

  • This is useful so that the MAC addresses of the VIPs do not change on failover of a cluster. This may correct issues with switches holding onto the old VIP MAC address.

Documentation

[ # ]

chsh -s /bin/bash <username>

[ # ]