NGX III R65 Errata

Preface

§ p.2 - "Working knowledge of Windows and/ UNIX" should read "Working knowledge of Windows and/or Unix"

§ p.9 - needs to include service "snmp" in rule 2 for upcoming SNMP lab to work correctly

§ p.15 - "Use fw and fw advanced commands..." should read "Use fw and fwm advanced commands..."

§ p.17 - "Chapter 11..." should read "Chapter 12..."

Chapter 1 - General Troubleshooting

§ Pg 29, last line on page states that the Initial Policy is never used again once a policy is pushed from the SCS. This is only true if you do not reset SIC. The Initial Policy is used again if SIC is reset on the Gateway.

§ Pg 30, Note at the top of the page – “Default filter” should be “Initial Policy”

§ p. 31 - "that need to communicate with one-another." should read "that need to communicate with one another."

§ Pg 38, Exclamation point note – should read “a SIC reset refers to forcing the ICA on the SmartCenter Server to update the CRL(,) so that the specific gateways certicate can be revoked.

§ p. 39 - "…SIC Established..." should read "…Trust Established..."

§ Pg 43, Typo in diagram, step 5 – “thje” should be “the”.

§ Pg 43, step 2 in diagram – “source” should be “destination” and the word “Illegal” should be replaced with “Non-Routable”

§ Pg 60, describes how to create a file in vi and edit the 1st line, but does not discuss how to save it. Add text: Type à Esc then :wq! To save the file

§ p. 60, #2 - "touch scpusers" should probably read "touch /etc/scpusers" for non-UNIX people who got confused here

§ p. 60, #3 - "vi scpusers" should probably read "vi /etc/scpusers" for non-UNIX people who got confused here

Chapter 2 – Network Monitoring

§ Pg 75, 4th line – Command should be fw tab –t connections –f

§ Pg 76, 2nd paragraph from the bottom – Should read “If a Gateway is heavily loaded, and the peak is exceeding 25,000, packets have probably been lost”.

§ Pg 78, Last paragraph – Should read “In this example, the initial memory allocated was approximately 20MB,”

§ Pg 82, 1st paragraph – “2640” should be “2620”

§ Pg 88, 2nd paragraph – “2640” should be “2620”

§ Pg 90 – Numbered bullets start at 3. Should be 1 – 9 not 3 – 11.

§ p. 90 - numbering 3-8 should be 1-6

§ Pg 92, The term “fire” should read “webrome”.

§ Pg 94, After step 4 – May be a good idea to list editing instructions.

§ p. 94, #4 - "citysiteabc" should be "citysite123" on both lines to agree with rest of lab

§ Pg 95, Bullet #7 – “proess list” should be “process list”

§ p. 96 #1 - "snmpd" should be "snmpwalk"

§ p.96, #2 - line wrapping of snmpwalk command is causing confusion - need to articulate that there is a space between "localhost" and ".1.3.6..." as not putting a space there causes a strange result (but not outright failure) when command is run

§ Pg 110, 1st paragraph – “TLoriotvided to you” should read “The install is provided to you”

§ Pg 110, Bullet 3 – Should be two spaces between “ok” and “period (.)”. Should read “click ok. In the”

§ p. 111, #5 - need to mention that the student needs to browse for then actually compile the MIB as well

§ p. 113 #1 - "Double-click fwyourcity..." needs to be "Double-click fwyourcity under Local Network..." as there are actually two instances of fwyourcity discovered in Loriot Pro, one on the 172 net and the other on the 10 net (Local Network). Double-clicking the one under 172 does not bring up the router view, it brings up a config screen

§ p. 117 #1 - "Click on edit and change the Policy Install to snmptrap." needs to be "Click on edit and change both Firewall-1 Policy and Firewall-1 Policy Install Time to snmptrap."

Chapter 3 – Disaster Recovery

§ Pg 128, Note: paragraph – Command “fw logrepair” should be in bold or quotes.

§ Pg 133, 1st paragraph after “Restore from cpinfo” – There is no mention that the file “fwauth.NDB” can be restored from running a cpinfo, as later described in the book.

§ Pg 133, bottom page, bullet # 3 – “rulebases_5_0.C” should be “rulebases_5_0.fws”.

§ p 133, #3 - "rulebases_5_0.C" should be "rulebases_5_0.fws"

§ p. 144 #3 - "rulebases_5_0.C" should be "rulebases_5_0.fws"

Chapter 4 – Troubleshooting Utilities

§ Pg 149 – Should describe how to run and gzip cpinfo in SPLAT, only describes UNIX.

§ Pg 168, In the second check note: - “cp_mergecp_merge” should be “cp_merge”

§ p. 168 in 2nd grey box - "cp_mergecp_merge" should be "cp_merge"

§ Pg 170, bullet #6 – Need a close bracket [ ) ] after the word “directory”, line should read “(in the SmartCenter Conf.directory) is:

§ p.172, #1 - "-c" should not be line wrapped and cut in half, put it on the same line to avoid confusion

§ p. 172 #2 - get rid of period at end of dbedit command sample

§ p. 175 - We had to uninstall the version of cpinfo that shipped with R65 (which actually appears to be the version for R55) and install the latest version of cpinfo to make the following labs work.

§ p. 185 #1 - "from the SmartCenter Server." should read “from the SmartCenter Server in InfoView."

§ p. 185, #6 - this did not work in our classroom, we got a "failed to open database" error and could not figure out how to fix it. Looks like this got broke in R65 because I remember it working properly under R60.

§ p. 188 #2 - screenshot shows viewing the csv file in Excel; probably should show it in Wordpad instead as most ATCs do not have Excel installed. Excel Viewer can't view csv files either.

§ p. 188, #4 - "-u adm" should be "-u fwadmin" which is the standard GUI login credential in the courseware

§ p. 189, #1 - "...policy named pixpo1 and..." should be "...policy named pixpol and..."

§ p. 189 #1 - "-pixpol" should be "-p pixpol". The command will run without error including the typo but not actually import the policy like it should; quite frustrating to figure out

§ p. 189, #2 - "pix.csv" should be "rules.csv" based on the last step.

§ p. 189 #2 - same as p. 188, #2

§ p. 190 #3 - same as p. 189, #1

§ p. 190, #4 - "-u admin" should be "-u fwadmin" to be consistent with standard credentials

§ p. 190, #5 - "View the rules in SmartCenter Server" should be "View the rules in the pixpol Policy Package on the SmartCenter Server" so the student knows they need to do a "File...Open" to actually see the imported policy.

Chapter 5 – Protocol Analyzers

§ Pg 198, in the grid, in Row “dir” – “dust” should be “dst”

§ p. 223 in grey box – there should not be a space between "dst=" and "100.100.100.1" as it will cause a syntax issue in Wireshark

§ Pg 226 – Missing steps to get “fw chain” column to show up in Wireshark. Steps should include the following:
Next, go to “User interface > Columns”
Click “New” button under Edit, Enter “Fw Chain” in the field and select “FW-1 monitor if/direction” from the “Format” dropdown menu.
Move “Fw Chain” up in order by selecting it and clicking the “Up” button. This should move the “Fw Chain” column between the “Protocol” and “Info” columns.

§ p. 235, #1 - "Start fw monitor..." should probably be "Start fw monitor on fwyourcity..."

§ p. 235, #3 - This step does not make sense. It should only be executed in lieu of step #2 if webdallas is not available. My suggestion is to include this step within the grey box above it that discusses webdallas not being available

§ p.238 #5 - It would be best to make the address 172.21.101.3 -> 172.2x.10x.3 instead so the student knows to fill in the blanks for their city site.

§ p. 238 #6 - This route’s next hop does not work correctly as stated. This step should read "Enter the private IP address for webyourcity, for example, 10.x.x.10x".

Chapter 6 NGX kernel debugging

§ p. 244 #3 - Instead of "...fw monitor captures data on layers 2 and 3..." should read "...fw monitor captures data between layers 2 and 3..."

§ p. 250 table at bottom of page - Maximum buffer size is now 32MB, used to be 8MB.

§ Pg 251, Step 2 – Should be “–buff” to set the buffer size, not “-f”

§ p. 251 #5 - "fw ctl debug 0 or x" should be "fw ctl debug 0 or -x"

§ Pg 253, First cell under “Situation” column – “problesm” should be “problems”
p. 253 at bottom - "fw ctl debug -0" should be "fw ctl debug 0"

§ p. 263 bottom - "fw -t sam_blocked_ips -f" should be "fw tab -t sam_blocked_ips -f"

§ Pg 263, 2nd paragraph from the bottom – missing “tab” in command “fw tab –t sam_blocked_ips -f”

§ p. 267 - may want to mention here you can also perform the equivalent of a fetchlogs in the SmartView Tracker under the "Tools...Remote File Management" menu.

§ Pg 269, Exclamation Note: - Additional administrators must be created in Dashboard not cpconfig.

§ p. 269, top - Pretty sure the header "fw fwm" should just be "fwm"

§ Pg 281, 1st paragraph, 5th line – command should be “fwm dbexport | dbimport” not “fw”.

§ Pg 284, Last bullet on page – “ccan” should be “can”

§ p. 284, bottom - "ccan" should be "can"

Chapter 7 – User-level process debugging

§ Pg 287, End of 1st paragraph – “proceses” should be “processes”.

§ Pg 290, 1st paragraph, 3rd line – “proess” should be “process”

§ Pg 294, in question, 2nd line – Should read “Security Gateway to be managed by this SmartCenter Server.”

§ Pg 294, Last paragraph, 2nd line – Should read “check to see if logs are going to the statically natted IP”.

§ p. 297, bottom - "fw m" should be "fwm"

§ Pg 299, Bullet #3 – This looks incomplete. “Run .”

§ Pg 303, 1st line – On Windows and SPLAT, cpd.pid file is located in $CPDIR not $FWDIR. Verified

§ p. 310 #1 under "Debug the SmartCenter Server" - "$FWDIR/tmp" should be "$CPDIR/tmp" as that's where cpd actually leaves a pid file

§ p. 312 - We had problems shutting off debugging in fwm as shown in the book which resulted in slow policy installations and numerous debug warnings when installing the policy. Finally we executed a cpstop followed by a cpstart and it finally shut up.

Chapter 8 – Security Servers

§ p. 320, screenshot - display of the fw chain inspection points referred to below are missing

§ Pg 320 & 321 – Screen shots of packet analyzer should be accurate to what the text says. At this time, the Fw Chain column is not included so you can see indicators (i, I, o, O) of the packets entry and exit of the Gateway Kernels as the text describes. Also, the IP address noted in the text of 64.233.167.104 for www.google.com, has changed to 64.233.167.99.

§ Pg 329 & 330, Bullets a – e - need to end with a period (.).

§ Pg 321 – The sentence “Only the SMTP Security Server is non-transparent by default.” may cause confusion with the following sentence, “In other words…”The sentence beginning “In other words…, is referring to transparent connections, the default behavior of HTTP, FTP and TELNET security server.

§ Pg 331, last paragraph – “TDERRROR_*_*” should be “TDERROR_*_*”. Too many Rs.

§ p. 332, top (twice) - "To enable debugging all platforms..." should be "To enable debugging on all platforms..."

Chapter 9 – VPN Debugging tools

§ Pg 361, “vpn debug trunk” paragraph, 2nd line - The word “empties” should be replaced with “overwrites”.

§ Pg 367, 4th row under Resolution column, line 4. – “Used” should be “Use”.

§ Pg 370, 1st line – “fwome” should be “fwrome”

§ Pg 373, Step 5 should be re-word and a correction made (“on on”) – Step 5 should read “In the Meshed Community Properties, under Advanced Settings, select Advanced VPN Properties. Check the option to Disable NAT inside the VPN community”.

§ p. 379 #4 - "Open the IKE Debug" should read "Transfer the ike debug file to the SmartCenter and open with IkeView"

§ p. 382 #1 - In order to successfully run the fw monitor command in this step, the student must do it from the firewall console. Trying to run this fw monitor command through a SSH session results in thousands of SSH packets cluttering up the fw monitor output. Alternatively the fw monitor expression can be rewritten to accept all except port 22.

Chapter 10 – Debugging Remote Access

§ p. 396, bottom - "Ethereal" should be "Wireshark"

§ Pg 402, 2nd paragraph, last line – “so need for interface…” should be “so the need for interface…”

§ Pg 407, 1st paragraph, 2nd line – remove comma (,) after “Topology”.

§ Pg 415, fix bullets and complete bullet entries.

§ p. 427, table (twice) - "Window" should be "Windows"

§ p. 431 - May want to tell students to disable their site-to-site VPNs on this page by removing all gateways from the MyIntranet VPN community so it does not possibly interfere with the Remote Access lab

§ p. 435, #1 - "VPN Manager Tab" should be "VPN Tab"

§ p. 438 top - There needs to be a BIG warning here that students need to correctly answer the prompts served by EndPoint Security w/ VPN after the reboot with either "Trusted Zone" or "Allow/Remember". Ignoring them and/or answering them incorrectly will result in the Endpoint security client blocking the traffic that the student is trying to initiate during this lab for VPN testing. This can be quite difficult to troubleshoot since the endpoint security client does not notify the user when it blocks something. Alternatively you could tell the student to disable the Endpoint Security firewall after the reboot to make sure this doesn't happen.

§ p. 439, #2 - "...is enabled" should read "...is enabled on the Remote Access screen". I had several students get stuck here trying to figure out where the checkbox in #2's screenshot is located.