Smoothwall Express 3.1 Final Released Team - 21 October 2014 Smoothwall. Smoothwall Express Team - 21 October 2014. Smoothwall Express Community. After 1½ years of development, the Smoothwall Express development team have. Hi, Please advise which is easiest to implement robust vmware proxy appliance. Some monitoring and reporting would be nice too. J. Hi, Thanks so much for such interesting articles! I propose another tipical scenario: - You install a GNU/linux OS at secondary (non bootable) partition on your windows box. - After try and setup a lot of things you decide to. Ubuntu: Lucid - From Ubuntu 1. LTS (Lucid Lynx) Introduction On April 2. Ubuntu 1. 0. 0. 4 LTS was released. It is codenamed Lucid Lynx and is the successor to Karmic Koala (9. Karmic+1). Lucid Lynx is an LTS (Long Term Support) release. It will be supported with security updates until April 2. I noticed you now have to watch approx. 11 second adverts for popular YouTube videos! This video shows you dont have to watch them if you have a SmoothWall Guardian filter running. For more information on SmoothWall. Yes, you can use hardware RAID or software RAID with your Amahi server! To be more precise, Amahi relies on the base Linux OS, on your hardware and the BIOS for RAID support. In other words, RAID is an OS, motherboard and BIOS. 1. Cisco IOS Router (7200 series) with NATTing connected to the internet (ACLs configured for specific subnets being used behind the Smoothwall). 2. Smoothwall UTM Master and Failover with Multiple External connections. April 2. 01. 5 for the server version. This guide is maintained at the Linux Center of the University of Latvia. Please help test and perfect this guide. To edit pages you need to register. General Notes General Notes This is the original Ubuntuguide. You are free to copy this guide but not to sell it or any derivative of it. Copyright of the names Ubuntuguide and Ubuntu Guide reside solely with this site. This Ubuntu help guide is neither sold nor distributed in any other medium. Beware of copies that are for sale or are similarly named; they are neither endorsed nor sanctioned by this guide. Ubuntuguide is not associated with Canonical Ltd nor with any commercial enterprise. Ubuntu allows a user to accomplish tasks from either a menu- driven Graphical User Interface (GUI) or from a text- based command- line interface (CLI). In Ubuntu, the command- line- interface terminal is called Terminal, which is started: Menu - > Applications - > Accessories - > Terminal. Text inside the grey dotted box like this should be put into the command- line Terminal. Many changes to the operating system can only be done by a User with Administrative privileges. User's privileges to the Administrator level temporarily (i. Example. 'gksudo' can be used instead of 'sudo' when opening a Graphical Application through the "Run Command" dialog box or as a menu item. Example. gksudo gedit /etc/apt/sources. Many file management tasks can be accomplished with root Administrative privileges by starting the Nautilus file manager in a similar fashion. Use 'gksudo' if starting Nautilus from a menu item.). For example, "man sudo" will display the manual page for the "sudo" command. While "apt- get" and "aptitude" are fast ways of installing programs/packages, you can also use the Synaptic Package Manager, a GUI method for installing programs/packages. Most (but not all) programs/packages available with apt- get install will also be available from the Synaptic Package Manager. In this guide, when you see. Synaptic and install it that way. Many instructions use the text editor "nano" (which is universally available in Linux). However, it is often easier to use the text editor "gedit" in Ubuntu instead. Menu" refers to the menu bar at the top (or bottom) of the desktop, akin to the Start menu in Microsoft Windows or the Menu bar of the Apple Macintosh. If you are using the 6. Other versions How to find out which version of Ubuntu you're using Open the command terminal and type. How to find out which kernel you are using uname - a. Newer Versions of Ubuntu Ubuntu has a six month release cycle, with releases in April and October. Maverick Meerkat (1. October 2. 01. 0. This is not an LTS version. Older Versions of Ubuntu Other Resources Ubuntu Forums has a large community for online solutions and specific help. Ubuntu Resources Gnome Project Ubuntu Screenshots and Screencasts New Applications Resources Other *buntu guides and help manuals Kubuntuguide - - Kubuntu uses the popular KDE desktop environment. Lubuntu - - Lubuntu can run with as little as 2. Mb RAM. It is better for older machines with limited resources. Ubuntu Server Guide - - a good starting reference for server packages. Ubuntu Doctors Guild - - a collection of tips for using (K)ubuntu Linux in health care environments. Skole. Linux - - a collection of (open- source) educational tools for Debian/Ubuntu Linux. Installing Ubuntu Warning: During installation, there is an advanced option (Ready to install - > Advanced) to install the GRUB2 bootloader into the same partition into which the (K)Ubuntu OS is installed but not to change the MBR (Master Boot Record). Pay careful attention during this step if your system uses a boot partition, uses multiple OS (more than 2), or chainloads bootloaders. For systems with such a boot partition, it is best not to overwrite the MBR. Hardware requirements Ubuntu Lucid Lynx runs well with as little as 3. Mb RAM. (The GUI installer requires a minimum of 2. Mb RAM, while the alternative text- based installer can run using only 1. Mb RAM.) Netbooks can run Ubuntu Lucid Lynx. The installation takes between 3- 4 Gb hard drive space, and 8 - 1. Gb will be needed to run comfortably. However, at least 2. Gb will likely be needed for routine usage.). If you have an older computer with less memory than this, consider Lubuntu (if 1. Mb RAM or greater), Puppy. Linux (if 2. 56 Mb or greater), or DSL (if minimal RAM, limited hard drive space, running from a USBdrive, or running from within another OS). Fresh Installation See this guide for burning the ISO image to a CD ("Live. CD"). Use the Live. CD for installation. The Alternate CD version also allows the use of the same fast text- based installer used in the Server version (requiring less RAM), and there are more installation options than on the Desktop CD ("Regular Download"). Dual- Booting Windows and Ubuntu A user may experience problems dual- booting Ubuntu and Windows. In general, a Windows OS should be installed first, because its bootloader is very particular. A default Windows installation usually occupies the entire hard drive, so the main Windows partition needs to be shrunk, creating free space for the Ubuntu partitions. You should clean up unnecessary files and defragment the drive before resizing.) See changing the Windows partition size. After shrinking a Windows partition, you should reboot once into Windows prior to installing Ubuntu or further manipulating the partitions. This allows the Windows system to automatically rescan the newly- resized partition (using chkdsk in XP or other utilities in more recent versions of Windows) and write changes to its own bootup files. If you forget to do this, you may later have to repair the Windows partition bootup files manually using the Windows Recovery Console.). Newer installations of Windows use two primary partitions (a small Windows boot partition and a large Windows OS partition). An Ubuntu Linux installation also requires two partitions - - a linux- swap partition and the OS partition. The Linux partitions can either be two primary partitions or can be two logical partitions within an extended partition. Some computer retailers use all four partitions on a hard drive. Unless there are two free partitions available (either primary or logical) in which to install Ubuntu, however, it will appear as if there is no available free space. If only one partition on a hard drive can be made available, it must be used as an extended partition (in which multiple logical partitions can then be created). Partition management can be done using the GParted utility. If there are only two existing primary partitions on a hard drive (and plenty of free space on it) then there will be no problem installing Ubuntu as the second operating system and it is done automatically from the Ubuntu Live. CD. Allow the Ubuntu Live. CD to install to "largest available free space." Alternatively, if there is an extended partition with plenty of free space within it, the Ubuntu Live. CD will install to this "largest available free space" as well. The main Windows partition should be at least 2. Gb (recommended 3. Gb for Vista/Windows 7), and a Ubuntu partition at least 1. Gb (recommended 2. Gb). Obviously, if you have plenty of disk space, make the partition for whichever will be your favoured operating system larger. For a recommended partitioning scheme, see this section. Alternatives include. Wubi (Windows- based Ubuntu Installer), an officially supported dual- boot installer that allows Ubuntu to be run mounted in a virtual- disk within the Windows environment (which can cause a slight degradation in performance). Because the installation requires an intact functioning Windows system, it is recommended to install Ubuntu in this manner for short- term evaluation purposes only. A permanent Ubuntu installation should be installed in its own partition, with its own filesystem, and should not rely on Windows. Easy. BCD, a free Windows- based program that allows you to dual- boot Windows 7/Vista and Ubuntu (as well as other operating systems) by configuring the Windows 7/Vista bootloader. Installing multiple OS on a single computer Warning: During installation, there is an advanced option (Ready to install - > Advanced) to install the GRUB2 bootloader into the same partition into which the (K)Ubuntu OS is installed but not to change the MBR (Master Boot Record). Pay careful attention during this step if your system uses a boot partition, uses multiple OS (more than 2), or chainloads bootloaders. For systems with such a boot partition, it is best not to overwrite the MBR. Example, from the Desktop version GUI installer, a point in the installation will be reached. Summary - > Advanced - > Device for boot loader installation: /dev/sda. In this example, this setting will cause the GRUB2 bootloader to be installed into /dev/sda. K)Ubuntu OS is being installed). The MBR (Master Boot Record) will not be changed. However, if the default setting of /dev/sda is allowed, then GRUB2 will not only be installed into partition dev/sda. K)Ubuntu OS is installed) but also the MBR (Master. Boot. Record) will be changed so that the copy of GRUB2 stored there will be designated as the master bootloader for all Operating Systems on the entire computer. This may be undesirable if you wish to use bootloaders other than GRUB2. If you want to install more than 2 operating systems on a single computer, check out these tips. Also see these tips regarding manipulating partitions. Use Startup Manager to change Grub settings Grub is a bootup utility that controls which OS to load by default and other bootup settings. Network Engineer | Farzand Ali (GNS3/Network+/ITIL/CCNA(Rn. S- Voice- Wireless- Security)/CCDA/CCNP Rn. S/SCWO/SCWE/SCFO/SCFE/Linux+/LPI LPIC1/SUSE CLA)The following must be identical: Model (5. Amount of RAMNumber of Interfaces (should be the same type as well)External Modules (CSC- SSM or IPS- SSM)Activation key with the same features. Failover mode. Encryption Level. Number of VPN peers*** Same size Flash is not required ****Definitions: Active - > Responsibel for creating the state and translation tables, transferring the data packets and monitoring the other units. Standby - > reponsible for monitoring the status of the active unit. The active and standby units are connected through a dedicated network link and send failover- related messages to each other. This connection, known as the. FAILOVER CONTROL LINK is established over a dedicated failover LAN interface.*** When failover occurs, the standby unit takes over the IP and MAC address that were used by the previous unit. FAILOVER CONTROL LINK communicates: Unit state (active or standby)Network link status. Hello or keepalive messages (which are sent on all interfaces. This protocol uses IP 1. MAC address exchange. Configuration replication from the active to standby. Conditions that trigger failover: – Administrator has manually switched over from active to standby- > “no failover active†on the active unit- > “failover active†on the standby unit– Active unit has lost power or crashed due to a hardware or software defect– Standby unit has stopped receiving hello (or keepalive) packets on the failover interface. If 3 consecutive hello packets are missed, additional testing packets are sent to the remaining data- passing interfaces. If it still does not receive a response from the active unit, it assumes that a failure has occured and takes over– The failover control link is down. The ASA sends additional testing packets to the remaining interfaces to determine where the peer’s control interface is also down. If the peer’s control interface is also down, then failover does not occure and the failed interface is marked as “Failedâ€. However, if the peer’s control interface is not down, then failover occurs because the standby unit is deemed healthier than the current active.– The link state of the data- passing interface is down. The ASA marks the interface as “Failed†and initiates the failover process. Additionally, if the standby unit does not receive the hello packets for two consecutive polling period on an interface, the appliance goes through a series of additional tests on the interface to determine the root cause of the problem. FAILOVER INTERFACE TESTS: Link up/down tests - > status of the NIC. For example hardware port failure, unplugged cable and a failure on the hub or switch to which the interfaces are connected. Network Activity Test - > All packets received are counted for up to 5 seconds. If any packets are received, the interface is marked as operational. ARP Test - > ARP table is read for the last 1. It sends an ARP request to those machines one at a time and then counts packets for up to 5 seconds. If any packets are received, the interface is marked as operational. Broadcast Ping Test - > Sends a broadcast ping request and then counts all received packets for up to 5 seconds. If any packets are received, the interface is operational.*** If both active and standby interfaces fail all tests, then both interfaces go into the “unknown stateâ€. The interface with the unknown state do not count toward the monitored inteface failover limit ***CONNECTION TABLE: Connection entries include the source and destination IP address, protocol used, current state of the connection, the interface to which it is tied and the number of bytes transferred. In stateful failover, the active unit sends updates to the standby unit whenever these is a change in the state table. In this mode, the active unit sends stateful updates over a dedicated link to the the standby unit. When the standby unit becomes active, it does not need to build any connection entries because all the entries already exist in its database.*** You can use the same physical interface for both failover control and stateful link. However it is not recommended if your appliances generate a lot of state updates. Additionally, it is recommended that you use the fastest interface as the stateful link and that the latency for the link should be less than 1. What is not replicated in stateful failover: Uauth cache. URL Filtering cache. TCP Intercept. SNMP Firewall MIBRouting Table. State Info for SSMPhone Proxy sessions. IPv. 6 sessions. Types of failover - > Device- level failover and interface- level failover. Device- level failover - > Active/Standby and Active/Active. Active/Standby Failover: Active unit passes traffic. Standby unit monitors active unit. Both units send hello messages to monitor each other’s state. ELECTION PROCESSWhen both are up and running, one unit assumes the role of active while the other unit assumes the standby role. If both units boot up simultenously, the primary unit takes over the active role and the secondary goes into standby. The primary unit uses the active IP address and its MAC address as the Layer 3 and Layer 2 respectively. If failover occurs, the secondary keeps using the IP address and the primary’s MAC addrss as the active. If one of the units boots up and detects an active failover unit, it goes into standby regardless of the primary or secondary designation. If one of the units boots up and doesn’t detect an active failover unit, it goes into the active state regardless of its primary or secondary designation. In case both appliances become active, the secondary changes its state to standby as soon as it discovers another active primary firewall while the primary remains active. In case both units become standby, the primary changes its state to active, while the secondary remains standby after they detect each other’s state. ACTIVE/ACTIVE FAILOVERBoth units pass traffic actively. Only supported in multimode. Needs at least two user context to work properly. With stateful failover, both stand connection tables are replicated. Uses per- failover groups instead of per- context**** It is recommended that you don’t oversubscribe the firewalls in active/active failover as during failover, one of the units has to pass all traffic. In active/active failover, it is possible that packets can leave one active unit and can return to the other active unit. The ASA implements a feature known as “asymmetric routing†to guide packets back to the context from which they originated. ACTIVE/ACTIVE FAILOVER AND ASYMMETRIC ROUTINGMultiple ISPs or remote locations. Load- balancing or backup** only supported in multimode. If the asymmetric routing feature is enabled, the units restore asymmetric routed packets to the correct interface. The unit that sent the original SYN packet will replicate the connection table entry for the SYN packet to the standby unit over the stateful failover link. When the standby unit receives a packet but does not have an active connection, it checks other interfaces that are in the same asymmetric routing group for the corresponding connection. The Layer 2 information is written and forwarded to the original unit. INTERFACE- LEVEL FAILOVER – REDUNDANT INTERFACESDuring traditional device- level failover, traffic gets disrupted even when stateful failover is enabled. Example. All incomplete TCP sessions. Routing tables (OSPF, RIP, EIGRP, etc)Most Inspection Engines. Interface- level failover is used to avoid device- level switchover which is much more disruptive. Redundant interfaces are only supported in version 8. GUIDELINESAll interfaces supported except Ma. Ma. 0/1. Up to 8 redundant interfaces. Network- related commands go on the redundant interface (nameif, security- level, IP address, etc)Speed, duplex and shutdown go on the physical inteface. Link status for the physical is monitored by default. The standby interface drops all inbound packets and does not send any outbound packets. Interface stats on the redundant interface are a summation of the active and standby interfaces. As soon as a physical interface becomes a member of the redundant interface, its interface stats are cleared. Redundant interfaces use the MAC address of the first member physical interface unless you are manaully assigning a unique virtual MAC address on the redundant interface*** The physical interfaces in the redundant interface must both be of the same physical type*** The redundant interfaces can be configured with or without device- level failover. ACTIVE/STANDBY FAILOVER CONFIGSelect the failover link. Assign failover IP address. Set the failover key (optional)Designate the primary unit. Enable the stateful failover (optional)Enable failover globally. Configure failover on the secondary unit*** There can’t be a “nameif†command on an interface when configuring failover on it. Also “managment- only†needs to be removed. You can use the “failover exec†command to send commands to the correct unit. Failover link is used for failover control messages*** If a failover key is not used, the active appliance sends all information in clear text, including the TCP/UDP states, the user credentials and VPN- related information. You must designate the primary and secondary status through software configureation. If you want to use the failover control interface as the stateful failover link, use the “failover link†command without specifying the physical interface. BOOTSTRAP CONFIG ON SECONDARYEnable the failover control interface“no shutdownâ€Failover designation as secondary“failover lan unit secondaryâ€Failover link interace“failover lan interface failover Gi. Same failover interface IP addresses“failover interface ip failover 1. Same failover shared key“failover key cisco 1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2016
Categories |