net-snmp-users — General discussion of the project (Please use this OR -coders, NOT both!)

Option -t not working net-snmp 5.8

[Kuchenmann <kuc...@vo...>]

Hello,

I'm using net-snmp 5.8 on Rocky Linux 8.10.
But the Timeout Option -t is not working.
Always waits approx. 60 seconds until timeout when no response to
snmpwalk or snmpget.

Any suggestions?

Thanks.

List of InfoComm Technology (ICT) Projects/Jobs/Tasks/Assignments Completed by Teo En Ming between 15 Jun 2020 and 5 Jul 2024 (spanning 4 years)

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: List of InfoComm Technology (ICT) Projects/Jobs/Tasks/Assignments Completed by Teo En Ming between 15 Jun 2020 and 5 Jul 2024 (spanning 4 years)

Good day from Singapore,

Section A: Teo En Ming's Projects, Mini Projects, Jobs, Tasks, Assignments
==============================================================================

Company #
=========

Reconfiguration of Fortigate 201F firewall due to major VLAN changes (using SD-WAN)

I have successfully installed Godaddy Wildcard SSL Certificate for 2 years in Fortigate 201F firewall on 20 Oct 2022 Thursday

I have 100% successfully installed Godaddy Wildcard SSL certificate in UniFi Cloud Key Gen 2 Plus on 26 Oct 2022 Wednesday from 5 PM to 6 PM

I have successfully installed Godaddy Wildcard SSL certificate in 9 units of Hikvision DS-K1TA70MI-T / DS-K1T341AMF Face Recognition Terminal Door Access Systems on 27 Oct 2022 Thursday

Successfully added Jumpcloud LDAP server in Fortigate 201F firewall on 8 Nov 2022 Tues

I have successfully instructed client to connect LAN cable from patch panel port D062 to port 7 on the Fortigate 201F firewall on 29 Apr 2024 Mon, now both Hikvision door face scanners 192.168.150.4 and 192.168.150.5 are accessible (web interface).

Company A1
==========

Setup about 10 laptops there + always go there for network and PBX/IP phone troubleshooting

Company A2
==========

Configured Aztech DSL1015EW(S) Wireless Router as spare

Company A3
==========

I have successfully reconfigured Fortigate 80F firewall remotely for a company at Goldhill Plaza on 7 May 2024 Tuesday after my colleague Dennis factory resets it onsite. Another reason for the reconfiguration is because the HPE MSR900 router has failed.

Company A4
===========

I have configured UniFi Cloud Key Gen2 Plus, USW-16-PoE network switch, and U6-Pro access points for a dental company at 111 Somerset on 21 May 2024 Tuesday but not deployed yet

I have successfully configured UniFi Cloud Key Gen2 Plus, USW-16-PoE network switch, and U6-Pro access points for a dental company at 111 Somerset on 21 May 2024 Tuesday, and my colleague Kenneth has deployed all the devices at customer site on 23 May 2024 Thursday

Company B1
===========

I have successfully configured SD-WAN in Fortigate 200F firewall for a wireless router distributor in Singapore on 10 May 2024 Friday 5.45 PM to 9.00 PM

Company B2
===========

Added a domain to Active Directory

Company B3
=============

Migration of standalone M1 network switch and 7 wireless access points to their existing infrastructure
Relocate their M1 ONT to WAN2 on Fortigate firewall
Configure Fortigate 90D firewall for WAN redundancy
Assist in setting up Fuji Xerox printer with Fujifilm vendor

DHCP server run out of IP addresses, solved the problem by expanding DHCP pool and reducing lease time from 8 hours to 4 hours

I have successfully configured Aruba 7010 wireless controller, Aruba 6000 48G CL4 4SFP network switch and Fortigate 200F firewall with VLANs 1 and 99 (Guest Wi-Fi) and VLAN trunks for a food company at Elementum building on 4 Apr 2024 Thursday

I have solved the problem where office LAN and Wi-Fi users could not access a German website by disabling an erroneous static route in the Fortigate 200F firewall on 12 Apr 2024 Friday

Company B4
==========

I have successfully migrated Fortigate 90D firewall to Fortigate 60F firewall for a precision engineering company at Ang Mo Kio Industrial Park 2A on 18 May 2023 Thursday

I have successfully solved Linkus softphone no audio issue during calls for Yeastar S20 PBX behind Fortigate 60F firewall for a German company in Singapore on 7 Oct 2023 Sat 3.00 AM

Company B5
==========

I have successfully installed new SSL certificate in Microsoft Exchange server 2013 CU 23 for a hotel chain in Indonesia on 25 Sep 2023 Monday

Company B6
===========

Upgraded firmware for various network devices:

Cisco SG550X-48P network switch (successful)
Cisco SG300-28P network switch (successful)
Asus RT-AC68U wireless router (successful)
Aruba 7005 wireless controller (unsuccessful)
UniFi USW-48P-750 network switch (successful)
Sophos XG210 firewall (successful)

Setup PRTG Network Monitor to monitor the bandwidth usage of Sophos XG210 Firewall

Enable SNMP and add sensors in PRTG Network Monitor for Cisco SG550X-48MP Network Switch

Enable SNMPV3 and add sensors in PRTG Network Monitor for Aruba 7005 Wireless Controller

I have successfully enabled SNMP and add sensor in PRTG Network Monitor for CalnCall SBC25 PBX on 5 Apr 2022 Tuesday

I have successfully exported configuration of UniFi US-48-750W network switch on 25 Apr 2022 Monday

I have successfully upgraded the firmware of Cisco SG550X-48MP network switch from version 2.5.5.47 to version 2.5.8.15 on 25 Apr 2022 Mon

I have successfully upgraded firmware of Aruba 7005 wireless controller from version 6.5.4.23 to 8.9.0.3, perform factory reset, and successfully setup and configured ArubaOS 8.9.0.3 for Aruba 7005 wireless controller from scratch on 22 Sep 2022 Thursday from 1 PM to 3 PM (2 hrs)

I have successfully re-deployed PRTG Network Monitor on a new server, added network devices and created sensors for these network devices on 9 Mar 2023 Thurs

I have successfully upgraded the firmware of Ruckus ICX 7150 Campus Network Switch from version 10 Dec 2021 to version 11 Apr 2023 for a company at Novena Medical Specialist Center Singapore on 8 Jun 2023 Thursday

I have successfully upgraded Ruckus R320 wireless access point to latest Unleashed firmware and configured WLAN from scratch and got everything working on 23 June 2023 Friday

Transferred running-config from Ruckus ICX 7150 network switch to TFTP server on 3 Jul 2023 Mon

I have successfully upgraded the firmware of Ruckus ICX-7150 24-port network switch using TFTP for an organization at Novena Medical Specialist Centre on 17 Jul 2023 Monday.

I have successfully configured brand new replacement slave/passive Sophos XGS2100 firewall and HA cluster for both units of Sophos XGS2100 firewalls with successful failover testing for a medical organization at Novena Specialist Center on 24 Nov 2023 Friday 12 noon to 3 PM

I have successfully configured MFA 2FA for SSL VPN in Sophos XGS2100 Firewall for a medical company at Novena Specialist Center on 25 Apr 2024 Thursday

I have successfully changed Ruckus R320 wireless access point from VLAN 1 to VLAN 20 for a medical organization at Novena Specialist Center on 28 Jun 2024 Friday

Company C1
==========

I have successfully migrated from old Fortigate 90D firewall to brand new Fortigate 80F firewall for a F&B chain in Singapore on 14 Mar 2023 Tuesday

Company C2
===========

Setup 2 units of Dell Latitude 5424 Rugged Laptops with Windows 7 Pro (needs hacking)

Company D
=========

I have successfully installed new SSL certificate on Exchange 2010 email server for a dental company in Singapore on 8 Jan 2024 Mon

I have successfully installed and configured 3rd party open source DKIM signer on Exchange 2010 email server for a dental company on 11 Jan 2024 Thursday

Summary of the tasks I have done for client, in sequence, spending many hours

[1] Installed and configured 3rd party open source DKIM Signer in Exchange 2010 email server

[2] Changed PUBLIC IP address of Exchange 2010 email server by modifying Port Forwarding and Source NAT settings in Draytek Router and also changing MX and numerous A DNS records

[3] Created new send connector in Exchange 2010 email server to use SMART HOST, as instructed by boss

[4] Created DKIM and DMARC records.

[5] Modified SPF record.

Company E1
==========

I have successfully migrated UDM Pro firewall to Fortigate 80F firewall for a company at Bedok Food City on 26 May 2023 Friday

Company E2
==========

Configure Fortigate 80C firewall and assist in their office relocation

Company E3
==========

Created user shared folders in Windows Server Domain Controller and disabled inheritance in user shared folders. Configured Cobian Backup 11 Gravity to backup all users to the user shared folders on the DC.

Company E4
==========

Assisted Shaun to add DNS records in CloudFlare DNS Management on 26 Jun 2023 Monday

Company E5
==========

I have successfully mounted iSCSI Targets from Synology NAS in Debian 11 Linux server for a construction company in Singapore on 10 Feb 2023 Fri

Company F1
============

Setup Fortigate 80F firewall
Convert Asus RT-AX88U wireless router to access point

Company F2
==========

Replace 2 harddisks in Drobo NAS (assisted by Jana)
Configure their Fortigate 90D firewall for their 2nd internet line (SPTEL ISP) (WAN2)
Setup Aruba Instant ON AP22 access point
Upgrade iMac for their boss from macOS High Sierra to macOS Monterey
Erase and reinstall macOS

I have configured SD-WAN in Fortigate 101F firewall for a company at Balmoral Plaza on 15 May 2024 Wed but not tested working yet

I have successfully configured SD-WAN in Fortigate 101F firewall for a company at Balmoral Plaza on 16 May 2024 Thursday, without the IPsec site to site VPN tunnel

I have successfully configured SD-WAN in Fortigate 101F firewall for a company at Balmoral Plaza on 17 May 2024 Friday, TOGETHER with IPsec site-to-site VPN tunnel configured successfully as well

Company F3
==========

I have identified and resolved IP address conflicts and solved SAP server unreachable over the Fortigate site to site IPsec VPN tunnel on 3 Nov 2022 Thursday.

I have configured new Fortigate 60F firewall on 25 Apr 2023 Tuesday.

I have successfully migrated Fortigate 90D firewall to Fortigate 60F firewall for a customer near Stevens MRT on 28 Apr 2023 Friday

Company F4
===========

Attended to severe water leakage in their server room due to extremely heavy rain over 3 days

I have successfully migrated Veritas Backup Exec Server 21.1 from Old Server to New Server using the Manual method, instead of using Backup Exec Migration Assistant, for an engineering company that previously had water leakage in their server room, on 18 July 2023 Tuesday

Company F5
==========

Setup Fortigate 60F firewall (with Jordon)

Company F6
==========

I have successfully migrated ASUS RT-AX56U wireless router to Fortigate 60F firewall for a company at Royal Group Building Raffles Place on 25 May 2023 Thursday

Company G (onsite with Shaun)
===============================

Relocate existing infrastructure to new 27U server rack
Setup UniFi 24port 250W POE switch with UniFi Network Controller
Setup Grandstream GWN7000 wireless controller
Setup 2x Grandstream GWN7630 access points
Install and configure Acronis Cyber Backup 15 Server Standard

Company H
=========

I have successfully migrated Singtel Mesh Router (SME) to Fortigate 60F for a medical company at Yishun Industrial Park A on 5 May 2023 Friday

Company J1
==========

Setup SSL VPN in Cisco ASA 5506-X Firewall with Duo
Renew and install SSL certificates for Cisco ASA firewall SSL VPN
Setup Fortigate 60F firewall with SSL VPN and Duo (with Jordon)
Setup no-ip auto renewal script (Python programming involved) in Debian Linux virtual machine

Company J2
==========

Formatted Fortigate 80E firewall, installed latest firmware image version 7.0.3 and restored from latest config file backup

Company J3
===========

I have successfully setup and configured Tp-link Archer AX72 AX5400 WI-FI 6 Wireless Router on 29 Aug 2022 Mon

Company K1
==========

I have successfully migrated Fortigate 60E firewall to Fortigate 60F firewall for a company at Link @ AMK on 24 Apr 2023 Mon, using export and import configuration

Company K2
==========

I have successfully switched from WAN1 to WAN2, modified Virtual IPs and firewall rules, and reconfigured IPsec site to site VPN tunnel in Fortigate 80F firewall for a company at AMK Techplace 2 on 4 Jun 2024 Tue

Company K3
==========

I have successfully switched from Singtel ISP to StarHub ISP PPPoE (WAN1) in Fortigate 60E firewall for a TCM company at Shun Li Industrial Park on 27 Mar 2024 Wed

I have converted Linksys Velop MX2000 Wi-Fi router to Bridged Mode for a TCM company at Shun Li Industrial Park on 27 Mar 2024 Wed

Company M
==========

Setup 1x Aruba Instant On 1930 24G 4SFP/SFP+ JL682A Switch (GUI)
Setup HPE Aruba 2530-24 network switch (Command Line Only)

I have successfully completed disaster recovery for an engineering company in Woodlands Singapore using Veritas Backup Exec 22 Server on 23 Feb 2023 Thursday, initial data restore operation started on 21 Feb 2023 Tuesday, includes setting up new Windows Server 2022 Standard Domain Controller

Migrate from Fortigate 60D to Fortigate 60F - this project has been reassigned to Dennis from New York City by Kok Keong. Teo En Ming will not be doing this project any more.

Company N
==========

Discovered that Windows Server 2016 Datacenter (aka Windows Terminal Server) EC2 instance in Amazon AWS Cloud was shutdown at 1.35 PM on 7 July 2023 Friday. I have powered it on again at about 3.34 PM. The EC2 instance has 16 core Intel Xeon Platinum processor with 64 GB of RAM (I think). There is a total of 4 EC2 instances, with 3 running Windows Server and the last one running Linux/UNIX. The last EC2 instance is a SAP HANA Database running on SLES.

Company O1
==========

I have configured brand new Fortigate 200F firewall for a wine company in Singapore on 13 Apr 2023 Thu, pending swing over on 29 Apr 2023 Sat

Company O2
==========

I have successfully configured and deployed UniFi Cloud Key Gen 2 Plus for a mining company at SingPost Centre on 23 Mar 2024 Saturday

Company P1
==========

I have successfully added secondary email domain in Google Workspace for an engineering company at Goldhill Plaza on 8 Jan 2024 Mon

I have successfully added SPF and DKIM DNS records for Google Workspace for an engineering company at Goldhill Plaza on 9 Jan 2024 Tue

I have successfully performed email migration (Google-hosted) from old domain name to new domain name for an engineering company at Goldhill Plaza on 11 Jan 2024 Thursday

Company P2
==========

Discovered mistakes/misconfiguration in network interfaces and made corrections to the new Fortigate 101F firewall on 20 Apr 2023 Thu. Originally configured by Seng Jian and Danial. Haven't swing over yet.

I have made extensive corrections to the new Fortigate 101F firewall (due to misconfiguration) and managed to get it up and operational for a Spanish company on 2 May 2023 Tue

Company R
==========

Solved Sangoma FreePBX Asterisk VoIP IP PBX SIP ISDN Phone Line is Down Issue

Regarding Sangoma FreePBX Phone System 60 hardware appliance, I have assisted to boot Red Hat SHMZ 6.6 OS into Single User Mode and repair the ext4 filesystem on /dev/sda2 using fsck on 5 Jul 2023 Wed

I have successfully identified short circuit on cables connected to switch ports gi1 and gi2 on Cisco SG300-28PP network switch using "test cable-diagnostics tdr interface" CLI command for a company at High Street Center on 21 Jun 2024 Friday afternoon

Company S1
==========

I have successfully setup the 1st Fortigate 101F firewall for a nursing home at Serangoon Singapore on 16 Mar 2023 Thursday

I have successfully configured High Availability (HA) cluster and SD-WAN for 2 Fortigate 101F firewalls for a nursing home at Serangoon on 9 May 2023 Tue, using 3 Aruba Instant On 1830 8G network switches

Company S2
==========

I have successfully migrated Fortigate 100D firewall to Fortigate 200F firewall for a school at Suntec City Tower 2 on 24 Jun 2023 Saturday

Company S3
==========

Disabled Duo 2FA in Windows Server 2012

Reset password for 3 admin users (with 2FA) in Fortigate 200D firewall

Install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO (not successful as of 29 Apr 2022 Fri)

Install Cisco Duo Security 2FA MFA in Windows Server using Active Directory Group Policy Objects GPO (SUCCESSFUL as of 4 May 2022 Wed)

Aruba Clearpass Policy Manager shows users cannot connect to Wi-Fi: login failed and time out to RADIUS server, solved the problem by rebooting all 21 Aruba wireless access points

I have successfully installed RADIUS/EAP SSL certificate in Aruba ClearPass Policy Manager for a company at Upper Jurong Road on 25 Mar 2024 Monday

Problem: Laptop cannot connect to Aruba ClearPass Policy Manager with Error Code 216.
Reason: Domain Controller rejects laptop. Access is denied.
Solution: I have advised user to re-image his laptop on 14 May 2024 Tue. Problem solved.

I have successfully installed and configured Cisco Duo 2FA MFA Authentication for 3 Windows Servers for a company at Upper Jurong Road on 27 May 2024 Monday

Company S4
==========

I have successfully setup Fortigate 101F firewall for an engineering company at Penjuru Place Singapore on 8 Mar 2023 Wed

Company S5
===========

Setup new server (Windows Server 2019 Standard) as 2nd domain controller
Robocopy shared folders from old server to new server
Install and configure StorageCraft ShadowProtect SPX 7.0.2 in their new server

Company S6
==========

Upgraded MacBook Pro of Irene Ng from macOS El Capitan to macOS Big Sur

Company S7
===========

I have started migrating Fortigate 100D to Fortigate 101F for an electronics company at New Industrial Road on 11 May 2023 Thu

I have successfully migrated Fortigate 100D to Fortigate 101F for an electronics company at New Industrial Road on 15 May 2023 Mon

Successfully configured portforwarding to SAP Server on SAP Development server by adding 1 IP pool with associated firewall rule, making adjustmeents to 4 Virtual IPs, and added 4 portforwarding rules on Fortigate firewall on 19 Sep 2023 Tue

Internal network and servers cannot access their new company website with new ip address. Problem solved by restarting Windows DNS Server in Domain Controller 192.168.8.11. 6 May 2024 Monday.

Company T1
===========

I have configured new Fortigate 80F firewall on 26 Apr 2023 Wed

I have successfully migrated Fortigate 90D firewall to Fortigate 80F firewall for a company at Pioneer Road on 3 May 2023 Wed

Company T2
===========

Renew and install SSL Certificates for Webmin, Apache webserver, Postfix and Dovecot

Company T3
==========

Setup 2x CentOS 7.9 Linux Servers for their cPanel (with Danial)

I have successfully cloned CentOS 7.9 Linux Server with cPanel web hosting control panel to Synology NAS using Clonezilla for a construction company in Singapore on 23 Jan 2024 Tue

Company T4
==========

Migrate WordPress Website on Apache Web Server from 32-bit CentOS Linux 6.3 to 64-bit CentOS Linux 8.2 (2004)
Setup Synology RackStation RS1221+ NAS (with David Aw)
Setup 20 laptops and desktops there
Generated CSR for Exchange Server, Signed CSR using AD CS, and installed SSL certificate in Exchange server

I have successfully installed datto RMM Linux Agent on CentOS 8 Linux Server on 11 Oct 2023 Wednesday

Company T5
==========

Installed SSL certificate in PaperCut Application Server

I have successfully installed SSL certificate for PaperCut Application Server for a company at Chinatown Singapore on 2 May 2023 Tuesday

I have successfully migrated old MacBook Air to new MacBook Air (macOS Ventura 13.0) using Migration Assistant for user Gattie at a company in Chinatown on 11 May 2023 Thu

Troubleshooting why Grandstream UCM6510 PBX cannot be pinged and Web UI cannot be accessed on 6 Jun 2023 Tue, no conclusion yet

Company V1 (onsite with Shaun)
==============================

Setup Fortigate 100F firewall
Setup Synology DS220+ NAS
Reconfigure Cisco C1111-4P Router from NAT mode to non-NAT mode (perform password reset first)

I have successfully setup Synology DS220+ NAS for a company in Tuas, Singapore on 19 Aug 2022 Friday.
This also includes configuring and enabling SSL VPN in the Fortigate firewall and its related firewall policy.

Successfully configured Bypass Authentication in Exchange server Receive Connector to send email alerts from IBM Server IMM on 10 Nov 2022 Thu

I have successfully configured SD-WAN in Fortigate 100F firewall for an engineering company at Tuas Crescent which has both Singtel and SPtel ISPs (WAN1 and WAN2) on 26 Mar 2024 Tuesday

Company V2
==========

Migrate from old Fortigate 60F firewall to brand new Fortigate 80F firewall

Company V3 (law firm)
======================

Setup TP-Link AC1900 (Archer C80) Wireless Router in Access Point mode

I have solved the problem of IPsec site-to-site VPN tunnel going down between distant Fortigate firewalls for a law firm in Singapore on 9 Mar 2023 Thurs

Started configuring Fortigate 200F firewall on 20 Apr 2023 Thu, still work in progress as of 21 Apr 2023 Friday.

I have successfully migrated Fortigate 200D firewall to Fortigate 200F firewall for a law firm at Bugis on 6 May 2023 Saturday

I have successfully restored Veeam backup of Windows Server 2008 R2 Standard 64-bit in VMware Workstation 17 Pro in IBM System x3650 M4 server with Windows Server 2016 Standard for a law firm in Singapore on 19 Sep 2023 Tuesday

RAID 1 virtual drive is missing. A Foreign Configuration was created by the RAID controller. I have imported the Foreign Configuration and solved the problem for the law firm. Windows Server is able to start successfully. 8 Jan 2024 Monday.

I have successfully created RAID 1 array with 2 pcs of replacement 300 GB SAS harddisks, installed and configured Samba as a File Server on Debian 11 Linux Server in Data Center, and performed data recovery using Veeam Recovery Media accessing the File Server for a law firm in Singapore on 24 Jan 2024 Wed

I have successfully installed new self-signed SSL certificate on Suprema BioStar 2 Door Access System for a law firm in Singapore on 7 Mar 2024 Thursday

Company V4
==========

Setup 2x CentOS 7.9 Linux Servers with NIC bonding for their data center (with Jun Cheng)
Setup Synology Rackstation RS820+ NAS

Company W1
===========

Configure Cisco Catalyst 1000 network switch model Cisco-C1000-8P-2G-L (using Command Line)
Setup Grandstream GWN7000 wireless controller
Setup 6x Grandstream GWN7630 wireless access points

Company W2
=============

I have successfully generated CSR using Exchange Management Shell cmdlet, signed the CSR using Windows Server Certification Authority and imported the generated certificate into Microsoft Exchange for a German company in Singapore on 19 Mar 2024 Tuesday

Company W3
==========

I have started and completed configuring new Fortigate 80F firewall for a transport company at Tuas Ave 9 on the same day of 12 May 2023 Friday

I have successfully migrated Fortigate 100D firewall to Fortigate 80F firewall for a logistics company at Tuas Ave 9 on 19 May 2023 Friday

Company Y
==========

I have provided advice to my colleague Yuhaimi concerning the Supermicro GPU SuperServer SYS-821GE-TNHR with Red Hat Enterprise Linux 9.3 installed in the data center on 11 Jun 2024 Tuesday. Failed to open \EFI\redhat\grubx64.efi - Not Found

Forgot the company name
========================

Configure Veeam Backup

For several companies
=====================

Install Ubuntu Linux virtual machine, install nmap, and download nmap nse plugins to scan for log4j security vulnerabilities.

Fortigate Firewalls Hardening Project (based on hardening template from boss)
===============================================================================

Milestone 1: I have completed hardening 30 Fortigate firewalls as of 16 Jun 2023 Friday

I have completed hardening 31 Fortigate firewalls AFTER 16 Jun 2023 Friday

===EOF1===

Section B: List of companies for which Teo En Ming has *configured* Fortigate firewalls (Update 5 Jul 2024)
=============================================================================================================

[01] Company V - migrate from IPCOP Linux firewall to Fortigate 100F - already deployed on 5 Nov 2021 (based on config backup date)

[02] Company J - migrate from Cisco ASA 5506-X to Fortigate 60F - already deployed on 5 Jul 2021 (based on registration date)

[03] Company F - migrate from ??? to Fortigate 60F - already deployed on 22 Jul 2021 (based on config backup date)

[04] Company F - migrate from Asus RT-AX88U wireless router to Fortigate 80F - already deployed on 3 Jan 2021 (according to Helen Lim)

[05] Company V - migrate from Fortigate 60F to Fortigate 80F - already deployed on 21 Jan 2022 (based on config backup date) (export and import configuration)

[06] Company S - migrate from Asus RT-AX88U wireless router to Fortigate 101F - already deployed on 8 Mar 2023 Wed

[07] Company C - migrate from Fortigate 90D to Fortigate 80F - already deployed on 14 Mar 2023 Tues

[08] Company S - migrate from D-link DIR-868L wireless router to Fortigate 101F - already deployed on 16 Mar 2023 Thu (1st out of 2 units)

I have successfully configured High Availability (HA) cluster and SD-WAN for 2 Fortigate 101F firewalls for a nursing home at Serangoon on 9 May 2023 Tue, using 3 Aruba Instant On 1830 8G network switches

All outstanding issues with the HA Cluster, SD-WAN and failover have FINALLY been resolved with my onsite visit on 30 Jun 2023 Friday.

[09] Company O - migrate from Fortigate 200D to Fortigate 200F - Danial onsite on 13 Apr 2023 Thu, postponed 1st time to 29 Apr 2023 Sat, postponed 2nd time to 27 May 2023 Sat, postponed 3rd time to 3 Jun 2023 Sat, already deployed on 3 Jun 2023 Saturday

Kok Keong and Dennis went onsite on 3 Jun 2023 Saturday to deploy the new firewall (FINALLY after being postponed 3 times).
Kok Keong discovered that Port 23 (WAN1) on the new firewall is a SFP port.

When I configured the new Fortigate 200F firewall from scratch on 13 Apr 2023, I did not realize that port 23 (WAN1) is a SFP port. This is because I did not have the chance to see the physical firewall for myself. I have only looked at the PHOTO of the new Fortigate 200F firewall appliance briefly.

The following are the FEW changes that Kok Keong has made as of 3 Jun 2023 Sat:-

Kok Keong changed WAN1 from Port 23 to Port 15 on the new firewall, did not configure WAN2, removed SD-WAN configuration and finally changed Port 23 to Port 15 in firewall rules concerning/relating to WAN1 only.

The new Fortigate 200F firewall went fully operational on 3 Jun 2023 Sat.

[10] Company K - migrate from Fortigate 60E to Fortigate 60F - already deployed on 24 Apr 2023 Mon (export and import configuration)

[11] Company V (law firm) - migrate from Fortigate 200D to Fortigate 200F - already deployed on 6 May 2023 Saturday

[12] Company F - migrate from Fortigate 90D to Fortigate 60F - already deployed on 28 Apr 2023 Friday

[13] Company T - migrate from Fortigate 90D to Fortigate 80F - already deployed on 3 May 2023 Wed

[14] Company H - migrate from Singtel Mesh Router (SME) to Fortigate 60F - already deployed on 5 May 2023 Friday

[15] Company S - migrate from Fortigate 100D to Fortigate 101F - already deployed on 15 May 2023 Monday

[16] Company W - migrate from Fortigate 100D to Fortigate 80F - already deployed on 19 May 2023 Friday

[17] Company B - migrate from Fortigate 90D to Fortigate 60F - already deployed on 18 May 2023 Thursday

[18] Company F - migrate from ASUS RT-AX56U wireless router to Fortigate 60F - already deployed on 25 May 2023 Thursday

[19] Company E - migrate from UDM Pro firewall to Fortigate 80F - already deployed on 26 May 2023 Friday

[20] Company S - migrate from 2 units of Fortigate 100D to 2 units of Fortigate 200F (1 active, 1 spare) - 1st day of setup on 19 June 2023 Monday, 2nd day of setup on 20 Jun 2023 Tuesday, already deployed on 24 Jun 2023 Saturday

[21] Company J - TO BE CONFIRMED

[22] Company T (law firm) - migrate from 2 units of Sophos SG310 to 2 units of Fortigate 200F in HA cluster mode - TO BE CONFIRMED

===EOF2===

Section C: List of Firewall Migration Projects *NOT* Handled by Teo En Ming
===========================================================================

[01] Company P - configured by Seng Jian and Danial. Corrections were made by Teo En Ming and the firewall went operational.

[02] Company T - configured by Danial and Kok Keong. Teo En Ming is NOT involved in this project at all.

[03] Company M - migrate from Fortigate 60D to Fortigate 60F - handled by Dennis. Teo En Ming is NOT involved in this project at all.

[04] Company S - transfer of ownership of Fortigate 81E from one vendor to owner, no new Fortigate firewall purchased - NOTHING TO DO AT ALL

[05] Company I - migrate from Fortigate 90D to Fortigate 60F - handled by Dennis. Teo En Ming is NOT involved in this project at all.

[06] Company G - migrate from Fortigate 60D to Fortigate 60F - handled by Dennis. Deployment date not recorded. Teo En Ming is NOT involved at all.

[07] Company T - migrate from Fortigate 90D to Fortigate 80F - Handled by Dennis. Deployed on 25 Aug 2023 Friday. Teo En Ming is NOT involved at all.

[08] Company T - migrate from Fortigate 90E to Fortigate 101F - handled by Kok Keong, Yuhaimi understudy only. Deployed on 9 Sep 2023 Sat. Teo En Ming is NOT involved at all.

[09] Company M - setup Fortigate 80F - handled by Danial. Teo En Ming is NOT involved at all.

[10] Company C - setup Fortigate 101F firewall - handled by Danial.

[11] Company H - setup Fortigate 40F firewall - handled by Kelvin Lai.

[12] Company A - setup Fortigate 60F firewall on 6 Jun 2024 Thursday - handled by Kenneth from Malaysia

[13] Company W - Dennis to deploy Fortigate 40F firewall on 26 Jun 2024 Wed - handled by Dennis

[14] Company V warehouse - Kenneth Tan to deploy Fortigate 80F firewall on 5 July 2024 Friday - handled by Kenneth Tan


===EOF3===

Section D: Teo En Ming Provide Training/Guidance to Colleagues
===============================================================

[01] Company M - I have provided guidance to Danial on setting up Fortigate 80F firewall for a precision engineering company in Singapore on 26 Sep 2023 Tue

[02] Company C - I have provided guidance to Danial on setting up Fortigate 101F firewall for a precision engineering company in Singapore on 20 Oct 2023 Friday. I have also successfully created IPsec site to site VPN tunnel between Company C and Company M Fortigate firewalls using the VPN Wizard. It is not necessary to convert to a Custom tunnel.

[03] Company H - Teo En Ming provided guidance to Danial on setting up Fortigate 100F firewall on 19 Jan 2024 Friday

===EOF4===

Section E: List of Fortigate SD-WAN Configured by Teo En Ming
==============================================================

[1] Company S

[2] Company V

[3] Company B

[4] Company F

===EOF5===

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
IT Consultant
Republic of Singapore
14 July 2024 Sunday 10.06 PM Singapore Time

Re: Broadcast flow cannot be monitored on Netgate with net-snmp

[Bart V. A. <bva...@ac...>]

On 7/4/24 9:54 PM, Jordan MICHEL wrote:
>  From somwhere else.

Please report this issue to the organization that provided the Net-SNMP
binaries. The purpose of this mailing list (net-snmp-users) is to
support users who build Net-SNMP from source or who download Net-SNMP
binaries from the Net-SNMP website.

Thanks,

Bart.

Dynamic loadable module not working with compiled smpd V7.5.3

[Jose T. <j.t...@uv...>]

Hello

I have a weird situation with a compiled snmpd V7.5.3 and not able to find out what's going on.

I have a linux system. At first instance I used the "official" snmpd (sudo apt-get install snmpd ... ) and added a reduced set of OIDs from an own MIB (with several scalar OIDs) in a dynamic loadable module following the steps of the corresponding tutorial. It worked fine. So far so good.

Next, I had to add more OIDs that belonged to a table. I followed the corresponding steps to add the table and got it working. In this case, the functionality for that table was added as a subagent. So at this moment everything was fine. But I realized that one OID from the table was an OCTET STRING which size was 65536 and in my case it only worked up to 1472 bytes. I investigated a little and I realized I had to recompile snmpd with that change.

I recompiled. The OID with big size worked perfectly well, with a big string (around 50000 bytes). But unfortunately (here comes the problem) the initial scalar OIDs added by means of the dynamic loadable module didn't work: the response for a command snmpget is always "No Such Object available on this agent at this OID".

More investigation and debugging. I see the following:


  1.  Function dlmod_load_module  is called (dlmod.c)
  2.  Inside that function, function dl_init is called in turn
  3.  From my dynamic loadable module, the function init_... is called (I checked it adding it a return value and capturing it in function dlmod_load_module and showing by means of DEBUGMSGTL)  but I don't see the log at the beginning of function init_... (I use "DEBUGMSGTL"). So this leads me to suspect there is some problem. I have investigated a lot but with no results ...

Any ideas?

Thank you very much.
Jose.

Re: Issue with SNMP Traps

[Shripad R. <shr...@ne...>]

Hi All,
Can anyone help pls

*Best Regards,*

----------------------------------------------------------------------------------------------------------------------------


Shripad Rayewar

[image: Insta ICT Solutions Pvt Ltd | Telecom Network Services & Solutions]



*Corporate office:* 98A, Precision House,

8668674490

Hadapsar MIDC, Hadapsar, Pune 411013.


On Fri, 28 Jun 2024 at 17:53, Shripad Rayewar <
shr...@ne...> wrote:

> Hi All,
> Im Compiling Net-snmp for Openwrt Router.
> But Seems I'm not able to get traps working.
> Attached is the Makefile and configuration I'm using to compile.
> Please Help me figure this out.
>
>
> *Best Regards,*
>
> ----------------------------------------------------------------------------------------------------------------------------
>
>
> Shripad Rayewar
>
>
>
>
> *Corporate office:* 001, P3-Pentagon Tower,
>
> 8668674490
>
> Magarpatta City,Hadapsar, Pune 411028.
>

-- 


*Disclaimer:* The information contained
in this electronic message and 
any attachments to this message are intended for
the exclusive use of the 
addressee(s) and may contain proprietary, confidential
or privileged 
information. If you are not the intended recipient, you should
not 
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any attachments.



*WARNING:* Computer viruses can be transmitted via
email. The recipient 
should check this email and any attachments for the
presence of viruses. 
The company accepts no liability for any damage caused by
any virus 
transmitted by this email.

-- 


*Disclaimer:* The information contained
in this electronic message and 
any attachments to this message are intended for
the exclusive use of the 
addressee(s) and may contain proprietary, confidential
or privileged 
information. If you are not the intended recipient, you should
not 
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any attachments.



*WARNING:* Computer viruses can be transmitted via
email. The recipient 
should check this email and any attachments for the
presence of viruses. 
The company accepts no liability for any damage caused by
any virus 
transmitted by this email.

Re: Broadcast flow cannot be monitored on Netgate with net-snmp

[Jordan M. <jor...@vi...>]

From somwhere else. 

Regards

> Le 4 juil. 2024 à 19:34, Bart Van Assche <bva...@ac...> a écrit :
> 
> On 7/3/24 11:21 PM, Jordan MICHEL wrote:
>> I got them from the net-snmp website.
>> http://www.net-snmp.org/docs/mibs/ifMIBObjects.html <http://www.net-snmp.org/docs/mibs/ifMIBObjects.html>
>> Do you think these are the wrong OIDs?
>> However, the multicast and broadcast OIDs that I got from this website also work.
> 
> That's not an answer to my question. I asked for the origin of the
> Net-SNMP binaries. I did not ask for the source of the MIBs that you
> are using.
> 
> Bart.
> 

Re: Broadcast flow cannot be monitored on Netgate with net-snmp

[Bart V. A. <bva...@ac...>]

On 7/3/24 11:21 PM, Jordan MICHEL wrote:
> I got them from the net-snmp website.
> http://www.net-snmp.org/docs/mibs/ifMIBObjects.html 
> <http://www.net-snmp.org/docs/mibs/ifMIBObjects.html>
> 
> Do you think these are the wrong OIDs?
> However, the multicast and broadcast OIDs that I got from this website 
> also work.

That's not an answer to my question. I asked for the origin of the
Net-SNMP binaries. I did not ask for the source of the MIBs that you
are using.

Bart.

Re: Broadcast flow cannot be monitored on Netgate with net-snmp

[Jordan M. <jor...@vi...>]

Hello,

I got them from the net-snmp website.
http://www.net-snmp.org/docs/mibs/ifMIBObjects.html

Do you think these are the wrong OIDs?
However, the multicast and broadcast OIDs that I got from this website also
work.

Thanks

Regards,

Le mer. 3 juil. 2024 à 23:32, Bart Van Assche <bva...@ac...> a écrit :

> On 7/3/24 4:45 AM, Jordan MICHEL wrote:
> > I installed net-snmp on my netgate pfsense 1541 and on a netgate pfsense
> > sg2100 and I cannot retrieve the broadcast stream per interface.
>
>  From where did you obtain the Net-SNMP binaries? From the Netgate
> company or from somewhere else?
>
> Thanks,
>
> Bart.
>
>

-- 
<https://www.ville-gap.fr/>

*Jordan MICHEL*

Direction des Systèmes d'Information
04.92.53.24.11 / 06.73.91.48.99
jor...@vi...

Re: Broadcast flow cannot be monitored on Netgate with net-snmp

[Bart V. A. <bva...@ac...>]

On 7/3/24 4:45 AM, Jordan MICHEL wrote:
> I installed net-snmp on my netgate pfsense 1541 and on a netgate pfsense 
> sg2100 and I cannot retrieve the broadcast stream per interface.

 From where did you obtain the Net-SNMP binaries? From the Netgate
company or from somewhere else?

Thanks,

Bart.

Broadcast flow cannot be monitored on Netgate with net-snmp

[Jordan M. <jor...@vi...>]

Hello,
I installed net-snmp on my netgate pfsense 1541 and on a netgate pfsense
sg2100 and I cannot retrieve the broadcast stream per interface.
On the net-snmp website: http://www.net-snmp.org/docs/mibs/ifMIBObjects.html
(3-ifInBroadcastPkts)
The corresponding OID is 1.3.6.1.2.1.31.1.1.3.X.
X = interface number

.1.3.6.1.2.1.31.1.1.1.3.1 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.2 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.3 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.4 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.5 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.6 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.7 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.8 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.9 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.10 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.11 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.12 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.13 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.14 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.15 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.16 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.17 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.18 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.19 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.20 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.21 = Counter32: 0
.1.3.6.1.2.1.31.1.1.1.3.22 = Counter32: 0

On each interface, when I run the snmpwalk command, the netgate returns the
value 0. Why?
On the other hand, I manage to retrieve information on the multicast and
unicast stream. It shows me the number of packets on each interface.

Have you ever encountered this problem? Is this a bug?
Thank you for your answers.
<https://forum.netgate.com/topic/188913/broadcast-flow-cannot-be-monitored-on-netgate/2#>

-- 
<https://www.ville-gap.fr/>

*Jordan MICHEL*

Direction des Systèmes d'Information
04.92.53.24.11 / 06.73.91.48.99
jor...@vi...

Issue with SNMP Traps

[Shripad R. <shr...@ne...>]

Hi All,
Im Compiling Net-snmp for Openwrt Router.
But Seems I'm not able to get traps working.
Attached is the Makefile and configuration I'm using to compile.
Please Help me figure this out.


*Best Regards,*

----------------------------------------------------------------------------------------------------------------------------


Shripad Rayewar




*Corporate office:* 001, P3-Pentagon Tower,

8668674490

Magarpatta City,Hadapsar, Pune 411028.

-- 


*Disclaimer:* The information contained
in this electronic message and 
any attachments to this message are intended for
the exclusive use of the 
addressee(s) and may contain proprietary, confidential
or privileged 
information. If you are not the intended recipient, you should
not 
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any attachments.



*WARNING:* Computer viruses can be transmitted via
email. The recipient 
should check this email and any attachments for the
presence of viruses. 
The company accepts no liability for any damage caused by
any virus 
transmitted by this email.

-- 


*Disclaimer:* The information contained
in this electronic message and 
any attachments to this message are intended for
the exclusive use of the 
addressee(s) and may contain proprietary, confidential
or privileged 
information. If you are not the intended recipient, you should
not 
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any attachments.



*WARNING:* Computer viruses can be transmitted via
email. The recipient 
should check this email and any attachments for the
presence of viruses. 
The company accepts no liability for any damage caused by
any virus 
transmitted by this email.

Index allocation

[Андрей Л. <nek...@gm...>]

Hi everyone.

I'm looking for some examples or guidance on how to use the "Index
allocation" in subagent. (RFC2741, 7.1.4.2.2)
Any help would be hugely appreciated.

Thank you.

Configuring Teo En Ming's Cisco ASA 5516-X Firewall to Send Syslog Messages to Kiwi Syslog Server - Free Edition

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Configuring Teo En Ming's Cisco ASA 5516-X Firewall to Send Syslog Messages to Kiwi Syslog Server - Free Edition

Good day from Singapore,

These are the Cisco ASA CLI commands:

config terminal
logging enable
logging host inside 192.168.1.101
logging trap debugging
end
write memory

Reference guides
=================

[1] How to configure syslog on Cisco ASA firewalls
Link: https://support.auvik.com/hc/en-us/articles/360048078372-How-to-configure-syslog-on-Cisco-ASA-firewalls

[2] Chapter: Configuring Logging
Link: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_syslog.html#68764

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
GIMP also stands for Government-Induced Medical Problems
7 June 2024 Friday 9.00 PM Singapore Time

build net-snmp with AES192/AES256 support to PowerC

[Avner F. <av...@op...>]

Hi,

I am trying to build net-snmp with AES192/AES256 support to PowerPC machine - it is old but I have to make it work (it already works for me with AES 128)
I am using eldk4.2 (I don't want to upgrade because it is newer libc, and will need to build everything in my system)
I have openssl 0.9.8b in my toolchain, and I set the --with-openssl option, I even tried with newer openssl version 1.1.1
But nothing help - I get in the configure:
"checking for authentication support... configure: error: Asked to use OpenSSL but I couldn't find it."

I am just trying to understand what I miss because with a newer eldk (5.6) - I do have success (but as I mentioned, I need to stay with the old eldk)

The configure file looks like that:
./configure --enable-blumenthal-aes --host=ppc-linux --with-endianness=big --enable-ipv6 --enable-privacy --enable-des --enable-internal-md5 --without-rpm --with-openssl=/opt/eldk/ppc_6xx/usr --enable-mini-agent --with-default-snmp-version=2 --enable-shared --with-cflags="-O2 -fsigned-char" --with-sys-location=Unknown --with-logfile=/var/log/snmpd.log --with-persistent-directory=/var/net-snmp --with-out-mib-modules=examples/ucdDemoPublic --sysconfdir=/etc --with-pic --disable-embedded-perl --with-perl-modules=no --with-sys-contact=root@localhost --with-mib-modules=agentx --disable-manuals --disable-scripts --disable-mibs --disable-mib-loading --disable-deprecated --with-out-mib-modules="mibII mibII/snmp_mib mibII/system_mib mibII/sysORTable mibII/vacm_vars"

How can I make it work? (The openssl so file does exist)

Thanks

Avner Flesch

Re: what is right place to load subagent configuration

[Андрей Л. <nek...@gm...>]

I was able to catch the temporary file generated by net-snmp-config
and learnt from it that I can just write manually init_MyModuleName and
shutdown_MyModuleName functions and should be good.
Thanks, the question is closed.

вт, 7 мая 2024 г. в 15:17, Андрей Лобов <nek...@gm...>:

> And another related question - how to hook on agent shutdown in order to
> properly release the resources.
>
> Thanks,
> Andrey
>
> пн, 6 мая 2024 г. в 18:03, Андрей Лобов <nek...@gm...>:
>
>> He everyone,
>>
>> I write subagent, referring to the guide
>> http://www.net-snmp.org/wiki/index.php/TUT:Writing_a_Subagent
>> So far so good - I'm able to get the simple scalar metric.
>> Now I need to use some parameters, which should be loaded from
>> configuration files.
>> From what I got I need to use register_config_handler, but what I do not
>> quite get - what should be the right place to call it and when the config
>> file will actually be read, as I need to make sure somehow I've got all the
>> parameters at the agent startup.
>> Is the same Netsnmp_Node_Handler function OK to use or are there any
>> other handlers I could use to hook on agent initialization?
>>
>> Thank you in advance
>>
>> Regards,
>> Andrey
>>
>

Re: what is right place to load subagent configuration

[Андрей Л. <nek...@gm...>]

And another related question - how to hook on agent shutdown in order to
properly release the resources.

Thanks,
Andrey

пн, 6 мая 2024 г. в 18:03, Андрей Лобов <nek...@gm...>:

> He everyone,
>
> I write subagent, referring to the guide
> http://www.net-snmp.org/wiki/index.php/TUT:Writing_a_Subagent
> So far so good - I'm able to get the simple scalar metric.
> Now I need to use some parameters, which should be loaded from
> configuration files.
> From what I got I need to use register_config_handler, but what I do not
> quite get - what should be the right place to call it and when the config
> file will actually be read, as I need to make sure somehow I've got all the
> parameters at the agent startup.
> Is the same Netsnmp_Node_Handler function OK to use or are there any other
> handlers I could use to hook on agent initialization?
>
> Thank you in advance
>
> Regards,
> Andrey
>

what is right place to load subagent configuration

[Андрей Л. <nek...@gm...>]

He everyone,

I write subagent, referring to the guide
http://www.net-snmp.org/wiki/index.php/TUT:Writing_a_Subagent
So far so good - I'm able to get the simple scalar metric.
Now I need to use some parameters, which should be loaded from
configuration files.
>From what I got I need to use register_config_handler, but what I do not
quite get - what should be the right place to call it and when the config
file will actually be read, as I need to make sure somehow I've got all the
parameters at the agent startup.
Is the same Netsnmp_Node_Handler function OK to use or are there any other
handlers I could use to hook on agent initialization?

Thank you in advance

Regards,
Andrey

Tutorial not responding correctly

[Johnnie W A. <jx...@ua...>]

Hi,

     I'm working through the SNMPv3 Options tutorial and finding that the
commands are not returning the correct results. For instance:

snmpgetnext -v 3 -n "" -u noAuthUser -l noAuthNoPriv test.net-snmp.org
sysUpTime

snmpgetnext: Timeout (Sub-id not found: (top) -> sysUpTime)

Thanks,

     John A
-- 
John Adams
Senior Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jx...@ua... | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

Creating Local User for Web login on the HPE MSR954 Router

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Creating Local User for Web login on the HPE MSR954 Router

Good day from Singapore,

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date: 12 Apr 2024 Friday

Reference guide: Quick Start Configuration Guide for Accessing the Web Interface of a Device Without a Default IP
Link: https://www.h3c.com/en/d_202206/1619529_294551_0.htm

<HPE>system-view
[HPE]local-user admin
[HPE-luser-manage-admin]password simple password2024!
Updating user information. Please wait... ...
[HPE-luser-manage-admin]service-type https
[HPE-luser-manage-admin]authorization-attribute user-role network-admin
[HPE-luser-manage-admin]quit

Save the configuration settings.

[HPE]save

>From now on, you will be able to configure all the router settings using the web interface.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
GIMP also stands for Government-Induced Medical Problems

Teo En Ming's Notes on Upgrading Firmware on HPE MSR954 Router and Enabling Web Interface - Version 1

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Teo En Ming's Notes on Upgrading Firmware on HPE MSR954 Router and Enabling Web Interface - Version 1

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date of Action: 11 Apr 2024 Thursday
Time: 8.30 PM to 11.00 PM

Step 1: Configuring IP address on router port GE1 to prepare for TFTP operation
===============================================================================

Startup configuration file does not exist.
Performing automatic configuration... Press CTRL_D to break.

Automatic configuration attempt: 1.
Not ready for automatic configuration: no interface available.
Waiting for the next...

Automatic configuration attempt: 2.
Interface used: Vlan-interface1.
Enable DHCP client on Vlan-interface1.
Vlan-interface1 failed to obtain IP address.
Waiting for the next...
Automatic configuration is aborted.
Line con0 is available.


Press ENTER to get started.

<HPE>system-view

[HPE]interface Vlan-interface 1

[HPE-Vlan-interface1]ip address 192.168.1.1 255.255.255.0

[HPE-Vlan-interface1]end

<HPE>show ip int br
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description
GE0/0                    down     down     --              --
GE0/5                    down     down     --              --
Vlan1                    up       up       192.168.1.1     --

Step 2: Download and install Open TFTP Server and Configure Management Workstation
=====================================================================================

Download Open TFTP Server from https://sourceforge.net/projects/tftp-server/

Install Open TFTP Server Installer.

Configure IP address of management workstation as 192.168.1.2/24

Copy LATEST firmware image file MSR954-CMW710-R6728P27.ipe to C:\OpenTFTPServer

Double click RunStandAloneMT.bat

Turn off GlassWire firewall.

Turn off Windows Defender firewall.

Step 3: TFTP Operation for the firmware
============================================

<HPE>tftp 192.168.1.2 get MSR954-CMW710-R6728P27.ipe

The following attempt at installing the latest firmware failed because of insufficient space on the flash memory.

<HPE>boot-loader file flash:/MSR954-CMW710-R6728P27.ipe main
Verifying the file flash:/MSR954-CMW710-R6728P27.ipe on the device.......Done.
HPE MSR954 images in IPE:
  msr954-cmw710-boot-r6728p27.bin
  msr954-cmw710-system-r6728p27.bin
  msr954-cmw710-wifidog-r6728p27.bin
  msr954-cmw710-wwd-r6728p27.bin
  msr954-cmw710-security-r6728p27.bin
  msr954-cmw710-voice-r6728p27.bin
  msr954-cmw710-data-r6728p27.bin
This command will set the main startup software images. Continue? [Y/N]:y
Add images to the device.
No sufficient storage space on the device.

Step 4: Delete unnecessary files on the flash memory to free up space 
=========================================================================

<HPE>delete flash:/msr954*.bin
Delete flash:/msr954-cmw710-boot-r0306p30.bin? [Y/N]:y
Deleting file flash:/msr954-cmw710-boot-r0306p30.bin... Done.
Delete flash:/msr954-cmw710-data-r0306p30.bin? [Y/N]:y
Deleting file flash:/msr954-cmw710-data-r0306p30.bin... Done.
Delete flash:/msr954-cmw710-security-r0306p30.bin? [Y/N]:y
Deleting file flash:/msr954-cmw710-security-r0306p30.bin... Done.
Delete flash:/msr954-cmw710-system-r0306p30.bin? [Y/N]:y
Deleting file flash:/msr954-cmw710-system-r0306p30.bin... Done.
Delete flash:/msr954-cmw710-voice-r0306p30.bin? [Y/N]:y
Deleting file flash:/msr954-cmw710-voice-r0306p30.bin... Done.
Delete flash:/msr954-cmw710-wifidog-r0306p30.bin? [Y/N]:y
Deleting file flash:/msr954-cmw710-wifidog-r0306p30.bin... Done.


<HPE>delete flash:/logfile/*
Delete flash:/logfile/logfile1.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile1.log.gz... Done.
Delete flash:/logfile/logfile10.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile10.log.gz... Done.
Delete flash:/logfile/logfile2.log? [Y/N]:y
Deleting file flash:/logfile/logfile2.log... Done.
Delete flash:/logfile/logfile2.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile2.log.gz... Done.
Delete flash:/logfile/logfile3.log? [Y/N]:y
Deleting file flash:/logfile/logfile3.log... Done.
Delete flash:/logfile/logfile4.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile4.log.gz... Done.
Delete flash:/logfile/logfile5.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile5.log.gz... Done.
Delete flash:/logfile/logfile6.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile6.log.gz... Done.
Delete flash:/logfile/logfile7.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile7.log.gz... Done.
Delete flash:/logfile/logfile8.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile8.log.gz... Done.
Delete flash:/logfile/logfile9.log.gz? [Y/N]:y
Deleting file flash:/logfile/logfile9.log.gz... Done.

<HPE>dir flash:/
Directory of flash:
   0 -rw-    93636608 Jan 01 2011 00:29:51   MSR954-CMW710-R6728P27.ipe
   1 drw-           - Jan 01 2011 00:00:10   diagfile
   2 -rw-         735 Jan 01 2011 00:07:25   hostkey
   3 -rw-         228 Jan 01 2011 00:12:54   ifindex.dat
   4 drw-           - Jan 01 2011 00:00:10   license
   5 drw-           - Jan 01 2011 00:36:14   logfile
   6 drw-           - Jan 01 2011 00:00:10   seclog
   7 -rw-         591 Jan 01 2011 00:07:25   serverkey
   8 -rw-        5735 Jan 01 2011 00:12:55   startup.cfg
   9 -rw-       61417 Jan 01 2011 00:12:55   startup.mdb

251904 KB total (86996 KB free)

<HPE>delete flash:/startup.mdb
Delete flash:/startup.mdb? [Y/N]:y
Deleting file flash:/startup.mdb... Done.


<HPE>dir /all
Directory of flash:
   0 -rw-    93636608 Jan 01 2011 00:29:51   MSR954-CMW710-R6728P27.ipe
   1 drw-           - Jan 01 2011 00:00:10   diagfile
   2 -rw-         735 Jan 01 2011 00:07:25   hostkey
   3 -rw-         228 Jan 01 2011 00:12:54   ifindex.dat
   4 drw-           - Jan 01 2011 00:00:10   license
   5 drw-           - Jan 01 2011 00:36:14   logfile
   6 drw-           - Jan 01 2011 00:00:10   seclog
   7 -rw-         591 Jan 01 2011 00:07:25   serverkey
   8 -rw-        5735 Jan 01 2011 00:12:55   startup.cfg
   9 drwh           - Jan 01 2011 00:45:44   .trash


<HPE>rmdir flash:/.trash
Remove directory flash:/.trash and the files in the recycle-bin under this directory will be deleted permanently. Continue? [Y/N]:y
Failed to remove the directory because it is not empty.

<HPE>dir flash:/.trash/
Directory of flash:/.trash
   0 -rw-      362875 Jun 24 2011 11:12:32   logfile1.log.gz_0001
   1 -rw-      307359 Jan 07 2011 13:01:22   logfile10.log.gz_0001
   2 -rw-      332922 Jan 07 2011 11:11:52   logfile2.log.gz_0001
   3 -rw-     3633086 Jan 07 2011 20:06:45   logfile2.log_0001
   4 -rw-     5216633 Jul 19 2011 10:45:11   logfile3.log_0001
   5 -rw-      370150 Jul 02 2011 19:51:51   logfile4.log.gz_0001
   6 -rw-      356413 Jun 27 2011 21:30:47   logfile5.log.gz_0001
   7 -rw-      355667 Jul 05 2011 10:05:21   logfile6.log.gz_0001
   8 -rw-      363096 Jul 11 2011 10:40:24   logfile7.log.gz_0001
   9 -rw-      371726 Jul 17 2011 06:21:00   logfile8.log.gz_0001
  10 -rw-      354088 Jul 08 2011 19:24:06   logfile9.log.gz_0001
  11 -rw-     6972416 Jan 01 2013 00:00:00   msr954-cmw710-boot-r0306p30.bin_0001
  12 -rw-     2955264 Jan 01 2013 00:00:00   msr954-cmw710-data-r0306p30.bin_0001
  13 -rw-      387072 Jan 01 2013 00:00:00   msr954-cmw710-security-r0306p30.bin_0001
  14 -rw-    51291136 Jan 01 2013 00:00:00   msr954-cmw710-system-r0306p30.bin_0001
  15 -rw-       12288 Jan 01 2013 00:00:00   msr954-cmw710-voice-r0306p30.bin_0001
  16 -rw-      116736 Jan 01 2013 00:00:00   msr954-cmw710-wifidog-r0306p30.bin_0001
  17 -rw-       61417 Jan 01 2011 00:12:55   startup.mdb_0001

251904 KB total (86996 KB free)

<HPE>delete flash:/.trash/msr954-cmw710-boot-r0306p30.bin_0001
The file cannot be restored. Delete flash:/.trash/msr954-cmw710-boot-r0306p30.bin_0001? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/.trash/msr954-cmw710-boot-r0306p30.bin_0001... Done.

<HPE>delete flash:/.trash/msr954-cmw710-data-r0306p30.bin_0001
The file cannot be restored. Delete flash:/.trash/msr954-cmw710-data-r0306p30.bin_0001? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/.trash/msr954-cmw710-data-r0306p30.bin_0001... Done.

<HPE>delete flash:/.trash/msr954-cmw710-security-r0306p30.bin_0001
The file cannot be restored. Delete flash:/.trash/msr954-cmw710-security-r0306p30.bin_0001? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/.trash/msr954-cmw710-security-r0306p30.bin_0001... Done.

<HPE>delete flash:/.trash/msr954-cmw710-system-r0306p30.bin_0001
The file cannot be restored. Delete flash:/.trash/msr954-cmw710-system-r0306p30.bin_0001? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/.trash/msr954-cmw710-system-r0306p30.bin_0001... Done.

<HPE>delete flash:/.trash/msr954-cmw710-voice-r0306p30.bin_0001
The file cannot be restored. Delete flash:/.trash/msr954-cmw710-voice-r0306p30.bin_0001? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/.trash/msr954-cmw710-voice-r0306p30.bin_0001... Done.

<HPE>delete flash:/.trash/msr954-cmw710-wifidog-r0306p30.bin_0001
The file cannot be restored. Delete flash:/.trash/msr954-cmw710-wifidog-r0306p30.bin_0001? [Y/N]:y
Deleting the file permanently will take a long time. Please wait...
Deleting file flash:/.trash/msr954-cmw710-wifidog-r0306p30.bin_0001... Done.


<HPE>dir flash:/.trash/
Directory of flash:/.trash
   0 -rw-      362875 Jun 24 2011 11:12:32   logfile1.log.gz_0001
   1 -rw-      307359 Jan 07 2011 13:01:22   logfile10.log.gz_0001
   2 -rw-      332922 Jan 07 2011 11:11:52   logfile2.log.gz_0001
   3 -rw-     3633086 Jan 07 2011 20:06:45   logfile2.log_0001
   4 -rw-     5216633 Jul 19 2011 10:45:11   logfile3.log_0001
   5 -rw-      370150 Jul 02 2011 19:51:51   logfile4.log.gz_0001
   6 -rw-      356413 Jun 27 2011 21:30:47   logfile5.log.gz_0001
   7 -rw-      355667 Jul 05 2011 10:05:21   logfile6.log.gz_0001
   8 -rw-      363096 Jul 11 2011 10:40:24   logfile7.log.gz_0001
   9 -rw-      371726 Jul 17 2011 06:21:00   logfile8.log.gz_0001
  10 -rw-      354088 Jul 08 2011 19:24:06   logfile9.log.gz_0001
  11 -rw-       61417 Jan 01 2011 00:12:55   startup.mdb_0001

251904 KB total (147428 KB free)

Step 5: Installing the LATEST firmware on the HPE MSR954 router
==================================================================

<HPE>boot-loader file flash:/MSR954-CMW710-R6728P27.ipe main
Verifying the file flash:/MSR954-CMW710-R6728P27.ipe on the device.......Done.
HPE MSR954 images in IPE:
  msr954-cmw710-boot-r6728p27.bin
  msr954-cmw710-system-r6728p27.bin
  msr954-cmw710-wifidog-r6728p27.bin
  msr954-cmw710-wwd-r6728p27.bin
  msr954-cmw710-security-r6728p27.bin
  msr954-cmw710-voice-r6728p27.bin
  msr954-cmw710-data-r6728p27.bin
This command will set the main startup software images. Continue? [Y/N]:y
Add images to the device.
Decompressing file msr954-cmw710-wwd-r6728p27.bin to flash:/msr954-cmw710-wwd-r6728p27.bin...Done.
Decompressing file msr954-cmw710-wifidog-r6728p27.bin to flash:/msr954-cmw710-wifidog-r6728p27.bin...Done.
Decompressing file msr954-cmw710-data-r6728p27.bin to flash:/msr954-cmw710-data-r6728p27.bin...Done.
Decompressing file msr954-cmw710-voice-r6728p27.bin to flash:/msr954-cmw710-voice-r6728p27.bin...Done.
Decompressing file msr954-cmw710-security-r6728p27.bin to flash:/msr954-cmw710-security-r6728p27.bin...Done.
Decompressing file msr954-cmw710-system-r6728p27.bin to flash:/msr954-cmw710-system-r6728p27.bin........................................Done.
Decompressing file msr954-cmw710-boot-r6728p27.bin to flash:/msr954-cmw710-boot-r6728p27.bin.....Done.
The images that have passed all examinations will be used as the main startup software images at the next reboot on the device.

Verifying that the latest firmware has been installed.

<HPE>display boot-loader
Software images on the device:
Current software images:
  flash:/msr954-cmw710-boot-r0306p30.bin
  flash:/msr954-cmw710-system-r0306p30.bin
  flash:/msr954-cmw710-wifidog-r0306p30.bin
  flash:/msr954-cmw710-security-r0306p30.bin
  flash:/msr954-cmw710-voice-r0306p30.bin
  flash:/msr954-cmw710-data-r0306p30.bin
Main startup software images:
  flash:/msr954-cmw710-boot-r6728p27.bin
  flash:/msr954-cmw710-system-r6728p27.bin
  flash:/msr954-cmw710-wifidog-r6728p27.bin
  flash:/msr954-cmw710-wwd-r6728p27.bin
  flash:/msr954-cmw710-security-r6728p27.bin
  flash:/msr954-cmw710-voice-r6728p27.bin
  flash:/msr954-cmw710-data-r6728p27.bin
Backup startup software images:
  None

Rebooting the HPE MSR954 router.

<HPE>reboot
Start to check configuration with next startup configuration file, please wait.........DONE!
Current configuration may be lost after the reboot, save current configuration? [Y/N]:n
This command will reboot the device. Continue? [Y/N]:y
Now rebooting, please wait...
%Jan  1 01:00:07:296 2011 HPE DEV/5/SYSTEM_REBOOT: System is rebooting now.

Step 6: Enabling Web Interface on the HPE MSR954 Router
========================================================

Startup configuration file doesn't exist or is invalid.
Performing automatic configuration... Press CTRL_C or CTRL_D to break.

Automatic configuration attempt: 1.
Not ready for automatic configuration: no interface available.
Waiting for the next...

Automatic configuration attempt: 2.
Interface used: Vlan-interface1.
Enable DHCP client on Vlan-interface1.
Vlan-interface1 failed to obtain IP address.
Waiting for the next...
Automatic configuration is aborted.



<HPE>system-view
[HPE]interface Vlan-interface 1
[HPE-Vlan-interface1]ip address 192.168.1.1 255.255.255.0

[HPE]ip https enable

You can now browse the web interface using https://192.168.1.1/

Google Chrome doesn't display the web interface properly. You need to use Microsoft Edge.

But I don't know the default username and password, need to check it out later.

Step 7: Remember to save the router configuration before shutting down
========================================================================

[HPE]save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Configuration is saved to device successfully.

Reference Guides
=================

[1] 07-Software upgrade configuration

Link: https://www.h3c.com/en/d_201905/1178175_294551_0.htm

[2] Router HPE MSR954 Web interface

Link: https://community.hpe.com/t5/comware-based/router-hpe-msr954-web-interface/td-p/6940091

[3] dir

Link: https://techhub.hpe.com/eginfolib/networking/docs/switches/5700/5998-5600r_fund_cr/content/447037782.htm




Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
GIMP also stands for Government-Induced Medical Problems

HPE MSR954 Router Console Bootup Messages and Show Version

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: HPE MSR954 Router Console Bootup Messages and Show Version

Good day from Singapore,

I have bought a refurbished/second hand/used HPE MSR954 router at Canberra Road for $30 on 30 Mar 2024 Saturday at about 10 pm.

Serial Number: CN****11DB

MAC address: 4CAEA37BD937

Console bootup messages below
=================================

a▒▒▒Fh▒▒f▒▒CC▒▒▒ѕ▒▒is starting...
Press Ctrl+D to access BASIC-BOOTWARE MENU
Booting Normal Extend BootWare

****************************************************************************
*                                                                          *
*                   HPE MSR954 BootWare, Version 1.30                      *
*                                                                          *
****************************************************************************
Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP

Compiled Date       : May 16 2016
CPU ID              : 0xa
CPU L1 Cache        : 32KB
CPU L2 Cache        : 256KB
Memory Type         : DDR3 SDRAM
Memory Size         : 1024MB
Flash Size          : 256MB
PCB Version         : 2.0


BootWare Validating...
Press Ctrl+B to access EXTENDED-BOOTWARE MENU...
Loading the main image files...
Loading file flash:/msr954-cmw710-system-r0306p30.bin.......................
.............................Done.
Loading file flash:/msr954-cmw710-security-r0306p30.bin...Done.
Loading file flash:/msr954-cmw710-voice-r0306p30.bin...Done.
Loading file flash:/msr954-cmw710-data-r0306p30.bin......Done.
Loading file flash:/msr954-cmw710-wifidog-r0306p30.bin...Done.
Loading file flash:/msr954-cmw710-boot-r0306p30.bin..........Done.

Image file flash:/msr954-cmw710-boot-r0306p30.bin is self-decompressing.....
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
............................................................................
......................................................Done.
System image is starting...
Cryptographic algorithms tests passed.

Startup configuration file does not exist.
Performing automatic configuration... Press CTRL_D to break.

Automatic configuration attempt: 1.
Not ready for automatic configuration: no interface available.
Waiting for the next...

Automatic configuration attempt: 2.
Not ready for automatic configuration: no interface available.
Waiting for the next...
Automatic configuration is aborted.
Line con0 is available.


Press ENTER to get started.
<HPE>%Jan  1 00:02:12:518 2011 HPE SHELL/5/SHELL_LOGIN: Console logged in from con0.

show version output
====================

<HPE>show version
HPE Comware Software, Version 7.1.059, Release 0306P30
Copyright (c) 2010-2016 Hewlett Packard Enterprise Development LP
HPE MSR954 uptime is 0 weeks, 0 days, 0 hours, 2 minutes
Last reboot reason : Reset button reboot
Boot image: flash:/msr954-cmw710-boot-r0306p30.bin
Boot image version: 7.1.059P21, Release 0306P30
  Compiled Jun 08 2016 16:00:00
System image: flash:/msr954-cmw710-system-r0306p30.bin
System image version: 7.1.059, Release 0306P30
  Compiled Jun 08 2016 16:00:00
Feature image(s) list:
  flash:/msr954-cmw710-wifidog-r0306p30.bin, version: 7.1.059
    Compiled Jun 08 2016 16:00:00
  flash:/msr954-cmw710-security-r0306p30.bin, version: 7.1.059
    Compiled Jun 08 2016 16:00:00
  flash:/msr954-cmw710-voice-r0306p30.bin, version: 7.1.059
    Compiled Jun 08 2016 16:00:00
  flash:/msr954-cmw710-data-r0306p30.bin, version: 7.1.059
    Compiled Jun 08 2016 16:00:00

CPU ID: 0xa
1G bytes DDR3 SDRAM Memory
10M bytes Flash Memory
PCB               Version:  2.0
CPLD              Version:  0.0
Basic    BootWare Version:  1.30
Extended BootWare Version:  1.30
[SLOT  0]CON                       (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]GE0/0                     (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]4GSW                      (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]SFP0/5                    (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]CELLULAR0/0               (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0
[SLOT  0]CELLULAR0/1               (Hardware)2.0,   (Driver)1.0,   (CPLD)0.0

<HPE>

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com
GIMP also stands for Government-Induced Medical Problems.

Teo En Ming's Notes on Basic Configuration of Cisco ASA 5516-X Firewall - Version 1

[Turritopsis D. T. En M. <teo...@pr...>]

Subject: Teo En Ming's Notes on Basic Configuration of Cisco ASA 5516-X Firewall - Version 1

Good day from Singapore,

Author: Mr. Turritopsis Dohrnii Teo En Ming
Country: Singapore
Date of Publication: 20 March 2024 Wednesday
Document Version: 1

I have bought this refurbished/second hand/used Cisco ASA 5516-X firewall with FirePOWER Services for SGD$100 at Bukit Panjang Ring Road on 17 Mar 2024 Sunday at about 8.30 PM Singapore Time.

On 19 March 2024 Tuesday, I have completed basic configuration of this firewall.

Configuration Start: 19 March 2024 Tuesday, 9.22 PM

Configuration End: 19 March 2024 Tuesday, 11.33 PM

Below are my notes on configuring the Cisco ASA 5516-X firewall (basic).

Part 1: Factory reset the Cisco ASA 5516-X firewall
===================================================

Reference guide: Clearing, resetting or erasing configuration on Cisco ASA
Link: https://www.linkedin.com/pulse/clearing-resetting-erasing-configuration-cisco-asa-darko-raki%C4%87?utm_source=share&utm_medium=member_android&utm_campaign=share_via

cisco> en
Password: *****

cisco# conf t
cisco(config)#

***************************** NOTICE *****************************

Help to improve the ASA platform by enabling anonymous reporting,
which allows Cisco to securely receive minimal error and health
information from the device. To learn more about this feature,
please visit: http://www.cisco.com/go/smartcall

Would you like to enable anonymous error reporting to help improve
the product? [Y]es, [N]o, [A]sk later: Y

Enabling anonymous reporting.
Adding "call-home reporting anonymous" to running configuration...
Creating trustpoint "_SmartCallHome_ServerCA" and installing certificate...

Trustpoint CA certificate accepted.

Please remember to save your configuration.

cisco(config)# configure factory-default
Based on the inside IP address and mask, the DHCP address
pool size is reduced to 250 from the platform limit 256

WARNING: The boot system configuration will be cleared.
The first image found in disk0:/ will be used to boot the
system on the next reload.
Verify there is a valid image on disk0:/ or the system will
not boot.

Begin to apply factory-default configuration:
Clear all configuration
Executing command: !
Executing command: interface Management1/1
Executing command:  management-only
Executing command:  no nameif
Executing command:  no security-level
Executing command:  no ip address
Executing command:  no shutdown
Executing command:  exit
Executing command: !
Executing command: interface GigabitEthernet1/1
Executing command:  nameif outside
INFO: Security level for "outside" set to 0 by default.
Executing command:  security-level 0
Executing command:  ip address dhcp setroute
Executing command:  no shutdown
Executing command:  exit
Executing command: !
Executing command: interface GigabitEthernet1/2
Executing command:  nameif inside
INFO: Security level for "inside" set to 100 by default.
Executing command:  security-level 100
Executing command: ip address 192.168.1.1 255.255.255.0
Executing command:  no shutdown
Executing command:  exit
Executing command: !
Executing command: object network obj_any
Executing command: subnet 0.0.0.0 0.0.0.0
Executing command: nat (any,outside) dynamic interface
Executing command: exit
Executing command: !
Executing command: http server enable
Executing command: http 192.168.1.0 255.255.255.0 inside
Executing command: !
Executing command: dhcpd auto_config outside
Executing command: dhcpd address 192.168.1.5-192.168.1.254 inside
Executing command: dhcpd enable inside
Executing command: !
Executing command: logging asdm informational
Executing command: !
Executing command: !
Executing command: !
Factory-default configuration is completed

ciscoasa(config)# reload
System config has been modified. Save? [Y]es/[N]o:  y
Cryptochecksum: 200435a9 cee9c848 4fb5e91d ac201631

3250 bytes copied in 0.150 secs
Proceed with reload? [confirm]
ciscoasa(config)#


***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
Shutting down License Controller
Shutting down File system



***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting... (status 0x9)
..
INIT: Sending processes the TERM signal
Deconfiguring network interfaces... done.
Sending all processes the TERM signal...
Sending all processes the KILL signal...
Deactivating swap...
Unmounting local filesystems...
Rebooting...


Part 2: Basic Configuration of Cisco ASA 5516-X Firewall
=========================================================

Reference guide: Basic Cisco ASA 5506-x Configuration Example
Link: https://www.speaknetworks.com/basic-cisco-asa-5506-x-configuration-example/

ciscoasa> en
Password:
ciscoasa#

ciscoasa# show bootvar

BOOT variable =
Current BOOT variable =
CONFIG_FILE variable =
Current CONFIG_FILE variable =

Step 1: Configure ASA interfaces and assign appropriate security levels
===========================================================================

ciscoasa# conf t

ciscoasa(config)# interface GigabitEthernet1/1
ciscoasa(config-if)# description to WAN
ciscoasa(config-if)# nameif outside
ciscoasa(config-if)# security-level 0
ciscoasa(config-if)# ip address dhcp setroute
ciscoasa(config-if)# exit

ciscoasa(config)# interface GigabitEthernet1/2
ciscoasa(config-if)# description to LAN
ciscoasa(config-if)# nameif inside
ciscoasa(config-if)# security-level 100
ciscoasa(config-if)# ip address 192.168.1.1 255.255.255.0
ciscoasa(config-if)# exit

ciscoasa(config)# interface GigabitEthernet1/3
ciscoasa(config-if)# description to DMZ1
ciscoasa(config-if)# nameif dmz1
ciscoasa(config-if)# security-level 50
ciscoasa(config-if)# ip address 192.168.2.1 255.255.255.0
ciscoasa(config-if)# exit

Step 2: Configure ASA as an Internet gateway, enable Internet access
========================================================================

Configure NAT rules.

ciscoasa(config)# nat (inside,outside) after-auto source dynamic any interface
ciscoasa(config)# nat (dmz1,outside) after-auto source dynamic any interface

Allow ping requests to go out.

ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# inspect icmp
ciscoasa(config-pmap-c)# exit
ciscoasa(config-pmap)# exit

Step 3: Configure static NAT to web servers, grant Internet inbound access to web servers
===========================================================================================

I will skip this step because I am not planning to have any public facing web servers at home at the moment.

Step 4: Configure DHCP service on the ASA
============================================

Configure DHCP server for LAN network.

ciscoasa(config)# dhcpd address 192.168.1.2-192.168.1.254 inside
ciscoasa(config)# dhcpd dns 8.8.8.8 8.8.4.4
ciscoasa(config)# dhcpd lease 3600
ciscoasa(config)# dhcpd ping_timeout 50
ciscoasa(config)# dhcpd enable inside
ciscoasa(config)# dhcprelay timeout 60

Configure DHCP Server for DMZ network.

ciscoasa(config)# dhcpd address 192.168.2.2-192.168.2.254 dmz1
ciscoasa(config)# dhcpd enable dmz1

ciscoasa(config)# exit

(Optional) Step 5: Redirect traffic to the FirePOWER module for deeper level inspection
========================================================================================

I don't think I have any FirePOWER feature license, so I will skip this step for the moment.

Step 6: Hardening the device
===============================

Shutdown unused interfaces.

ciscoasa(config)# interface GigabitEthernet1/4
ciscoasa(config-if)# shutdown
ciscoasa(config-if)# interface GigabitEthernet1/5
ciscoasa(config-if)# shutdown
ciscoasa(config-if)# interface GigabitEthernet1/6
ciscoasa(config-if)# shutdown
ciscoasa(config-if)# interface GigabitEthernet1/7
ciscoasa(config-if)# shutdown
ciscoasa(config-if)# interface GigabitEthernet1/8
ciscoasa(config-if)# shutdown
ciscoasa(config-if)# exit

Enable SSH access for admin.

ciscoasa(config)# hostname ASA5516X
ASA5516X(config)# crypto key generate rsa modulus 1024 (change to 4096 in future)
WARNING: You have a RSA keypair already defined named <Default-RSA-Key>.

Do you really want to replace them? [yes/no]: yes
Keypair generation process begin. Please wait...



Hosts from the internet are not allowed to ssh into the firewall.

LAN users are allowed to ssh into the firewall.
ASA5516X(config)# ssh 192.168.1.0 255.255.255.0 inside

DMZ users are not allowed to ssh into the firewall.

ASA5516X(config)# ssh timeout 30
ASA5516X(config)# ssh version 2
ASA5516X(config)# aaa authentication ssh console LOCAL
WARNING: local database is empty! Use 'username' command to define local users.

Step 7: Configure time and enable logging
===========================================

I didn't set the time or timezone correctly. Will fix it in the future.

ASA5516X(config)# clock set 22:37:00 Mar 19 2024
ASA5516X(config)# clock timezone GMT +8
ASA5516X(config)# logging enable
ASA5516X(config)# logging timestamp
ASA5516X(config)# logging buffer-size 512000
ASA5516X(config)# logging buffered debugging

Part 3: Create LOCAL users for SSH
==================================

Reference guide: Cisco ASA Firewall Management Interface Configuration (with Example)
Link: https://www.networkstraining.com/using-the-management-interface-of-the-cisco-asa-firewall/

ASA5516X(config)# username cisco password cisco privilege 15

Part 4: Enable ASA Web Interface
=================================

Reference guide: How do I perform a basic setup of Cisco ASA 5516-X firewall?
Link: https://community.cisco.com/t5/network-security/how-do-i-perform-a-basic-setup-of-cisco-asa-5516-x-firewall/m-p/5041698#M1109965

ASA5516X(config)# http server enable
ASA5516X(config)# http 192.168.1.0 255.255.255.0 inside
ASA5516X(config)# enable password cisco level 15

Hosts from the internet are not allowed to access the ASA web interface.
Hosts from the DMZ are not allowed to access the ASA web interface.

Part 5: Saving the Firewall Configuration
==========================================

ASA5516X(config)# write mem
Building configuration...
Cryptochecksum: 5857f4ec 34234f34 4cec64f6 f85d7cd4

7180 bytes copied in 0.150 secs
[OK]


ASA5516X(config)# write mem
Building configuration...
Cryptochecksum: 5857f4ec 34234f34 4cec64f6 f85d7cd4

7180 bytes copied in 0.150 secs
[OK]


Part 6: show run output
=======================

ASA5516X# show run
: Saved

:
: Serial Number: JAD****00ZZ
: Hardware:   ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
:
ASA Version 9.7(1)4
!
hostname ASA5516X
enable password $sha512$5000$LuFgFhttGYuAEdvYbB7Y9g==$M2/7xYvePzQsOAQNrQsxTg== pbkdf2
names

!
interface GigabitEthernet1/1
 description to WAN
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface GigabitEthernet1/2
 description to LAN
 nameif inside
 security-level 100
 ip address 192.168.1.1 255.255.255.0
!
interface GigabitEthernet1/3
 description to DMZ1
 nameif dmz1
 security-level 50
 ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management1/1
 management-only
 no nameif
 no security-level
 no ip address
!
ftp mode passive
clock timezone GMT 8
object network obj_any
 subnet 0.0.0.0 0.0.0.0
pager lines 24
logging enable
logging timestamp
logging buffer-size 512000
logging buffered debugging
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu dmz1 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
!
object network obj_any
 nat (any,outside) dynamic interface
!
nat (inside,outside) after-auto source dynamic any interface
nat (dmz1,outside) after-auto source dynamic any interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
service sw-reset-button
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
 no validation-usage
 crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
 certificate ca 18dad19e267de8bb4a2158cdcc6b3b4a
    308204d3 308203bb a0030201 02021018 dad19e26 7de8bb4a 2158cdcc 6b3b4a30
    0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
    30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
    0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
    20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
    65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d30
    36313130 38303030 3030305a 170d3336 30373136 32333539 35395a30 81ca310b
    30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
    496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
    74776f72 6b313a30 38060355 040b1331 28632920 32303036 20566572 69536967
    6e2c2049 6e632e20 2d20466f 72206175 74686f72 697a6564 20757365 206f6e6c
    79314530 43060355 0403133c 56657269 5369676e 20436c61 73732033 20507562
    6c696320 5072696d 61727920 43657274 69666963 6174696f 6e204175 74686f72
    69747920 2d204735 30820122 300d0609 2a864886 f70d0101 01050003 82010f00
    3082010a 02820101 00af2408 08297a35 9e600caa e74b3b4e dc7cbc3c 451cbb2b
    e0fe2902 f95708a3 64851527 f5f1adc8 31895d22 e82aaaa6 42b38ff8 b955b7b1
    b74bb3fe 8f7e0757 ecef43db 66621561 cf600da4 d8def8e0 c362083d 5413eb49
    ca595485 26e52b8f 1b9febf5 a191c233 49d84363 6a524bd2 8fe87051 4dd18969
    7bc770f6 b3dc1274 db7b5d4b 56d396bf 1577a1b0 f4a225f2 af1c9267 18e5f406
    04ef90b9 e400e4dd 3ab519ff 02baf43c eee08beb 378becf4 d7acf2f6 f03dafdd
    75913319 1d1c40cb 74241921 93d914fe ac2a52c7 8fd50449 e48d6347 883c6983
    cbfe47bd 2b7e4fc5 95ae0e9d d4d143c0 6773e314 087ee53f 9f73b833 0acf5d3f
    3487968a ee53e825 15020301 0001a381 b23081af 300f0603 551d1301 01ff0405
    30030101 ff300e06 03551d0f 0101ff04 04030201 06306d06 082b0601 05050701
    0c046130 5fa15da0 5b305930 57305516 09696d61 67652f67 69663021 301f3007
    06052b0e 03021a04 148fe5d3 1a86ac8d 8e6bc3cf 806ad448 182c7b19 2e302516
    23687474 703a2f2f 6c6f676f 2e766572 69736967 6e2e636f 6d2f7673 6c6f676f
    2e676966 301d0603 551d0e04 1604147f d365a7c2 ddecbbf0 3009f343 39fa02af
    33313330 0d06092a 864886f7 0d010105 05000382 01010093 244a305f 62cfd81a
    982f3dea dc992dbd 77f6a579 2238ecc4 a7a07812 ad620e45 7064c5e7 97662d98
    097e5faf d6cc2865 f201aa08 1a47def9 f97c925a 0869200d d93e6d6e 3c0d6ed8
    e6069140 18b9f8c1 eddfdb41 aae09620 c9cd6415 3881c994 eea28429 0b136f8e
    db0cdd25 02dba48b 1944d241 7a05694a 584f60ca 7e826a0b 02aa2517 39b5db7f
    e784652a 958abd86 de5e8116 832d10cc defda882 2a6d281f 0d0bc4e5 e71a2619
    e1f4116f 10b595fc e7420532 dbce9d51 5e28b69e 85d35bef a57d4540 728eb70e
    6b0e06fb 33354871 b89d278b c4655f0d 86769c44 7af6955c f65d3208 33a454b6
    183f685c f2424a85 3854835f d1e82cf2 ac11d6a8 ed636a
  quit
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 30
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd auto_config outside
!
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd enable inside
!
dhcpd address 192.168.2.2-192.168.2.254 dmz1
dhcpd enable dmz1
!
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
dynamic-access-policy-record DfltAccessPolicy
username cisco password $sha512$5000$G5B9+ZfYxXVvcUPZ67ndpg==$SzTisL+GxQG2Nr/K7hh9gA== pbkdf2 privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
  no tcp-inspection
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
Cryptochecksum:2cf585656729bff783f7247b760f1d15
: end


Part 7: Corrective Steps for DMZ network
========================================

ASA5516X(config)# interface GigabitEthernet1/3
ASA5516X(config-if)# no shut
ASA5516X(config-if)# exit
ASA5516X(config)# write mem
Building configuration...
Cryptochecksum: 2cf58565 6729bff7 83f7247b 760f1d15

7170 bytes copied in 0.150 secs
[OK]

That's all.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
Blogs:
https://tdtemcerts.blogspot.com
https://tdtemcerts.wordpress.com

Trap on delta difference

[Gowtham <trg...@gm...>]

Hi

I need to raise a mteTrigger trap when the IF-MIB::ifInErrors per
minute go beyond 10 on all the interfaces. So tried the below config
in snmpd.conf

monitor -S -D -r 60  "Network inErrors" ifInErrors 9 10

This sends a mteTriggerRising trap if the ifInErrors increase by 10 in
the last 60 seconds and a mteTriggerFalling trap when the delta falls
below 9.

This works alright but when the snmpd is restarted, there is one
mteTriggerFalling trap sent for every interface though the ifInErrors
is 0. Can we skip sending the mteTriggerFalling at the start of snmpd?
Or is there any other way we can achieve this?

Regards,
Gowtham

TCP trapsink snmpd.conf causes error

[Atkins, B. <Bri...@ne...>]

I reported this back in 2020, but I think there was confusion caused by my response.  Snmpd definitely throws an error if a trapsink contains a TCP transport specifier:

# cat /etc/snmp/snmpd.conf

rocommunity public
trapsink tcp:10.224.4.161 public

# snmpd -f -Le
snmpd: netsnmp_create_notification_session:
/etc/snmp/snmpd.conf: line 3: Error: cannot create sink: tcp:10.224.4.161
net-snmp: 1 error(s) in config file(s)
NET-SNMP version 5.9

Here is some additional debugging, in case it helps:

# snmpd -f -Le -Dtdomain,snmp_sess
registered debug token tdomain, 1
registered debug token snmp_sess, 1
tdomain: netsnmp_tdomain_init() called
tdomain: domain_list -> { iso.3.6.1.6.1.9, "dtlsudp/dtls/dtlsudp6/dtls6" } -> { iso.3.6.1.6.1.8, "tlstcp/tls" } -> { iso.3.6.1.2.1.100.1.2, "udp6/ipv6/udpv6/udpipv6" } -> { iso.3.6.1.2.1.100.1.6, "tcp6/tcpv6/tcpipv6" } -> { iso.3.6.1.6.1.1, "udp" } -> { iso.3.6.1.2.1.100.1.5, "tcp" } -> { iso.3.6.1.4.1.8072.3.3.7, "alias" } -> { iso.3.6.1.2.1.100.1.13, "unix" } -> [NIL]
snmp_sess: opening transport: 0
snmp_sess: done opening transport: 20
snmp_sess_add: fd 3
tdomain: tdomain_transport_spec("snmptrap", "tcp:10.224.4.161", 0, "[NIL]", "[NIL]", "[NIL]")
tdomain: Found domain "tcp" from specifier "tcp"
tdomain: trying domain "tcp" address "10.224.4.161" default address ":162"
snmpd: netsnmp_create_notification_session:
/etc/snmp/snmpd.conf: line 3: Error: cannot create sink: tcp:10.224.4.161
net-snmp: 1 error(s) in config file(s)
tdomain: tdomain_transport_spec("snmp", "", 1, "[NIL]", "[NIL]", "[NIL]")
tdomain: checking for host specific config hosts/
tdomain: Use application default domains "udp" "udp6"
tdomain: Found domain "udp" from specifier "udp"
tdomain: trying domain "udp" address "" default address ":161"
snmp_sess: opening transport: 20
snmp_sess_add: fd 6
snmp_sess_add: limiting session rcv size (2147483647) to transport max (65507)
snmp_sess_add: limiting session snd size (2147483647) to transport max (65507)
NET-SNMP version 5.9

I'm using the generic Debian 11 snmpd distribution

# dpkg -l snmpd
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version            Architecture Description
+++-==============-==================-============-================================================
ii  snmpd          5.9+dfsg-4+deb11u1 amd64        SNMP (Simple Network Management Protocol) agents

Re: snmpwalk v3 returns timeout whilst v1 works just fine.

[Mariano E. <mar...@gm...>]

Disregard, it was the -n (context) switch, removed it and it worked!

On Wed, Mar 6, 2024 at 10:16 PM Mariano Eduardo <mar...@gm...>
wrote:

>
> *NET-SNMP version:  5.6.2.1*
> *OS: MacOS Catalina*
>
>
> Hello everyone! So given the subject of this email, I believe the issue
> lies in the authentication settings most likely?
>
> I'm simply running sudo snmpwalk -v3 -t 10 -u testuser -a MD5 -A
> password123 -l authNoPriv -n v3context -x DES 127.0.0.1 system
>
> only to receive the following error:
>
> sess_process_packet: resending message id#1238060702 reqid#1528862053
> rp_reqid#1528862053 rp_msgid#1238060702 len 141
> transport:send: 141 bytes to UDP: [127.0.0.1]:161->[0.0.0.0]:0
> trace: netsnmp_udpbase_send(): transports/snmpUDPBaseDomain.c, 333:
> netsnmp_udp: send 141 bytes from 0x7f9a4b809973 to UDP:
> [127.0.0.1]:161->[0.0.0.0]:0 on fd 3
> trace: snmp_sess_select_info2_flags(): snmp_api.c, 6328:
> sess_select: for all sessions: 3 (to in 1709773839.024516 sec)
> verbose:sess_select: timer due in 1.999962 sec
> verbose:sess_select: setting timer to 1.999962 sec, clear block (was 1)
> trace: snmp_synch_input(): snmp_client.c, 176:
> snmp_synch: Response (ReqID: 1528862053 - Cmd 161)
> Timeout: No Response from 127.0.0.1
>
>
> I've googled to no avail but I can't simply get to the bottom of this
> issue.
>
> At some point I've noticed something about the Engine-ID, I have no idea
> how to retrieve this (all attempts from Google examples returned the same
> timeout error).
>
> As you can see, I've also tried increasing the timeout period, but that
> did not work.
>
> Any points would be greatly appreciated!
>
>