BLOG
NSX-V API rollback dFW
https://kb.vmware.com/s/article/2079620 Get configcurl -u admin:default -H "Accept: application/octet-stream" -X GET -k https://NSX_Manager_IP/api/4.0/firewall/globalroot-0/config Deletecurl -u admin:default -H "Accept: application/octet-stream" -X DELETE -k...
VRNI CLI commands
show configchange-network-settings (DNS, GW, domain)ntp set --ip-fqdn "1.2.3.4" (NTP server)set-proxy-shared-secret (reset shared secret)
Add syslog to NSX
on each host add Firewall rules to allow syslogesxcli network firewall ruleset set --ruleset-id=syslog --enabled true esxcli network firewall refresh esxcli system syslog config set --loghost='udp://10.11.12.13:514' esxcli system syslog reload and make sure the...
Checkpoint Hitcount not increasing
fw ctl set int fw_rules_uid_max_dic_entries 1048575and in CMA'Policy' menu - click on 'Global Properties...' - click on 'SmartDashboard Customization' pane - click on 'Configure... ' button at the bottom - open 'FireWall-1' - click on 'General' paneCheck the...
Change broadcast address when more than 1 cluster on same VLAN
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk36055&partition=Advanced&product=VSX Example to set =I?ve set magic value to 51 on both Firewall vi $FWDIR/boot/modules/fwkern.conffwha_mac_magic=51...
Checkpoint find top talkers
find top talkerstcpdump -tnn -c 20000 -i wrp1024 | awk -F "." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr | awk ' $1 > 100 '