Sunday, September 25, 2016

Linux command to install software for various Distro

Ubuntu (*buntu, Mint linux)
Apt-get install
apt-get update
apt-get remove
apt-get dist-upgrade
apt-get purge

yum install
yum update
yum remove

yast2 --install
yast2 --remove



emerge package    # Install
emerge -C package # Remove a package
emerge -s keyword # Search for packages (package names only)
emerge -u package # update the package 

pacman -U package.pkg.tar.xz # Local package install
pacman -Syy                  # Refresh package databases
pacman -Syu                  # Update installed packages
pacman -S package            # Install package
pacman -R package            # Remove package

Checkpoint Rule Processing Order

Rule Processing Order

The rule base is processed in order. However, other things happen in the security policy besides checking your defined rules. This is the order of operations:
  1. Anti-spoofing checks
  2. Rule base
  3. Network Address Translation
When you take into account the FireWall-1 global properties, you end up with the following order:
  1. Anti-spoofing checks
  2. "First" Implicit Rules
  3. Explicit Rules (except for the final rule)
  4. "Before Last" Implicit Rules
  5. Last Explicit Rule (should be cleanup rule)
  6. "Last" Implicit Rules
  7. Network Address Translation

Wednesday, October 9, 2013

SSH slowness

For those experiencing SSH slowness, you might want to take note of the following:

 If you are getting sluggish response in getting the login prompt, it might be due to the fact the the SSH server is trying to perform a reverse lookout on host your are initiating traffic from. Check to confirm it any firewall rules that might be preventing the ssh host from doing a reverse lookup. That might save you sometime to perform a thorough troubleshooting :)

Tuesday, January 15, 2013

CCIE Routing and Switching Lab Exam Topics (Blueprint) v4.0

The following topics are general guidelines for the content likely to be included on the lab exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Exam Sections and Sub-task Objectives
1.00 Implement Layer 2 Technologies √
1.10 Implement Spanning Tree Protocol (STP)
(a) 802.1d
(b) 802.1w
(c) 801.1s
(d) Loop guard
(e) Root guard
(f) Bridge protocol data unit (BPDU) guard
(g) Storm control
(h) Unicast flooding
(i) Port roles, failure propagation, and loop guard operation
1.20 Implement VLAN and VLAN Trunking Protocol (VTP)
1.30 Implement trunk and trunk protocols, EtherChannel, and load-balance
1.40 Implement Ethernet technologies
(a) Speed and duplex
(b) Ethernet, Fast Ethernet, and Gigabit Ethernet
(c) PPP over Ethernet (PPPoE)
1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN), and flow control
1.60 Implement Frame Relay
(a) Local Management Interface (LMI)
(b) Traffic shaping
(c) Full mesh
(d) Hub and spoke
(e) Discard eligible (DE)
1.70 Implement High-Level Data Link Control (HDLC) and PPP
2.00 Implement IPv4
2.10 Implement IP version 4 (IPv4) addressing, subnetting, and variable-length subnet masking (VLSM)
2.20 Implement IPv4 tunneling and Generic Routing Encapsulation (GRE)
2.30 Implement IPv4 RIP version 2 (RIPv2)
2.40 Implement IPv4 Open Shortest Path First (OSPF)
(a) Standard OSPF areas
(b) Stub area
(c) Totally stubby area
(d) Not-so-stubby-area (NSSA)
(e) Totally NSSA
(f) Link-state advertisement (LSA) types
(g) Adjacency on a point-to-point and on a multi-access network
(h) OSPF graceful restart
2.50 Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)
(a) Best path
(b) Loop-free paths
(c) EIGRP operations when alternate loop-free paths are available, and when they are not available
(d) EIGRP queries
(e) Manual summarization and autosummarization
(f) EIGRP stubs
2.60 Implement IPv4 Border Gateway Protocol (BGP)

(a) Next hop
(b) Peering
(c) Internal Border Gateway Protocol (IBGP) and External Border Gateway Protocol (EBGP)
2.70 Implement policy routing
2.80 Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
2.90 Implement filtering, route redistribution, summarization, synchronization, attributes, and other advanced features
3.00 Implement IPv6
3.10 Implement IP version 6 (IPv6) addressing and different addressing types
3.20 Implement IPv6 neighbor discovery
3.30 Implement basic IPv6 functionality protocols
3.40 Implement tunneling techniques
3.50 Implement OSPF version 3 (OSPFv3)
3.60 Implement EIGRP version 6 (EIGRPv6)
3.70 Implement filtering and route redistribution
4.00 Implement MPLS Layer 3 VPNs
4.10 Implement Multiprotocol Label Switching (MPLS)
4.20 Implement Layer 3 virtual private networks (VPNs) on provider edge (PE), provider (P), and customer edge (CE) routers
4.30 Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)
5.00 Implement IP Multicast
5.10 Implement Protocol Independent Multicast (PIM) sparse mode
5.20 Implement Multicast Source Discovery Protocol (MSDP)
5.30 Implement interdomain multicast routing
5.40 Implement PIM Auto-Rendezvous Point (Auto-RP), unicast rendezvous point (RP), and bootstrap router (BSR)
5.50 Implement multicast tools, features, and source-specific multicast
5.60 Implement IPv6 multicast, PIM, and related multicast protocols, such as Multicast Listener Discovery (MLD)
6.00 Implement Network Security
6.01 Implement access lists
6.02 Implement Zone Based Firewall
6.03 Implement Unicast Reverse Path Forwarding (uRPF)
6.04 Implement IP Source Guard
6.05 Implement authentication, authorization, and accounting (AAA) (configuring the AAA server is not required, only the client-side (IOS) is configured)
6.06 Implement Control Plane Policing (CoPP)
6.07 Implement Cisco IOS Firewall
6.08 Implement Cisco IOS Intrusion Prevention System (IPS)
6.09 Implement Secure Shell (SSH)
6.10 Implement 802.1x
6.11 Implement NAT
6.12 Implement routing protocol authentication
6.13 Implement device access control
6.14 Implement security features
7.00 Implement Network Services
7.10 Implement Hot Standby Router Protocol (HSRP)
7.20 Implement Gateway Load Balancing Protocol (GLBP)
7.30 Implement Virtual Router Redundancy Protocol (VRRP)
7.40 Implement Network Time Protocol (NTP)
7.50 Implement DHCP
7.60 Implement Web Cache Communication Protocol (WCCP)
8.00 Implement Quality of Service (QoS)

8.10 Implement Modular QoS CLI (MQC)
(a) Network-Based Application Recognition (NBAR)
(b) Class-based weighted fair queuing (CBWFQ), modified deficit round robin (MDRR), and low latency queuing (LLQ)
(c) Classification
(d) Policing
(e) Shaping
(f) Marking
(g) Weighted random early detection (WRED) and random early detection (RED)
(h) Compression
8.20 Implement Layer 2 QoS: weighted round robin (WRR), shaped round robin (SRR), and policies
8.30 Implement link fragmentation and interleaving (LFI) for Frame Relay
8.40 Implement generic traffic shaping
8.50 Implement Resource Reservation Protocol (RSVP)
8.60 Implement Cisco AutoQoS
9.00 Troubleshoot a Network
9.10 Troubleshoot complex Layer 2 network issues
9.20 Troubleshoot complex Layer 3 network issues
9.30 Troubleshoot a network in response to application problems
9.40 Troubleshoot network services
9.50 Troubleshoot network security
10.00 Optimize the Network
10.01 Implement syslog and local logging
10.02 Implement IP Service Level Agreement SLA
10.03 Implement NetFlow
10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)
10.05 Implement Simple Network Management Protocol (SNMP)
10.06 Implement Cisco IOS Embedded Event Manager (EEM)
10.07 Implement Remote Monitoring (RMON)
10.08 Implement FTP
10.09 Implement TFTP
10.10 Implement TFTP server on router
10.11 Implement Secure Copy Protocol (SCP)
10.12 Implement HTTP and HTTPS
10.13 Implement Telnet

Sunday, July 1, 2012

Ports requirement for routing protocol to work behind firewall.

Port to allow Routing protocol to work behind firewall.

I.Enabling RIP

A. RIP version 1

RIP runs over UDP port 520. It sends and receives all messages on this port; all messages are sent to the local broadcast address. To enable RIP, add a rule to allow all a firewall's neighbors to send messages to UDP port 520 on the local broadcast network. RIP is a predefined service in the Security Gateway GUI.

Source Destination Service Action Track Install On
Neighbor 1 Network 1 Broadcast RIP Accept Gateways
Neighbor 2 Network 2 Broadcast RIP Accept Gateways
Neighbor 3 Network 3 Broadcast RIP Accept Gateways

B. RIP version 2

RIPv2 can use either the RIPv1 broadcast transport mechanism, or a multicast transport (RIP2-ROUTERS.MCAST.NET, To enable RIPv2 in multicast mode, create a workstation object for the multicast address, and add the following rules to your rule base:

Source Destination Service Action Track Install On
Neighbors RIP Accept Gateways

Note that RIP can also be enabled via the Rulebase Properties screen.

II.Enabling OSPF

Your OSPF rule would look like this. The destination address will always be the OSPF routers themselves, as well as the multicast addresses of and

Create a workstation object of and call it OSPF-ALL.MCAST.NET

Create another workstation object of and call it OSPF-DSIG.MCAST.NET

Source Destination Service Action Track Install On
OSPF Routers + Firewalls OSPF-ALL.MCAST.NET
OSPF Routers + Firewalls
Accept Gateways


Like OSPF, IGRP runs on top of IP; IGRP is IP protocol 9. IGRP is a predefined service in the Security Gateway GUI. You should define a group of neighbor routers that participate in IGRP routing, and accept that service to the Security Gateway:

Source Destination Service Action Track Install On
Neighbors firewall IGRP Accept Gateways


BGP runs over TCP port 179. One TCP connection is opened for each BGP peer. Each peer must be allowed to send BGP messages over its connection to the Security Gateway. BGP peers should also be grouped together to allow them as a group with the following rule:

Source Destination Service Action Track Install On
BGP Accept Gateways


To Allow Sparse or Dense Mode PIM Traffic: Create a workstation object of and call it 'PIM.MCAST.NET'. PIM is a service that is not defined in the CheckPoint Security Gateway. Create a service using the Policy GUI Editor as 'Other' and call it 'PIM'. IP protocol should be set to 103. Leave the other values blank.

Then create the following rule at the very top of the rulebase:

Source Destination Service Action Track Install On
Accept Gateways

Push a new policy to Security Gateway modules once this is done.

Monday, June 25, 2012

Install Google Playstore on Pendo Pad 4.0 and rooting the device.

Coles selling the Pendo 7" Android Pad running Ice Cream Sandwich 4.03, however by default it does not come with Google Play Store. Rather it has the China "store" GetJar, which only have limited Apps available. In order to get the  Google Play store install on device. Firstly you have to root the device to gain root access.

1. Download unlockroot from :

2. Connect the device to a windows PC, install and run the program. Make sure window machine has the necessary driver to access android pad.

 If device driver is not available. Download and install the driver from:

Make sure set the android device to USB Debugging mode to allow the unlockroot to root the device:

Enable the USB debugging mode from :
Setting -> Developer Options -> USB debugging

Click on Root to root the device.

After that, install the google play store by downloading it and transfer it to SD card put it on the device.

Google Services Framework:

Google Play store: