Security   Security – Convert PFX to PEM using Windows or Linux



For certain application, a job partner asked me to send him certain certificate with private key in PEM format. Normally I’m using PFX format, but with a little help of the openssl toolkit converting PFX to PEM is quite easy.

Windows

openssl for windows can be downloaded here: http://gnuwin32.sourceforge.net/packages/openssl.htm
After extracting the contents, inside the bin subfolder the openssl … Read more

F5 BIG-IP icon   F5 BIGIP – Modify URI path using local traffic policy



Im using my F5 BIGIP (v13) as reverse proxy to publish some websites by using local traffic policies. But i need to perform a URL rewriting. To be specific, i need to strip a string from the URI path.

It could be done using an IRule:

when HTTP_REQUEST{
if { [string tolower [HTTP::uri] ] starts_with "/path1" } {
  HTTP::uri [string 
Read more

F5 BIG-IP icon   F5 BIG-IP – Rollback tmsh commands



Today a very short and simple post to learn how to rollback configurations performed via tmsh.
After executing some commands, if finally we need to undo those changes we can get it, at least, by the following ways:

    • In case of HA environment, the standby node configuration can be sync so that we set the active (changed) node to
Read more

F5 BIG-IP icon   F5 BIG-IP – Apply SNAT to client subnet or IP



In certain scenarios it can be interesting or necessary to apply SNAT only to certain client IPs when accesing a virtual server to  f.e. avoid assymetric routes, when the server gateway is not the F5… (take a look at this link for more examples).

These are the steps (im using BIG IP v13)…

Create a SNAT pool

I prefer the … Read more

EXCHANGE   Exchange – Setting automatic completion time for Mailbox Move Request



When performing mailbox migrations using the New-MoveRequest, the movement is performed online while the user is using the mailbox without suffering outage until the end.
Only when completing the movement there are some seconds during which the user mailbox is not online.

Thats the reason to use the parameter “SuspendWhenReadyToComplete“. It moves almost all the mailbox except the … Read more

F5 BIG-IP icon   F5 BIG-IP – Useful SNMP oids to monitor



I have collected some of the most interesting OIDs (in my scenario im using LTM and APM modules) from the F5 MIBS:

OIDs – System Data

Hardware sensors (fans, power supplies…), resource usage (cpu, mem…), sync status…
MIB: F5-BIGIP-SYSTEM-MIB (file F5-BIGIP-SYSTEM-MIB.txt)

Synchronization status messagesysCmSyncStatusSummary.1.3.6.1.4.1.3375.2.1.14.1.4
Failover statussysCmFailoverStatusStatus
.1.3.6.1.4.1.3375.2.1.14.3.2
Synchronization status colorsysCmSyncStatusColor
.1.3.6.1.4.1.3375.2.1.14.1.3
Power Supply statussysChassisPowerSupplyStatus
.1.3.6.1.4.1.3375.2.1.3.2.2.2.1.2
Read more

F5 BIG-IP icon   F5 BIG-IP – Automate backup of configuration files



I have recently installed and configured my 2 node F5 BIG-IP cluster as load-balancer and SSL-VPN portal. I have been ocasionally performing configuration backups, but now i need to schedule them regularly and automatically.

This article covers the ways to perform the backup of a BIG-IP system and automate them.

Manual backup

Web GUI

In the menu options: System – Read more

Linux   Linux – Running top command remotely (SSH)



Maybe you have tried to execute the top command to monitor processes on a remote host.

Error remotely – Run it in batch mode

If so, the following error can be returned:

$ ssh user@remotehost top -n1
TERM environment variable not set.

top does not work remotely in the default “interactive” mode. Use the “-b” parameter to run it in Read more

EXCHANGE   Exchange – Mailbox folders permissions to other users



A user asked me the way to grant permissions to other users to access to some of his mailbox folders. And for certain folder only read-only permissions.

Let’s suppose “testuser1” wants to allow accessing some folders to “testuser2”.

Permission configuration (Outlook)

First of all, “testuser2” must have “Reviewer” (read-only) permissions on the mailbox root
Exchange – Mailbox folders permissions to other users 1

Exchange – Mailbox folders permissions to other users 2

Then, configure the permission … Read more

Checkpoint   Checkpoint – dropped Reason: UDP packet that belongs to an old session



Problem

Last week I came across a DHCP problem. Devices from certain VLAN were not getting DHCP assigned IP.

Even though firewall policy should have accepted those packets, tcpdump showed Checkpoint gateway was not forwarding them to the destination.

To capture DHCP traffic:

# tcpdump -n -i <interface> port 67 or port 68 -e

Incoming interface DHCP tcpdump:

# tcpdump 
Read more