Catatan Jaringan Komputer: Mei 2020

Jumat, 15 Mei 2020

Simple ACL in HP 5500

Simple Topology

Create acl on SW HP lantai 1

acl number 3120

rule 1 deny ip source 10.2.2.4 0 destination 10.1.1.5 0

2. Create packet-filter inbound in interface

interface Vlan-interface69

description ** Gateway Server A **

ip address 10.2.2.1 255.255.255.0

packet-filter 3120 inbound

Create simple ACL CISCO

Simple Topology

Create acl

example: create on branch router

access-list 100 remark Branch
access-list 100 permit ip 10.100.100.0 0.0.0.255 host 10.1.1.21
access-list 100 permit ip 10.100.100.0 0.0.0.255 host 10.1.1.22
access-list 100 deny ip any any

*Noted
ip address 10.100.100.x ( ip local user branch )
allow access to ip address 10.1.1.x ( ip server Datacenter )

2. Access group in

interface Vlan1
description **Gateway LAN Branch**
ip address 10.100.100.1 255.255.255.0
ip access-group 100 in

3. Access group out

interface Vlan69
description **Link to Datacenter**
ip address 10.40.8.59 255.255.255.248
ip access-group 100 out

Selasa, 12 Mei 2020

Inject SSL F5 Big IP

Inject SSL Virtual Server di F5 Big IP

Import file ssl ( 3 File )

File yang akan di Import ( Chain, Key, SSL )

Menu import SSL

Hasil Import pada menu “Certificate Management “

Create Profile SSL

Create profile client SSL pada menu “ Local Traffic-Profile-SSL-Client

Hasil create SSL pada menu “ Local Traffic-Profile-SSL"

Masukkan profil SSL yang telah dibuat pada Virtual server.

Masukkan SSL Profile yang sudah dibuat, pada menu SSL Profile.

Senin, 11 Mei 2020

Create Email Alert F5 Big IP

Enable Email Alert On F5 Big IP

1. Configure file user_alert.conf
- nano /config/user_alert.conf
example :
alert BIGIP_TMM_TMMERR_LAST_PMBR_DOWN {
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="Pool has no available pool members."
}

alert BIGIP_TMM_TMMERR_PMBR_BACK_UP {
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="Pool has available pool members."
}

alert BIGIP_MCPD_MCPDERR_VIRTUAL_UNAVAIL {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.136";
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="A virtual server has stopped processing traffic."
}

alert BIGIP_MCPD_MCPDERR_VIRTUAL_AVAIL {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.135";
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="A virtual server has resumed processing traffic."
}

alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.10";
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="A pool member node has status down."
}

alert BIGIP_MCPD_MCPDERR_POOL_MEMBER_MON_STATUS_UP {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.11";
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="A pool member node has status up."
}

alert BIGIP_MCPD_MCPDERR_NODE_ADDRESS_MON_STATUS {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.12";
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="A node address has status down."
}

alert BIGIP_MCPD_MCPDERR_NODE_ADDRESS_MON_STATUS_UP {
snmptrap OID=".1.3.6.1.4.1.3375.2.4.0.13";
email toaddress="paitjo@gmail.com"
fromaddress="admin"
body="A node address has status up."
}

2. Create SMTP Outbound
example:
tmsh modify sys outbound-smtp mailhub x.x.x.x:25 rewrite-domain paitjo.com

3 . Save Configuration
tmsh save sys config
tmsh restart sys service alertd

4. Test Alert Email
Example :
logger -p local0.notice "01070638:5: Pool /Common/pool_one member /Common/192.168.10.1:80 monitor status down."
logger -p local0.notice "01071682:5: SNMP_TRAP: Virtual /Common/vip_one has become unavailable"
logger -p local0.notice "01010028:3: No members available for pool /Common/pool_one"
logger -p local0.notice "01070727:5: Pool /Common/me member /Common/192.168.10.1:80 monitor status up."
logger -p local0.notice "01071681:5: SNMP_TRAP: Virtual /Common/vip_one has become available"
logger -p local0.notice "01010221:3: Pool /Common/pool_one now has available members"