How to Remote port monitoring using Wireshark

Remote port monitoring using Wireshark
Step 1: Need to create RSPAN VLAN

SW1(config)# vlan 900
SW1(config-vlan)# remote span
SW1(config-vlan)# end
SW3(config)# vlan 900
SW3(config-vlan)# remote span
SW3(config-vlan)# end

-          The RSPAN Vlan needs to exist in the Vlan database of the source switch, the destination switch and all switches in the transit path between them. It also needs to be allowed on all Trunk ports between the source and destination switches.
-          The RSPAN VLAN cannot be VLAN 1 (the default VLAN) or VLAN IDs 1002 through 1005 (reserved for Token Ring and FDDI VLANs).

Need to configure the following commands on the switch which has the Internet port:

#no monitor session 1
#monitor session 1 source interface fastethernet 0/1
#monitor session 1 destination remote vlan 900

The source interface above will be your Internet port that you need to monitor and the Vlan ID for the remote VLAN will be your newly created RSPAN Vlan.

Then on the destination switch, i.e. the one you have the host who needs to see the packets:

#no monitor session 1
#monitor session 1 source remote vlan 900
#monitor session 1 destination interface fastethernet 0/10

The source Vlan will be the RSPAN Vlan and the destination interface will be the port that you want to output your packets to.

#Show monitor 1


Cisco Anyconnect Error : “The AnyConnect package on the secure gateway could not be located.“

Error: Cisco AnyConnect VPN Client The AnyConnect package on the secure gateway could not be located. You may be experiencing network connectivity issues. Please try connecting again.

Solution :

You have to upload or locate Anyconnect .pkg file on the ASA.

1. Login to ASA via CLI and in config mode give below commands

 enable outside
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 

Note : You need to upload the appropriate .pkg file to ASA before giving above command .You can also check the anyconnect pkg file in ASA using #show disk0: command

 asa1/act/pri# show disk0:
--#--  --length--  -----date/time------  path
   175  6487517     May 22 2014 12:49:30  anyconnect-macosx-i386-2.5.2014-k9.pkg
  176  6689498     May 22 2014 12:49:30  anyconnect-linux-2.5.2014-k9.pkg
  177  4678691     May 22 2014 12:49:32  anyconnect-win-2.5.2014-k9.pkg
   179  38191104    Feb 03 2016 16:34:36  asa912-smp-k8.bin
   184  23374256    Feb 21 2016 10:42:28  asdm-716.bin
  191  69285888    May 19 2016 13:29:32  asa942-smp-k8.bin
  192  18989375    May 22 2016 10:49:54  anyconnect-win-4.2.00096-k9.pkg <-- This file is used in this example
  193  25819140    May 23 2016 12:23:32  asdm-761.bin
  196  84805632    Aug 17 2017 10:49:16  asa963-1-smp-k8.bin
  197  26916144    Aug 17 2017 10:50:26  asdm-781-150.bin

2. To verify
Do a "show run webvpn" on your ASA to check the above.

asa1/act/pri# sh run webvpn
 enable outside
 anyconnect image disk0:/anyconnect-win-4.2.00096-k9.pkg 1
 anyconnect enable

Save the configuration and try to login again using the anyconnect

Upgrade OS in Palo alto

STEP 1 Take Backup 

1. Select Device > Setup > Operations and Export "Export named configuration snapshot."
2. Select the XML file that contains your running configuration (for example, running-config.xml) and click OK to export the configuration file.
3. Save the exported file to a location external to the firewall. You can use this backup to restore the configuration if you have problems with the upgrade.

STEP 2 : Make sure the firewall is running content release needed for the installation of required OS 

1.Select Device > Dynamic Updates.
2.If the firewall is not running the minimum required update, Check Now to retrieve a list of available updates.
4.Locate and Download the appropriate update.
5.After the download completes, Install the update.

STEP 3: Determine the upgrade path.

1.Select Device > Software > Check now for the latest update
2.Locate and Download the version to which you intend to upgrade.
3.After the download completes, Install the update.
4.After the installation successfully completes, reboot using one of the following methods:
If you are prompted to reboot, click Yes.
If you are not prompted to reboot, select Device > Setup > Operations and Reboot Device (Device Operations section).

NOTE : You cannot skip installation of any major releases in the path to your target PAN-OS version. Therefore, if you intend to upgrade to a version that is more than one major release away, you must still download, install, and reboot the firewall for each intermediate major release along the upgrade path.

For example, if you want to upgrade from PAN-OS 6.0.11 to PAN-OS 7.1.5, you must:

Download and install PAN-OS 6.1.0 and reboot.
Download and install PAN-OS 7.0.1 and reboot (7.0.1 is the base image for the 7.0 release, not 7.0.0).
Download PAN-OS 7.1.0 (you do not need to install it).
Download and install PAN-OS 7.1.5 and reboot.

STEP 4: Verify that the firewall is passing traffic. Select Monitor > Session Browser.

Firepower 9300 - Initial configuration

Configure for Firepower Management

Below steps are for booting up Firepower 9300 for the first time

- Connect to the Firepower 9300 CLI using and complete the system configuration as prompted

Enter the setup mode; setup newly or restore from backup. (setup/restore) ? setup
You have chosen to setup a new Security Appliance. Continue? (y/n): y
Enforce strong password? (y/n): n
Enter the password for “admin”: <new password>
Confirm the password for “admin”: <repeat password>
Enter the system name: 9300FPR1
Physical Switch Mgmt0 IP address :
Physical Switch Mgmt0 IPv4 netmask :
IPv4 address of default gateway :
Configure the DNS Server IP address? (yes/no) [n]: n
Configure the default domain name? (yes/no) [n]: n

Following configurations will be applied:
Switch Fabic=A
System Name=9300FPR1
Enforced Strong Password=no
Physical Switch Mgmt0 IP Address=
Physical Switch Mgmt0 IP Netmask=
Default Gateway=
Ipv6 value=0

Apply and save the configuration (select ‘n’ if you want to re-enter)? (yes/no): yes
Applying configuration. Please wait.

Launch the Firepower Chassis Manager Web Interface from browser using https://<chassis_mgmt_ip_address> [This is the IP address of the Firepower 9300 that you entered during initial configuration] and login

If you have more than one chassis configure it in the same way using different management IP address.

Factory Reset PaloAlto

Factory Reset PaloAlto


Connect to console port of PaloAlto device using Putty

Power on to reboot the device.
During the boot sequence, the screen should look like this:

Type maint to enter maintenance mode.

you will see a "CHOOSE PANOS" screen with the following options: PANOS (maint-other), PANOS (maint) or PANOS (sysroot0).
Please choose PANOS (maint). Press enter to continue.

Once in maintenance mode, the following is displayed, please press enter to Continue:

Arrow down to Factory Reset and press Enter to display the menu:

You will see the Image that will be used to perform the factory reset. Select Factory Reset and press Enter again:

Choose and select reboot when factory reset process is success.

NOTE: Please note that once reboot is complete you have to wait around 15 minutes login with default credentials in CLI .If you try immediately with default credentials it will be showing invalid please wait...

default username : admin
default password : admin

You can verify everything is set to default by logging to web portal using the default credentials