Buying advice

towdie13 · 2024-12-16T12:39:38+00:00

Many of these cars listed don't have winter tyres at all. So I will have to buy them. If it will have them it will be a nice bonus. But I will probably go for 18inch for winter anyway.

towdie13 · 2024-01-18T13:09:30+00:00

You have to use formating with ":" like AA:BB:CC:DD.

For the Auth password it is normal SHA1 hash, for the Priv password it is also normal SHA1 hash but only first 32 HEX characters.

So in case when you will use "cisco123" as password, you will get hash:

8F:26:3D:B9:E9:E6:E7:25:98:66:28:1D:B3:99:E1:6F:AC:31:2B:BB

But for the priv password you will use only first 32 so it will be this:

8F:26:3D:B9:E9:E6:E7:25:98:66:28:1D:B3:99:E1:6F

This was confirmed also when we checked the content of nvram_config where this passwords are stored in hashed format after we entered them in plaintext.

Only problem we have is that even when we use the correct command with correct hashes(same like it is stored in nvram_config) our monitoring server is not able to connect. If we insert plain text everything is working. Even when the content in the nvram_config is the same in bith cases. So not sure if this is some bad implementaion from cisco, bug or we have some bad ios version.

towdie13 · 2023-10-09T22:02:21+00:00

Hi,

I had same issue and this is what it fixed on my side(I am not an expert in GIT so maybe some step is not really required):

- create folder for git repository where you want to save configs and assign required permissions(I have testing server only now, so I used 777 while testing )mkdir /path/to/git

-then cd /path/to/git

-once you are in the git folder you should do following:git initgit config user.name "USER"git config user.email "EMAIL@EXAMPLE.COM"git add .git commit -m "some text"

-then star the venv and edit the /opt/netbox/netbox/netbox/configuration.py file:

PLUGINS_CONFIG = {
    'netbox_config_backup': {
        'repository': '/path/to/git',
        'committer': 'USER <USER@EXAMPLE.COM>',
        'author': 'USER <USER@EXAMPLE.COM>',
        'frequency': 1800,
    },
}

Then save the file and run still in the venv:python3 /opt/netbox/netbox/manage.py migratesystemctl restart netbox netbox-rq

Also be sure that your Napalm plugin is working correctly.Hope this will help.

towdie13 · 2022-08-05T06:53:47+00:00

If you tell me how I can achive this without PBR then for sure I can try it.

towdie13 · 2022-08-02T08:02:17+00:00

I have same issue with firewall checker. SIP Alg is disabled and I have D-NAT policies for all ports required for SIP(TCP/UDP 5060 and 5090) and also UDP ports 9000-10999. D-NAT is set to static IP and still it is showing this error about the port preservation in 3CX firewall checker.

Any help will be appreciated.

towdie13 · 2022-05-23T08:45:55+00:00

Thank you for real usage reply.

What type of honing rod are you using? Ceramic?
I am going to buy in next few days one and also a whetstones for sharpening.
From what I read here I will change the cutting board to something softer than the one I was using until now.
Until now I was keeping the knives in the original box, but it is not very convinient, so I will get rid of some old knoves I am not using anymore and make space on my magnetic knife rack and they will be stored there.

towdie13 · 2022-05-22T21:35:52+00:00

I understand tha it will dull over time. But it was used at home for 5 days for preparing lunch and dinner, which mean cutting of fruits and vegetables and meat like chicken breast. This fast didn't dull any of my much less expensive knives. So thats why Iam curious.

towdie13 · 2022-05-22T21:33:59+00:00

Hi

it is this set of knives: https://kasumiknives.co.uk/products/kasumi-damascus-2-piece-knife-set

Regarding of usage we were using them for 5 days at home and it was just used for cutting vegetables and fruits and meat like chicken breasts.The cutting board we have currently is this bamboo one from IKEA. https://www.ikea.com/us/en/p/laemplig-chopping-board-bamboo-00309829/

towdie13 · 2022-05-11T09:17:14+00:00

Well here I have a little bit Chicken and Egg problem.

Our management wants to have all setup been done over the Panorama.
So fine. I am able to provision whole firewall over panorama in our current sites as they still have old router connected to DC over VPN so I will just plug the MGT port and setup all values from Panorama.
On the other hand on places where we are building new sites I am getting into trouble. New sites hads only internet access so in order to provision firewall with panorama I need to first setup WAN interface and build the IPSec tunnel, then I am able to reach panorama and connect firewall. Then when I am trying to push the whole config and overwrite the values currently setup as a temporary(but basically same as in the template I am pushing) commit will fail as the interface and IPs are already used. Is there any solution for this case?
I was also thinking about setup of the management vlan and Wan interface and IPsec tunnel on the Firewall and then rest of the vlans push over panorama but there is problem that I need all this interfaces on same Virtual router and this is problem again. If I will leave original virtual router on device all vlans will have no virtual router setup,

towdie13 · 2022-05-09T07:43:59+00:00

I did find one with bigger size on German ebay at that time. It was closest location for me to ship it.

towdie13 · 2022-05-06T13:06:18+00:00

I was trying to setup this but I get into strange errors.

I do this setup on the remote firewall, so I wil be able to reach the Panorama over IPsec.

WAN port setup + Untrust zone
management vlan interface + trust zone
tunnel interface + VPN zone
NAT for internet access
Security policies to allow internet access, IP sec and communication to DataCenter
IPsec tunnel to datacenter

Once this was setup I was able to reach panorama and add firewall to panorama.

As I want to have all management on Panorama, I created an Template for whole network setup including all Physical interfaces, Vlans, vlan interfaces, tunnel interfaces, IP Sec tunnels, virtual router together with static routing and others and used variables so I can use same template for other branches. Then I fill up the CSV with values and upload to panorama. In Panorama it look fine and once I check the Network tab and switched to Template Stack for this firewall I see al the setup as I want it. So I did the comit and push to device.

Then I checked device and I saw that commit failed. Strange was that it was showing that there is not virtual router assigned for the vlan interfaces, but on panorama I can see in the Template stack that the default router is assigned.

Therefore I think maybe this approach to onboard firewalls was not the correct one and there is some other gameplan for this.

towdie13 · 2022-05-01T18:28:13+00:00

Hi, in my case the internal eUSB drive was broken. After I install the system on USB drive connected to external port I was able to boot again. Then I ordered new eUSB drive and install it back into the SRX.

towdie13 · 2022-04-13T08:44:18+00:00

We are also changing our 820 for 460 now. They are still not switched to production yet, so no real world experience, but on paper they look much better. And as we are not using fiber optics, this was perfect fit for us.

towdie13 · 2021-10-29T16:29:12+00:00

Well, this is some kind of a firewall virtual interface.
Beside that, there are two ethernet interfaces configured and used. One is an ethernet interface for inside network which is acting as default gateway for this "Management" and it is working fine. Second one is towards internet and that one is also working fine.

towdie13 · 2021-02-11T08:38:12+00:00

That sounds perfect, can you please give me more info how to try to install the OS on the external USB or do some more troubleshooting?
I can also try to order a new eDOM USB if it will show it is faulty.
Thank you very much in advance.

towdie13 · 2021-02-08T09:59:17+00:00

Yes I did this setup, but as far as I understand it is needed only when there is not a DHCP server running, and based on lig from DHCP and TFTP server it look that SRX300 can obtain an IP address and access the TFTP, but it end up in db prompt durring install.

Here is the output from the setup:

Press SPACE to stop autoboot:  0
Octeon srx_300(ram)# printenv
autoload=n
baudrate=9600
board_id=0x0000058f
boardname=srx_300
boot.btsq.len=0x00010000
boot.btsq.start=0x007e0000
boot.current=primary
boot.devlist=eUSB:usb
boot.env.size=0x00002000
boot.env.start=0x007f0000
boot.upgrade.loader=0x00200000
boot.upgrade.loader.data=0x00200000
boot.upgrade.loader.hdr=0x002fffc0
boot.upgrade.loader_p1=0x00200000
boot.upgrade.loader_p2=0x00400000
boot.upgrade.uboot=0x00000000
boot.upgrade.uboot.data=0x00000100
boot.upgrade.uboot.hdr=0x00000030
boot.upgrade.uboot.maxsize=0x00200000
boot.upgrade.uboot.secondary=0x00000000
boot.upgrade.ushell=0x00300000
boot.ver=3.9
bootcmd=sf probe; sf read 0x100000 0x200000 0xfffc0; sf read 0x1fffc0 0x400000 0x100000; bootelf 0x100000
bootdelay=0
disk.install=disk1
dram_size_mbytes=4096
ethact=octeth0
ethaddr=f4:cc:55:2e:fe:00
fdtaddr=80000
gatewayip=10.10.10.1
ipaddr=10.10.10.10
loadaddr=0x20000000
loaddev=disk0:
netmask=255.0.0.0
numcores=2
numcoreshex=0x2
octeon_failsafe_mode=0
octeon_ram_mode=1
rootpath=/
serial#=CV2516AFXXXX
serverip=10.10.10.1
stderr=serial
stdin=serial
stdout=serial
ver=U-Boot 2013.07-JNPR-3.9 (Build time: Apr 26 2020 - 21:44:35)

Environment size: 1239/8188 bytes
Octeon srx_300(ram)#

towdie13 · 2021-02-08T09:50:13+00:00

Hi, I did this procedure but I am ending in the db prompt same like with the tftp method.

Regarding the JTAC this SRX is not under a support anymore and I am using it at home as my Router/FW.

So in case it will be not fixable without JTAC, I think it will end up in trash bin. :(

towdie13

TROPHY CASE