Net Worker World

1. Disk manager    df-h  root@ FTD67 :/# df -h Filesystem      Size  Used Avail Use% Mounted on rootfs          3.9G  398M  3.5G  11% / devtmpfs        3.9G   12M  3.9G   1% /dev tmpfs           3.9G  1.1M  3.9G   1% /run tmpfs           3.9G  220K  3.9G   1% /var/volatile /dev/sda1       510M  253M  258M  50% /mnt/boot /dev/sda2       8.0G   80M  8.0G   1% /mnt/disk0 /dev/sda6       3.8G  574M  3.1G  16% /ngfw /dev/sda8        28G  6.0G   21G  23% /ngfw/Volume tmpfs           3.9G     0  3.9G   0% /dev/cgroups admin@ fmc724 :~$ df -h Filesystem      Size  Used Avail Use% Mounted on /dev/sda5       3.7G  1.5G  2.0G  44% / none             16G     0   16G   0% /dev /dev/sda1        87M   16M   64M  20% /boot /dev/sda7       237G   21G  205G  10% /Volume none             16G  128K   16G   1% /dev/shm tmpfs            16G     0   16G   0% /sys/fs/cgroup tmpfs            16G     0   16G   0% /sys/fs/cgroup/pm admin@fmc724:~$ admin@ ftd724 :~$ df -h Filesystem      Size  Used Avail Use% Mou

 1. Device > Certificate Management >  Certificates > Device Certificates , click Generate 2 . Click "Export Certificate" to download CSR file                                                                                                                     3. Submit and Download Base 64 encoded certificate 4. Device > Certificate Management >  Certificates > Device Certificates , import the certificate Note this certificate has key but no CA. 5.   Device > Certificate Management > SSL/TLS Service Profile, add a new profile 6. Device > Setup > Management > General Settings , specify  SSL/TLS Service Profile ============== SSL Decryption Certificate 1. Import internal root CA, mark it as trusted Root CA 2. Generate CSR for Forward-Trust-Cert, export it, request a cert from internal CA, import the cert. Mark it as Forward Trust Certificate 3. Generate a self signed Forward-Untrusted-Cert     Make sure "Certificate Authority" is checke

Capture on management interface tcpdump filter "host 192.168.1.254" view-pcap mgmt-pcap mgmt.pcap scp export mgmt-pcap from mgmt.pcap to admin@192.168.1.1:/  1. Concept Basic deployment vs Distributed Deployment Mode: Panorama mode Log Collector mode Management only mode 2. Deployment Select Thick Provision Lazy Zeroed as the disk format. Wait for login prompt Panorama login:  2.1 Old Way: Register the Panorama Serial Number in CSP.  For VM, Serial number is in the email: In Support Portal Devices list, register received  Panorama Serial Number/Authcode,  if VM doesn't have Internet connection, click the Action to download key, then in Panorama license page, click.      Manually upload license key if Panorama has Internet connection:      1. VM only:      Select  Panorama> Setup> Management  and edit the General Settings.      Enter the Panorama  Serial Number  (included in the order fulfillment email) and click  OK .      2. In license page, click          Retriev