Thursday, March 28, 2024

Broadcom (Symantec) SEP 14.3 RU6 bug cause Linux hang up

Error log: sisap_uc_uevent: fp was DELETED xxxxxxxxxxxxxxxxx, pid xxxx, fid xxxxxx leaving with ret=1, waiting=63, nsq=0, wait_scan=54, filename=noname 

Issue: After upgrading the Endpoint Protection client to 14.3 RU6 (14.3.2509.6000), Linux machines running the agent may get into a hung state. In the /var/log/messages file, you will see the following types of error messages: sisap_uc_uevent: fp was DELETED 

Affected and matched to our current running SEP version: Symantec Endpoint Protection (SEPM) 14.3.2509.6000 

Resolution: Upgrade the agent to the latest version (14.3.2529.6000 or later). 


If you plan to upgrade to 14.3 RU8 to resolve this issue.
Before you upgrade to 14.3 RU8,
you need to check the Kernel version is it on support list.
https://linux-repo.us.securitycloud.symantec.com/SAL/1.3/seplinux_supported_kernels.html
After the upgrade, you should to follow the following steps to check:
(A scheduled downtime is required)
Symantec_SEP_(DC_2.0).pdf (hicloud.net.tw)

Print Friendly and PDF
Share/Bookmark

Thursday, March 21, 2024

Tencent Cloud VPC firewall engine upgrade






It will take several minutes to complete the upgrade and network connect will be interruption.

Print Friendly and PDF
Share/Bookmark

Fortinet Fortigate Firewall Enable IPS

Under Security Profile -> Intrusion Prevention 


After the profile setting, you need to add into relative firewall rule to use this profile.

Reference:

Print Friendly and PDF
Share/Bookmark

Wednesday, March 13, 2024

Aruba AP running on 10.4.0.2 or above hit a horrible bug which is rebooted unexpectedly


Solution:
Upgrade to 10.4.1.0 or above.

Recommend to upgrade to 10.4.1.1 since 10.4.1.0 also have another reason to crashed and reboot unexpectedly.

Print Friendly and PDF
Share/Bookmark

Friday, March 8, 2024

Cisco Firepower Firewall 1000 series - ASA code and FTD code relationship


On 1000 series, it is support either ASA Code or FTD code only.

In appliance mode, the hardware is configured in ASA CLI. 
In platform mode, the hardware is configured in FXOS CLI.

Print Friendly and PDF
Share/Bookmark

H3C Security Management Platform - Firewall Management like Fortimanager

The H3C Security Management Platform running on H3Linux―H3C proprietary Linux operating system

H3Linux是基于CentOS进行封装的,所以安装过程和CentOS基本一致(CentOS操作系统最小化安装部署)


Print Friendly and PDF
Share/Bookmark

Hillstone A Series NGFW Highlight and resource

Hillstone A Series NGFW Highlight
  • High performance
  • Full security protection
  • SD-WAN ready
  • ZTNA ready
  • Twin-mode for Active-Active data center
  • Load balancing(Link, server)
  • Advance Qos(iQOS)
  • Intelligent Threat Detection in Encrypted Traffic Without Decryption
  • ML-based Food Protection Baseline Establishment
  • Smart policy operation(policy auto-learning, policy auditing, policy hit analysis, redundancy check, log visibility, hotfix support)
FAQ
Does Hillstone provide a centralized management system?
Yes, HSM (Hillstone Security Management) centrally controls and manages multiple Hillstone devices in the network, providing the below capabilities
NGFW Manager - This module provides basic O&M management for firewalls, including:
Status Monitor: View the online status and HA status of devices;
Configuration Deployment: Manage security policies and destination-based routes for devices;
O&M Management: Implement device image update, signature database update, and configuration file management.
Policy Analyzer - To solve security policy review issues for multiple devices, Policy Analyzer of HSM can be used as a visual management platform. This platform helps you review the security policies of multiple devices, finds abnormal policies or non-compliant policies, and then provides a detailed analysis report.
How Hillstone integrates with CyberArk?
Hillstone HSM and NGFW support AAA servers such as the Radius server or LDAP server. CyberArk can integrate with the AAA server for privileged account management and password management for Hillstone HSM and NGFW.
Does Hillstone's default routing administrative distances align with Cisco or Huawei?
Hillstone default routing administrative distances aligns with Cisco.

Hillstone NGFW model supports 10G IPsec VPN
Hillstone NGFW SG-6000-A3800-IN provides IPsec VPN throughput of 12 Gbps and two SFP+ interfaces.
How does Hillstone handle when some interface's traffic almost reaches or exceeds the maximum bandwidth of the link?
Hillstone supports shaping mode and policing mode for traffic control when traffic excessed. With shaping mode, traffic shaping retains the excessed packets in a queue and then schedules the excessed traffic by increasing the latency. While with policing mode, the system will drop the traffic that exceeds the bandwidth limit.

Resource (please create an account to log in)
Hillstone Official Website
Hillstone User Center
Technical Documentation
Knowledge Base
Software Download
Hillstone StoneOS 5.5R10 Documentation

Print Friendly and PDF
Share/Bookmark