Firepower 9300 - Changing the Management IP Address of Firepower Chassis

Changing the Management IP Address

Step 1   Connect to the FXOS CLI using putty
Step 2   To configure an IPv4 management IP address:

Set the scope for fabric-interconnect a:

Firepower-chassis# scope fabric-interconnect a

To view the current management IP address, enter the following command:

Firepower-chassis /fabric-interconnect # show

Enter the following command to configure a new management IP address and gateway:

Firepower-chassis /fabric-interconnect # set out-of-band ip 10.x.x.x netmask gw 10.x.x.x

Commit the transaction to the system configuration:

Firepower-chassis /fabric-interconnect* # commit-buffer

Firepower 9300 - Setting the Date and Time on Firepower Chassis Manager

Setting the Date and Time using NTP server

Step 1   Choose Platform Settings > NTP.
Step 2   Under Set Time Source, click Use NTP Server and then enter the IP address or hostname of the NTP server you want to use in the NTP Server field.
Step 3   Click Save.

Setting the Date and Time Manually

Step 1   Choose Platform Settings > NTP.
Step 2   Under Set Time Source, click Set Time Manually.
Step 3   Click the Date/Hour/Time drop-down list and set the time
Step 4   Click Save.

You can click Get System Time to set the date and time to match what is configured on the computer you are using to connect to the Firepower Chassis Manager.

For both NTP and manual setting, If you modify the system time by more than 10 minutes, the system will log you out and you will need to log in to the Firepower Chassis Manager again.


Register and activate licenses in Palo Alto firewall

Register the Firewall

STEP 1 Log in to the web interface of the firewall (https://<IP address>)
STEP 2 copy serial number of device from the General Information section of the Dashboard screen

STEP 3 Go to
STEP 4 Register and verify the email 

Note : To register, you must provide your sales order number or customer ID, and the serial number of your firewall (which you can paste from your clipboard) or the authorization code you received with your order. You will also be prompted to set up a username and password for access to the Palo Alto Networks support community.
STEP 5 : Once email is verified,login to using the email address and password
STEP 6 : You will be prompted to choose two security questions and answers to use if you forget the password.
STEP 7 : Register new device by going to Asset tab > Devices > Register new device and fill the details needed

Activate Licenses and Subscriptions

STEP 1 : Locate the activation codes for the licenses you purchased from the registered email address you have provided while purchasing device.If you cannot locate this email, contact customer support to obtain your activation codes before you proceed.
STEP 2 : Launch the web interface and go to Device > Licenses
STEP 3 : Activate each license you purchased either by following method
Retrieve license keys from license server —Use this option if you activated your license on the support portal. 

Activate feature using authorization code —Use this option to enable purchased subscriptions using an authorization code for licenses that have not been previously activated on the support portal. When prompted, enter the Authorization Code and then click OK.

Manually upload license key —Use this option if your device does not connected to internet. In this case, you must download a license key file from the support site on an Internet connected computer and then upload to the device.
STEP 4 : Verify that the license was successfully activated from Device > Licenses .You can see the issue and expiry date of the licenses here once its activated
STEP 5 : (WildFire subscriptions only) Perform a commit to complete WildFire subscription activation.


Different types of Attacks in Network security

Denial-of-Service (DoS) Attacks
A DoS attack focuses on disrupting the service to a network. Attackers send high volumes of data or traffic through the network until the network becomes overloaded and can no longer function.

Distributed-denial-of-service (DDoS) attack. This involves the attacker using multiple computers to send the traffic or data that will overload the system. In many instances, a person may not even realize that his or her computer has been hijacked and is contributing to the DDoS attack.

 An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.

MiTM (Man in the middle) attacks
The man-in-the middle attack intercepts a communication between two systems. In this attack an hacker captures data from middle of transmission and changes it, then send it again to the destination. Receiving person thinks that this message came from original source and reply back 

Brute force attack is a trial and error method used by application programs to decode encrypted data such as passwords or PIN .Brute force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization's network security. A brute force attack may also be referred to as brute force cracking.

Spoof attack
In this kind of attack an hacker changes the sources address of packet so receiver assumes that packet comes from someone else. This technique is typically used to bypass the firewall rules.

Ping sweep attack
In this attack an attacker pings all possible IP addresses on a subnet to find out which hosts are up. Once he finds an up system, he tries to scan the listening ports. From listing ports he can learn about the type of services running on that system. Once he figures out the services, he can try to exploit the vulnerabilities associated with those services.

Phishing Attack
In this attack an hacker creates fake email address or website which looks like a reputed mail address or popular site. These emails contain convincing message, some time with a link that leads to a fake site. This fake site looks exactly same as original site. Without knowing the truth user tries to log on with their account information, hacker records this authentication information and uses it on real site.

Passive attack
In this attack an hacker deploys a sniffer tool and waits for sensitive information to be captured. This information can be used for other types of attacks. It includes packet sniffer tools, traffic analysis software, filtering clear text passwords from unencrypted traffic and seeking authentication information from unprotected communication. Once an hacker found  information he needed, it will be used without the knowledge of the user.

Active Attack
In this attack an hacker does not wait for any sensitive or authentication information. He actively tries to break or bypass the secured systems. It includes viruses, worms, trojan horses, stealing login information, inserting malicious code and penetrating network backbone. Active attacks are the most dangerous in natures. It results in disclosing sensitive information, modification of data or complete data lost.

BlackNurse attack or the low-rate "Ping of Death" attack, the technique can be used to launch several low-volume DoS attacks by sending specially formed Internet Control Message Protocol (ICMP) packets, or 'pings' that overwhelm the processors on server protected by firewalls from Cisco, Palo Alto Networks, among others. 

Above list is not a complete .This will be updating periodically....Please let me know if i miss anything important

Reset admin password in Cisco ISE in CLI (Vmware)

There will be occasions that you forget the admin password or you got locked out and the only option option left is to reset the admin password.Follow below steps to reset your password 

NOTE : Below steps were tried on ISE 1.3

Recommended : For safety I prefer to take a VM snapshot before proceeding.

To take a Snapshot in the vSphere Client

1. Right click on the  Virtual Machine and choose option  Snapshot > Take Snapshot.
2. Type a name for the snapshot.
3. Type a description for the snapshot.
Adding a date and time or a description, for example, "Snapshot before applying XYZ patch," can help you determine which snapshot to restore or delete.
4.Click OK

Revert to a Snapshot in the vSphere Client

1.Right-click a virtual machine in the vSphere Client inventory and select Revert to Current Snapshot.

Password Recovery for ISE virtual machine

Step 1. Download  the ISO file of the current ISE version form Cisco software download site and upload it to the virtual machine's datastore.
Step 2. Power off  the virtual machine.
Step 3. Right Click ISE VM from the list and select Edit settings.
Step 4. In the virtual Machine properties window, navigate to  Hardware > CD/DVD, then select option Datastore ISO file and click on browse to the ISE version ISO under datastore ISO file.
Step 5. Click Connect At Power On  option.
Step 6. Navigate to Options tab in the same virtual machine properties window> go to Boot options, enable the option for FORCE BIOS Setup [The next time the virtual machine boots,force entry to bios setup screen and Click Ok. [Or you can press F2 or F12 continously while booting]
Step 7. Power on the VM and open VM console.
Step 8. You get a BIOS prompt.
Step 9. Change the order of CD-ROM Drive to be before the hard drive. [You can change the setting using + or - keys] and hit F10 to save the settings 

Step 10. On the next screen you get the options, as shown in this image.
Step 11. Select Option 3. You are prompted on this screen.

Select Option 1 for username admin and enter new password.

After successful password reset. it redirects you to the prompt shown in Step 10
Step 12. Click Enter in order to boot the ISE from existing hard disk.
Step 13. (Optional). You can redo steps 6-8  in order to restore the boot order to the hard drive as first option after successful password recovery in order to avoid  entering the  admin password recovery prompt every time a user access ISE VM console.

While doing the password recovery once we faced a situation that we didnt see the option to in step 11 [Select Option 1 for username admin and enter new password.].We tried to reboot again and was not getting option to reset admin password.Instead of that it was asking to set a new username and password.Even you enter a new username and password ,ISE used to get stuck in the loading screen in VMconsole.We restored the VMsnapshot and did the steps as per the procedure and we were able to