Unetlab Installation on ESXi

ESXi:
-check your CPU support virtualization
http://ark.intel.com/Products/VirtualizationTechnology

-check your hardware support virtualization
# esxcfg-info |grep “HV Support”
|—-HV Support……………………………………..3
|—-World Command Line……………………………grep HV Support
0 – VT/AMD-V indicates that support is not available for this hardware.
1 – VT/AMD-V indicates that VT or AMD-V might be available but it is not supported for this hardware.
2 – VT/AMD-V indicates that VT or AMD-V is available but is currently not enabled in the BIOS.
3 – VT/AMD-V indicates that VT or AMD-V is enabled in the BIOS and can be used.

-Edit the VM settings and go to VM settings > Options > CPUID mask > Advanced > Level 1, add the following CPU mask level
ECX —- —- —- —- —- —- –H- —-
NOTE: do above only if all else failed

-Edit the VM settings and go to VM settings > Options > CPU/MMU
Virtualization . Select
“Use Intel VT-x/AMD-V for instruction set virtualization and Intel EPT/AMD RVI for MMU virtualization”
Image

-vm hardware version must be version 9 or above
# vim-cmd vmsvc/getallvms
# vim-cmd vmsvc/upgrade unetlab-vmid vmx-09

-modify /etc/vmware/config
add in the last line then  logout and relogin from web gui
vhv.enable = “TRUE”
or better
modify /vmfs/volume/datastore1/UnetLab/UnetLab.vmx
add to the last line
vhv.enable = “TRUE”

-should show “nestedHVSupported true”
# vim-cmd vmsvc/get.capability 8

-test in ubuntu
# egrep -c ‘(vmx|svm)’ /proc/cpuinfo
the output should be 8

-to reconfigure network
# rm -f /opt/ovf/.configured
# exit
and login back

-if sometime you can’t login Web GUI, try this
# /etc/init.d/apache2 restart

Download Unetlab from: http://www.unetlab.com/download/
# apt-get update
# apt-get install unetlab

-to check unetlab version
# dpkg  -l unetlab

-to check what version are you running and what version is the freshest one
# cat /etc/apt/sources.list.d/unetlab.list
deb http://www.unetlab.com/apt trusty rrlabs
# apt-cache policy unetlab
unetlab:
Installed: 0.9.0-96
Candidate: 0.9.0-96
Version table:
*** 0.9.0-96 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
100 /var/lib/dpkg/status
0.9.0-94 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-92 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-88 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-76 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-70 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-68 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-54 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages

-Below is the reference node in UNL: “/opt/unetlab/html/includes/init.php”
‘a10’ => ‘A10 vThunder’,
‘clearpass’ => ‘Aruba ClearPass’,
‘timos’ => ‘Alcatel 7750 SR’,
‘veos’ => ‘Arista vEOS’,
‘brocadevadx’ => ‘Brocade vADX’,
‘cpsg’ => ‘CheckPoint Security Gateway VE’,
‘acs’ => ‘Cisco ACS’,
‘asa’ => ‘Cisco ASA’,
‘asav’ => ‘Cisco ASAv’,
‘bigip’ => ‘F5 BIG-IP LTM VE’,
‘cda’ => ‘Cisco Context Directory Agent’,
‘c1710’ => ‘Cisco IOS 1710 (Dynamips)’,
‘c3725’ => ‘Cisco IOS 3725 (Dynamips)’,
‘c7200’ => ‘Cisco IOS 7206VXR (Dynamips)’,
‘cips’ => ‘Cisco IPS’,
‘coeus’ => ‘Cisco Web Security Appliance’,
‘csr1000v’ => ‘Cisco CSR 1000V’,
‘cumulus’ => ‘Cumulus VX’,
‘esxi’ => ‘VMware ESXi’,
‘extremexos’ => ‘ExtremeXOS’,
‘fortinet’ => ‘Fortinet FortiGate’,
‘hpvsr’ => ‘HP VSR1000’,
‘iol’ => ‘Cisco IOL’,
‘ise’ => ‘Cisco ISE’,
‘linux’ => ‘Linux’,
‘mikrotik’ => ‘MikroTik RouterOS’,
‘nsvpx’ => ‘Citrix Netscaler’,
‘olive’ => ‘Juniper Olive’,
‘ostinato’ => ‘Ostinato’,
‘paloalto’ => ‘Palo Alto VM-100 Firewall’,
‘sourcefire’ => ‘Cisco Sourcefire’,
‘titanium’ => ‘Cisco NX-OSv (Titanium)’,
‘vios’ => ‘Cisco vIOS’,
‘viosl2’ => ‘Cisco vIOS L2’,
‘vmx’ => ‘Juniper vMX’,
‘vnam’ => ‘Cisco vNAM’,
‘vsrx’ => ‘Juniper vSRX’,
‘vsrxng’ => ‘Juniper vSRX Next Generation’,
‘vwlc’ => ‘Cisco vWLC’,
‘vwaas’ => ‘Cisco vWAAS’,
‘win’ => ‘Windows’
‘xrv’ => ‘Cisco XRv’,

Qemu folder name EVE
Vendor
Qemu image .qcow2 name
a10-
A10-vthunder
hda
acs-
ACS
hda
asa-
ASA ported
hda
asav-
ASAv
virtioa
barracuda-
Barracuda FW
hda
bigip-
F5
hda, hdb
brocadevadx-
Brocade
virtioa
cda-
Cisco CDA
hda
cips-
Cisco IPS
hda, hdb
clearpass-
Aruba ClearPass
hda, hdb
coeus-
Cisco WSA coeus
virtioa
phoebe-
Cisco ESA
hda
cpsg-
Checkpoint
hda
csr1000v-
Cisco CSR v1000
virtioa
csr1000vng-
Cisco CSR v1000 Denali & Everest
virtioa
cucm-
Cisco CUCM
virtioa
cumulus-
Cumulus
hda
extremexos-
ExtremeOS
hda
firepower-
Cisco FirePower 5.4 NGIPS
scsia
firepower-
Cisco FirePower 5.4 FMC
scsia
firepower6-
Cisco FirePower 6.x NGIPS
scsia
firepower6-
Cisco FirePower 6.x FMC
hda
firepower6-
Cisco FirePower 6.x FTD
hda
fortinet-
Fortinet FW
virtioa
fortinet-
Fortinet SGT
virtioa
fortinet-
Fortinet mail
virtioa, virtiob
fortinet-
Fortinet manager
virtioa
hpvsr-
HP virt router
hda
ise-
ISE cisco
hda
jspace-
Junos Space
hda
linux-
any linux
hda
mikrotik-
Mikrotik router
hda
nsvpx-
Citrix Netscaler
virtioa
nxosv9k-
NX9K Cisco Nexus
hda
olive-
Juniper
hda
ostinato-
Ostinato traffic generator
hda
paloalto-
PaloAlto FW
virtioa
pfsense-
pFsense FW
hda
riverbed-
vRiverbed
virtioa, virtiob
sonicwall-
DELL FW Sonicwall
hda
sourcefire-
Sourcefire NGIPS
scsia
sterra-
S-terra VPN
hda
sterra-
S-terra Gate
virtioa
timos-
Alcatel Lucent Timos
hda
titanium-
NXOS Titanium Cisco
virtioa
veos-
Arista SW
hda, cdrom.iso
vios-
L3 vIOS Cisco Router
virtioa
viosl2-
L2 vIOS Cisco SW
virtioa
vmx-
Juniper vMX router
hda
vmxvcp-
Juniper vMX-VCP
hda, hdb, hdc
vmxvfp-
Juniper vMX-VFP
hda
vnam-
Cisco VNAM
hda
vqfxpfe-
Juniper vQFX-PFE
hda
vqfxre-
Juniper vQFX-RE
hda
vsrx-
vSRX 12.1 Juniper FW/router
virtioa
vsrxng-
vSRX v15.x Juniper FW/router
hda
vwaas-
Cisco WAAS
virtioa
vwlc-
vWLC Cisco WiFi controller
megasasa
vyos-
VYOS
virtioa
win-
Windows Hosts (Not Server Editions)
hda
winserver-
Windows Server Editions
hda
xrv-
XRv Cisco router
hda
xrv9k-
XRv Cisco router Full
virtioa

-to install ios image
scp c1710-bk9no3r2sy-mz.124-23.bin, c3725-adventerprisek9-mz.124-15.T14.bin and c7200-adventerprisek9-mz.152-4.S6.bin to /opt/unetlab/addons/dynamips
# cd /opt/unetlab/addons/dynamips
# unzip c1710-bk9no3r2sy-mz.124-23.bin
# unzip c3725-adventerprisek9-mz.124-15.T14.bin
# unzip c7200-adventerprisek9-mz.152-4.S6.bin
# mv C1710-BK.BIN c1710-bk9no3r2sy-mz.124-23.image
# mv C3725-AD.BIN c3725-adventerprisek9-mz.124-15.T14.image
# mv C7200-AD.BIN c7200-adventerprisek9-mz.152-4.S6.image
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions-to install asa
# mkdir -p /opt/unetlab/addons/qemu/asa-8.42
scp ASA-8.42.vmdk and ASA-8.42-0.vmdk into /opt/unetlab/addons/qemu/asa-8.42
# cd /opt/unetlab/addons/qemu/asa-8.42
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42-0.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create two asa node with ram 1024mb
ASA1
# conf t
(config)# hostname asa1
(config)# int e0
(config-if)# ip add 10.0.0.101 255.255.255.0
(config-if)# nameif outside
(config-if)# no sh
ASA2
# conf t
(config)# hostname asa2
(config)# int e0
(config-if)# ip add 10.0.0.102 255.255.255.0
(config-if)# nameif outside
(config-if)# no sh
(config-if)# end
# ping 10.0.0.101# mkdir -p /opt/unetlab/addons/qemu/asa-9.15
scp hda.qcow2 and hdb.qcow2 into /opt/unetlab/addons/qemu/asa-9.15
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE:
Forum said only asa-9.15 can do Active/Active

-to install a10
# mkdir -p /opt/unetlab/addons/qemu/a10-4.0.1
# scp vThunder-4.0.1.ova into /opt/unetlab/addons/qemu/a10-4.0.1
# cd  /opt/unetlab/addons/qemu/a10-4.0.1
# tar xf vThunder-4.0.1.ova
# # /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vThunder-4.0.1-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

 -to install acs
download acs-5.7.0.15.iso
create acs vm in ESXi with 4GB RAM, 2x CPU core, 40GB thin disk, OS Other Linux 64bit
boot acs vm and attach acs-5.7.0.15.iso
Image
after install, reboot and remove detach acs.iso
login: setup
Enter hostname[]: acs
Enter IP address: 10.0.20.86
Enter IP netmask[]: 255.255.255.0
Enter IP default gateway[]: 10.0.20.1
Enter default DNS domain[]: poc.com
Enter primary nameserver[]: 8.8.8.8
Add seconday nameserver? Y/N [N}:
Enter NTP server[time.nist.gov]:
Add another NTP server? Y/N [N]:
Enter system timezone[UTC]: GMT
Enable SSH service? Y/N [N]: y
Enter username[admin]:
Enter password:
Enter password again:shutdown acs vm
ssh as root to unetlab
# mkdir -p /opt/unetlab/addons/qemu/acs-5.7.0.15
ssh as root into ESXi
# cd /vmfs/volume/datastore1/acs
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/acs-5.7.0.15
switch to unetlab
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 acs.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
-to install asav
# mkdir -p /opt/unetlab/addons/qemu/asav-932-200
scp asav932-200.qcow2 into /opt/unetlab/addons/qemu/asav-932-200
# cd /opt/unetlab/addons/qemu/asav-932-200
# cp -p asav932-200.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create asav lab
Make sure console is vnc in unl file.
# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install bigip-12.0

download BIGIP-12.0.0.1.0.628.LTM.qcow2.zip from
https://downloads.f5.com/esd/serveDownload.jsp?path=/big-ip/big-ip_v12.x/12.0.0/english/virtual-edition_base-plus-hf1/&sw=BIG-IP&pro=big-ip_v12.x&ver=12.0.0&container=Virtual-Edition_Base-Plus-HF1&file=BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# mkdir -p /opt/unetlab/addons/qemu/bigip-12.0/
scp BIGIP-12.0.0.1.0.628.LTM.qcow2.zip into /opt/unetlab/addons/qemu/bigip-12.0/
# cd /opt/unetlab/addons/qemu/bigip-12.0/
# unzip BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# rm BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# mv BIGIP-12.0.0.1.0.628.LTM.qcow2 hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install brocadevadx

# mkdir -p /opt/unetlab/addons/qemu/brocadevadx-3100
# scp SSR3100ESX_EVAL.zip into /opt/unetlab/addons/qemu/brocadevadx-3100
# cd /opt/unetlab/addons/qemu/brocadevadx-3100
# unzip SSR3100ESX_EVAL.zip
# tar xf SSR03100ESX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 SSR1000ESX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Make sure console is vnc in unl file.
# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install cda
open ESXi and prepare cda vm with minimum spec
OS: Windows 2003, 2008, 2008R2, 2012, 2012R2
Disk Size: 120GB
RAM: 2GB
CPU: 2 virtual core
NIC: 1pc
See p2-2
http://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10.pdf
Download and install cda_1.0.0.011.i386.iso
see p2-12 pdf above
shutdown vm
ssh as root into unetlab
# mkdir -p /opt/unetlab/addons/qemu/cda-1.0
ssh as root into ESXi
# cd /vmfs/volume/datastore1/cda
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/cda-1.0
ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/cda-1.0
# /opt/qemu/bin/qemu-img create -f qcow cda-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cips
# mkdir -p /opt/unetlab/addons/qemu/cips-4240
scp IPS-4240.ova into /opt/unetlab/addons/qemu/cips-4240
# cd /opt/unetlab/addons/qemu/cips-4240
# tar xf IPS-4240.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk1.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
when you start cips for first time
L: cisco
P: cisco

-to install clearpass
# mkdir -p /opt/unetlab/addons/qemu/clearpass-6.4.0
scp CPPM-VM-x86_64-6.4.0.66263-ESX-80G-CP-SW-EVAL-ovf.zip into /opt/unetlab/addons/qemu/clearpass-6.4.0
# cd /opt/unetlab/addons/qemu/clearpass-6.4.0
# unzip CPPM-VM-x86_64-6.4.0.66263-ESX-80G-CP-SW-EVAL-ovf.zip
# mv CPPM-VM-x86_64-6.4.0.66263-ESX-80G-CP-SW-EVAL-ovf/CPPM-VM-x86_64-6.4.0.66263-ESX-80G-CP-SW-EVAL-disk1.vmdk .
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CPPM-VM-x86_64-6.4.0.66263-ESX-80G-CP-SW-EVAL-disk1.vmdk hda.qcow2
# cp -p hda.qcow2 hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create a lab with clearpass on it
start clearpass icon
type y when you reach
WARNING: All data on the second disk [SCSI (0:1)] will be erased and that disk will be setup as the primary boot image. Please ensure that disk has the recommended capacity for the appliance version

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-9.0.0.324
scp coeus-9-0-0-324-S100V.zip into /opt/unetlab/addons/qemu/coeus-9.0.0.324
# cd /opt/unetlab/addons/qemu/coeus-9.0.0.324
# unzip coeus-9-0-0-324-S100V.zip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
change
$p[‘console’] = ‘telnet’;
to
$p[‘console’] = ‘vnc’;

-to install cpsg
download CheckPoint GAIA R77-30 iso
create cpsg-r7730 vm in ESXI with 30GB HD, 2GB RAM, 4 nics and Other Linux 64bit
1. Install Gaia on this system
press Enter
2. Keyboard Selection
click US and OK
3. Partitions Configuration
click OK
4. Account Configuration
Password:
Confirm:
click OK
5. Management Port
choose your manament nic
click OK
6. Management Interface (eth0)
IP address:
Netmask:
Default gateway:
click OK
7. Confirmation
click OK
Shutdown vm and export as ova
# mkdir -p /opt/unetlab/addons/qemu/cpsg-r7730
scp cpsg-r7730.ova into /opt/unetlab/addons/qemu/cpsg-r7730
# tar xf cpsg-r7730.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cpsg-r7730-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install csr
# mkdir -p /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
scp csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova into /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# cd /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# tar xf csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 csr1000v_harddisk.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cumulus
Download Cumulus VX for VMware from https://cumulusnetworks.com/cumulus-vx/download/
# mkdir -p /opt/unetlab/addons/qemu/cumulus-2.5.3
scp CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova /opt/unetlab/addons/qemu/cumulus-2.5.3
# cd /opt/unetlab/addons/qemu/cumulus-2.5.3
# tar xf CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CumulusVX-2.5.3-4eb681f3df86c478-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install extremexos
# mkdir -p /opt/unetlab/addons/qemu/extremexos-15.3.2.11
scp extremexosvm.zip /opt/unetlab/addons/qemu/extremexos-15.3.2.11
# cd /opt/unetlab/addons/qemu/extremexos-15.3.2.11
# unzip extremexosvm.zip
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “EXOS_VM_15.3.2.11 sw1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install fortinet
NOTE:
We must download fortios KVM version not VMware version. The hd name must be virtioa not hda otherwise you will get country error
# mkdir -p /opt/unetlab/addons/qemu/fortinet-5.2.3b670
scp fortios_5-2-3.qcow2 into /opt/unetlab/addons/qemu/fortinet-5.2.3b670
# cd /opt/unetlab/addons/qemu/fortinet-5.2.3b670
# mv fortios_5-2-3.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to add log disk
# cd /opt/unetlab/addons/qemu/fortinet-5.6
create 500MB log disk size
# /opt/qemu/bin/qemu-img create -f raw virtiob.qcow2 500M
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
on FortiGate
# get system status
Version: FortiGate-VM64-KVM v5.6.0,build1449,170330 (GA)
Virus-DB: 1.00123(2015-12-11 13:18)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGVMEV0000000000
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Sun May  7 05:35:13 2017
VM Resources: 1 CPU/1 allowed, 995 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Need format
Hostname: FortiGate-VM64-KVM
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1449
Release Version Information: GA
FortiOS x86-64: Yes
System time: Sat Apr 22 05:46:50 2017
FortiGate-VM64-KVM # execute formatlogdisk
Log disk is /dev/vdb.
Formatting this storage will erase all data on it, including
  logs, quarantine files;
and require the unit to reboot.
Do you want to continue? (y/n)y
FortiGate-VM64-KVM # get hardware status
Model name: FortiGate-VM64-KVM
ASIC version: not available
CPU: QEMU Virtual CPU version 1.0
Number of CPUs: 1
RAM: 995 MB
Compact Flash: 2056 MB /dev/vda
Hard disk: 500 MB /dev/vdb

USB Flash: not available

NOTE:
Fortigate: You cannot create VDOMs, have a throughput limit, have some SSL limitation and has no Subscription signatures for IPS / App Control, AV, Web Filtering and Antispam.
   You cannot try FortiGate HA with trial version because the trial VM has the same S/N of the other and the Cluster could not form
FortiManager / FortiAnalyzer: Limit of log per day or management devices
FortiADC (VM and D series): I believe that latest version only release the GUI after upload the license. The older versions has no limitation.
FortiWeb: There’s no signature update
FortiSandbox: Did not download the Windows VM’s
FortiAuthenticator: Limit the number of users in database

FortiMail: There’s no signature (antivirus) and no antispam (cloud)

-to install hpvsr
Download hpvsr from https://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG811AAE&lang=en&cc=us&prodSeriesId=5443163

# mkdir /opt/unetlab/addons/qemu/hpvsr-1001-CMW710
scp VSR1000_HPE-CMW710-E0325-X64.zip into /tmp
# cd /tmp
# unzip VSR1000_HPE-CMW710-E0325-X64.zip
# tar xf VSR1000_HPE-CMW710-E0325-X64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VSR1000_HPE-CMW710-E0325-X64-disk1.vmdk /opt/unetlab/addons/qemu/hpvsr-1001-CMW710/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install iol
find in google these 3 files
i86bi_linux-adventerprisek9-ms.154-2.T4
i86bi_linux_l2-adventerprisek9-ms.156-0.9.S
CiscoIOUKeygen.py.zip

copy above files into /opt/unetlab/addons/iol/bin
# cd /opt/unetlab/addons/iol/bin
# mv i86bi_linux-adventerprisek9-ms.154-2.T4 i86bi_linux-adventerprisek9-ms.154-2.T4.bin
# mv i86bi_linux_l2-adventerprisek9-ms.156-0.9.S i86bi_linux_l2-adventerprisek9-ms.156-0.9.S.bin
# unzip CiscoIOUKeygen.py.zip
# python CiscoIOUKeygen.py
copy the result and paste into /opt/unetlab/addons/iol/bin/iourc file

-to import iou lab
SOURCE: http://www.unetlab.com/2015/06/importing-iou-web-labs/
download IOU-WEB from
http://certcollection.org/forum/topic/236548-iou-web-vm-v22-rsv5-ud-compilation-august-2014-new-links/page__hl__%20iou
Download, extract and import v22VMIOU2014 into VMware
Power on the vm and modify its ip address
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
BOOTPROTO=”none”
NM_CONTROLLED=”yes”
ONBOOT=”yes”
TYPE=”Ethernet”
IPADDR=10.0.20.84
PREFIX=24
GATEWAY=10.0.20.1
DEFROUTE=yes
ONBOOT=yes

# service network restart
open web browser and go to http://10.0.10.84
click Downloads/database.sdb
scp database.sdb into unetlab server tmp

login as root into unetlab vm
# apt-get install php5-sqlite sqlite
# cd /opt/unetlab/scripts/
# wget https://raw.githubusercontent.com/dainok/unetlab/master/scripts/import_iou-web.php .
# chmod 755 /opt/unetlab/scripts/import_iou-web.php
# /opt/unetlab/scripts/import_iou-web.php /tmp/database.sdb
All labs will be imported under /opt/unetlab/labs/Imported

NOTE:
IOU assigns DCE/DTE on a per slot basis. Even slots are DTE, Odd slots are DCE

e.g. Slots 0, 2, 4.. = DTE; Slots 1, 3, 5.. = DCE

-to install ise
In ESXi import ISE-1.4.0.253-eval.ova
ssh as root to ESXi
# /vmfs/volumes/datastore1/ISE
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/ise-1.4.0.253
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/ise-1.4.0.253
# cd /opt/unetlab/addons/qemu/ise-1.4.0.253
# /opt/qemu/bin/qemu-img convert -f qcow ISE-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install mikrotik
Download latest chr vmdk from http://www.mikrotik.com/download
# mkdir /opt/unetlab/addons/qemu/mikrotik-6.34.3
scp chr-6.34.3.vmdk into /opt/unetlab/addons/qemu/mikrotik-6.34.3
# cd /opt/unetlab/addons/qemu/mikrotik-6.34.3
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 chr-6.34.3.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/mikrotik.php
change
$p[‘console’] = ‘telnet’;
to
$p[‘console’] = ‘vnc’;
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create a test lab with mikrotik node and start
press a (to select all)
press i (to install)
Do you want to keep old configuration ? [y/n] n
Continue? [y/n] y

L: admin
P:

-to install nsvpx
# mkdir -p /opt/unetlab/addons/qemu/nsvpx-11.0.55.20
scp NSVPX-ESX-11.0-55.20_nc.zip into /opt/unetlab/addons/qemu/nsvpx-11.0.55.20
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NSVPX-ESX-11.0-55.20_nc-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install olive
# mkdir -p /opt/unetlab/addons/qemu/olive-12.1R1.9
scp “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova” into /opt/unetlab/addons/qemu/olive-12.1R1.9
# cd /opt/unetlab/addons/qemu/olive-12.1R1.9
# tar xf “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova”
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “JunOS Olive-disk1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install ostinato
Download ost-drone-0.7-v1.qcow2 from
http://www.bernhard-ehlers.de/projects/ostinato4gns3/install-qemu.html
# mkdir /opt/unetlab/addons/qemu/ostinato-0.7-v1
scp ost-drone-0.7-v1.qcow2 into /opt/unetlab/addons/qemu/ostinato-0.7-v1
# cd /opt/unetlab/addons/qemu/ostinato-0.7-v1
# mv ost-drone-0.7-v1.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install paloalto
# mkdir -p /opt/unetlab/addons/qemu/PA-VM-ESX-7.0.1
scp PA-VM-ESX-6.1.0.ova into /opt/unetlab/addons/qemu/paloalto-7.0.1
# cd /opt/unetlab/addons/qemu/paloalto-7.0.1
# tar xf PA-VM-ESX-7.0.1 .ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 PA-VM-ESX-7.0.1-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

NOTE:

PA in UNL no need license but no URL and threat signature updates, as well as fewer sessions through the firewall

-to install radware
SOURCE: http://www.unetlab.com/forum/viewtopic.php?f=7&t=39&sid=0ade6575a07ae6534a3fbce8dd7e3049
download alteon radware from https://www.radware.com/resources/softwaredownloads/network-admin-software/
Icon: Load Balancer.png
CPU: 2 (minimum)
RAM: 2560MB (minimum)
Ethernets: 3 (minimum)
console: VNC (since telnet won’t work)
# mkdir /opt/unetlab/addons/qemu/linux-radware
scp AlteonOS-30A-5-0-0.ova into /opt/unetlab/addons/qemu/linux-radware
# cd /opt/unetlab/addons/qemu/linux-radware
# tar xf AlteonOS-30-5-0-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AlteonOS-30.5.0.0-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Enter password: admin

-to install riverbed
# mkdir /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
scp image_rbt_vcx_9_2_0_n8_x86_64.ova into /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
# cd /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
# tar xf image_rbt_vcx_9_2_0_n8_x86_64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk1.vmdk virtioa.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk2.vmdk virtiob.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P: password
NOTE:
disregard cdrom complain when booting

it will probably boot 2x when power on for the first time and will take around 15min to get login prompt

-to install sophos XG
download latest sophos XG KVM from https://secure2.sophos.com/en-us/products/next-gen-firewall/free-trial.aspx#
# mkdir -p /opt/unetlab/addons/qemu/sophos-16.05
scp VI-SFOS_16.05.3_MR-3.KVM-183.zip into /opt/unetlab/addons/qemu/sophos-16.05
# cd /opt/unetlab/addons/qemu/sophos-16.05
# unzip VI-SFOS_16.05.3_MR-3.KVM-183.zip
# mv PRIMARY-DISK.qcow2 hda.qcow2
# mv AUXILIARY-DISK.qcow2 hdb.qcow2
# rm VI-SFOS_16.05.3_MR-3.KVM-183.zip
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# cd /opt/unetlab/html/templates
# cp cpsg.php sophos.php
# sed -i ‘s/cpsg/sophos/g’ sophos.php
# sed -i ‘s/CP/sophos/g’ sophos.php
# cd ../includes
# vi init.php
add
‘sophos’ => ‘Sophos’,
after sterra line
LAN IP: 172.16.16.16 (default) port1
WAN IP: dhcp port2
WEB GUI: https://172.16.16.16:4444
L: admin
P: admin

-to install sourcefire
download from Cisco Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2
# mkdir -p /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
scp Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 into /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# cd /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# mv Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install timos
# mkdir -p /opt/unetlab/addons/qemu/timos-12.0.R6
scp TiMOS-SR-12.0.R6-vm.zip into /opt/unetlab/addons/qemu/timos-12.0.R6
# cd /opt/unetlab/addons/qemu/timos-12.0.R6
# mv TiMOS-SR-12.0.R6-vm/vm/7xxx-i386/sros-vm.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install titanium
# mkdir -p /opt/unetlab/addons/qemu/titanium-7
scp hda.qcow2 into /opt/unetlab/addons/qemu/titanium-7
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-9.0.0.324
scp coeus-9-0-0-324-S100V.zip into /opt/unetlab/addons/qemu/coeus-9.0.0.324
# cd /opt/unetlab/addons/qemu/coeus-9.0.0.324
# unzip coeus-9-0-0-324-S100V.zip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
change
$p[‘console’] = ‘telnet’;
to
$p[‘console’] = ‘vnc’;

-to install vios
# mkdir -p /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mkdir -p /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
scp vIOS-L3.qcow2 into /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
scp vIOS-L2.qcow2 into /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# cd /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mv vIOS-L3.qcow2 hda.qcow2
# cd /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# mv vIOS-L2.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vmx
# mkdir -p /opt/unetlab/addons/qemu/vmx-1.0
scp vMX.ova into /opt/unetlab/addons/qemu/vmx-1.0
# cd /opt/unetlab/addons/qemu/vmx-1.0
# tar xf vMX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vMX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE: to speed up vmx
http://noshut.ru/2015/09/how-to-run-juniper-vmx-in-unetlab/
# vi /opt/unetlab/html/templates/vmx.php
change
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic’;
to
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic -enable-kvm’;

-to install vnam
# mkdir -p /opt/unetlab/addons/qemu/vnam-6.1.1
scp nam-app-x86_64.6-1-1.ova and nam-app-x86_64.6-1-1.iso into /opt/unetlab/addons/qemu/vnam-6.1.1
# cd /opt/unetlab/addons/qemu/vnam-6.1.1
# tar xf nam-app-x86_64.6-1-1.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NAM-VX-6.1-disk1.vmdk hda.qcow2
# mv nam-app-x86_64.6-1-1.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

From UnetLab gui, Start vnam icon
Main menu
1 – Download application image and write to HDD
2 – Download application image and reformat HDD
3 – Install application image from CD and reformat HDD
4 – Display software versions
5 – Reset application image CLI passwords to default
6 – Send Ping
f – Check for and fix file system errors on local disk
s – Show upgrade log
n – Configure network
r – Exit and reset Services Engine
h – Exit and shutdown Services Engine
Selection [123456fsnrh]:

NOTE:
I have black screen problem with vnam 6.2.1. So I use 6.1.1 instead
Any idea what to do next after do you see menu above?

-to install vsrx
# mkdir -p /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
scp junos-vsrx-12.1X46-D10.2-domestic.ova into /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# cd /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# tar xf junos-vsrx-12.1X46-D10.2-domestic.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vsrxng
NOTE:
for vSRX-NG can be downloaded here
# mkdir -p /opt/unetlab/addons/qemu/vsrxng-151x49d406
scp media-vsrx-vmdisk-15.1X49-D40.6.qcow2 into /opt/unetlab/addons/qemu/vsrxng-151x49d406
# cd /opt/unetlab/addons/qemu/vsrxng-151x49d406
# mv media-vsrx-vmdisk-15.1X49-D40.6.qcow2 virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vwaas
download vwaas from
https://drive.google.com/folderview?id=0B-v2VUXWowDLYWRBcFJEcmtLQkE&usp=drive_web
# mkdir -p /opt/unetlab/addons/qemu/vwaas-200-5.5.3
scp virtioa.qcow2 into /opt/unetlab/addons/qemu/vwaas-200-5.5.3
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P:

-to install vwlc
# mkdir -p /opt/unetlab/addons/qemu/vwlc-8.1.102.0
scp AIR-CTVM-K9-8-1-102-0.ova and AIR-CTVM-k9-8-1-102-0.iso into /opt/unetlab/addons/qemu/vwlc-8.1.102.0
# cd /opt/unetlab/addons/qemu/vwlc-8.1.102.0
# tar xf AIR-CTVM-K9-8-1-102-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AS_CTVM_8_1_102_0.vmdk hda.qcow2
# mv AIR-CTVM-k9-8-1-102-0.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install tinylinux

SOURCE: http://www.802101.com/2015/06/unetlab-ubuntu-guest-node.html
change dsl-4-4-10.doc to dsl-4-4-10.ova
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/linux-dsl
# cd /opt/unetlab/addons/qemu/linux-dsl
scp dsl-4-4-10.ova into /opt/unetlab/addons/qemu/linux-dsl
# tar xf dsl-4-4-10.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 DSL-4.4.10-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add linux linux-dsl node
NOTE:
L: root

P: Password123!@#

-to install win win7
SOURCE: http://www.802101.com/2015/06/windows-7-host-on-unetlab.html
install WIN7 in ESXi
update all patches
do not install vmware-tools
shutdown

ssh to ESXi server and cd to WIN7 directory
# cd /vmfs/volumes/datastore1/WIN7
# scp WIN7.vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/win-win7
# scp WIN7-flat.vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/win-win7

ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/win-win7
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 WIN7.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add win win-win7 node

-to install xrv
# mkdir -p /opt/unetlab/addons/qemu/xrv-k9-5.2.2
scp hda.qcow2 into /opt/unetlab/addons/qemu/xrv-k9-5.2.2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vyos
copy to unetlab
# mkdir -p /opt/unetlab/addons/qemu/vyos-117
# cd /opt/unetlab/addons/qemu/vyos-117
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VyOS-1.1.7-signed-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: vyos
P: vyos

-to install zeroshell
SOURCE: http://www.802101.com/2015/08/running-zeroshell-in-unetlab.html
Download zeroshell iso from http://www.zeroshell.org/download/#
# mkdir -p /opt/unetlab/addons/qemu/linux-zeroshell
scp ZeroShell-3.3.2.iso into /opt/unetlab/addons/qemu/linux-zeroshell
# cd /opt/unetlab/addons/qemu/linux-zeroshell
# mv ZeroShell-3.3.2.iso cdrom.iso
# /opt/qemu/bin/qemu-img create -f qcow hda.qcow2 5G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
I then added a new node to a test lab I had on the go, and fired it up. Once connected via VNC, you can then install it to the hard drive, by selecting option A from the menu:
Just accept all the defaults
# mv cdrom.iso ZeroShell-3.3.2.iso
from unetlab gui stop the node and start again

-to upgrade VMware-Tools
mount iso on datastore
click CD-ROM icon on ESXi console
click CD DVD drive 1/Connect to iso image on a datastore
open vmimages/tools-isoimages/linux.iso
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom/
# tar xzvf /mnt/cdrom/VMwareTools-9.10.0-2476743.tar.gz -C /tmp/
# cd /tmp/vmware-tools-distrib
# perl vmware-install.pl
Do you still want to proceed with this legacy installer? [yes]
Uninstallation of previous install failed. Would you like to remove the install DB? [no] yes
# perl vmware-install.pl -d

-Log location
# cat /opt/unetlab/data/Logs/

WINDOWS:
-download and install UltraVNC from http://www.uvnc.com/downloads/ultravnc.html
-download and install Wireshark from https://www.wireshark.org/download.html
-download and extract http://UNLip/files/windows.zip
copy UNetLab into c:\Program Files
copy ultravnc_wrapper.bat into C:\Program Files\uvnc bvba\UltraVNC
run win7_64bit_ultravnc.reg
run win7_64bit_putty.reg

run win7_64bit_wireshark.reg

-to open multiple tab session in SecureCRT
run win7_64bit_crt.reg
edit C:\Users\username\AppData\Roaming\VanDyke\Config\Global.ini
change
D:”Single Instance”=00000000
to

D:”Single Instance”=00000001

-to open multiple tab with SuperPutty
   download and install SuperPutty from https://github.com/jimradford/superputty/releases
   open SuperPutty and tick Tools/Options/Advanced/Only allow single instance of SuperPuTTYy to run
   create SuperPutty.reg
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\telnet]
@=”URL:Telnet Protocol”
“URL Protocol”=””
[HKEY_CLASSES_ROOT\telnet\shell]
[HKEY_CLASSES_ROOT\telnet\shell\open]
[HKEY_CLASSES_ROOT\telnet\shell\open\command]

@=”\”C:\\Program Files (x86)\\SuperPuTTY\\SuperPutty.exe\” %1″

go to http://10.0.20.71 and Sign-in with
L: admin
P: unl

-to connect unetlab to the cloud
http://www.unetlab.com/2014/11/using-cloud-devices/

-to rename a lab file
clone or open existing file
click More Actions/Edit lab

change the Name

-to convert VirtualBox vdi to qcow2 format

# /opt/qemu/bin/qemu-img convert -f vdi -O qcow2 vm.vdi vm.qcow2

-cisco CSR 1000v take 2.5GB RAM per node, if you want less ram, use L3-ADVENTERPRISEK9-M-15.4-2T.bin instead

Advertisements

Enabling https in Citrix License Server

VPX:

-allow ssh port and ping in iptables
# echo “-A INPUT -i eth0 -p tcp -m tcp –dport 22 -j ACCEPT” >> /etc/sysconfig/iptables
# echo “-A INPUT -i eth0 -p icmp -j ACCEPT” >> /etc/sysconfig/iptables
# service iptables restart
put license directly, just put into /opt/citrix/licensing/myfiles
make sure XenDesktop license hostname match with license server hostname

-to change https port
# vi /opt/citrix/licensing/LS/conf/server.xml
search for securePort
change to 10443 because iptables allow port 10443

-to access web http://ip:8082 or https://ip:10443
-to check iptable
-to check service list
# chkconfig –list

-to restart a service
# service citrixlicensing restart

-to login using https://ipaddress:10443
L: admin P:

Windows:

SOURCE: http://support.citrix.com/article/CTX140698
-On the License Administration Console go to Administration > Server Configuration > Secure Web Server Configuration. Select Enable HTTPS.
-To enable HTTP to HTTPS redirection, select Redirect non-secure web access to secure web access click Save and restart the license server. This moves HTTP traffic to go over HTTPS

-enable FW config
>netsh advfirewall firewall delete rule name=”Temporary Block for Licensing Admin PowerShell” dir=out protocol=TCP remoteip=<IP of License Server> remoteport=8083
>netsh advfirewall firewall delete rule name=”Temporary Block Web Services For Licensing” dir=out protocol=TCP program=”c:\Program Files (x86)\Citrix\Licensing\UsageCollector\ctxurt.exe” remoteport=443

Reset password

Aruba Controller:
Please login using console with a serial cable (e.g. you must be infront of the controller):
Login : password
Password: forgetme!

Then go into enable mode with pwd “enable”
#Config terminal
(config)#Mgmt-user admin root
#write memory
<hit enter to setup the new root password>
Once done logout and login back in with the new password.
– If you are looking to decrypt the wireless security key which you have setup for your wireless network. Please execute #encrypt disable and then execute #show run, under the config you will see the wireless key in clear text under your VAP profile section.
sometimes you have the admin password of the controller but not have the enable mode password so what to do?
Access the Controller via GUI And change the enable mode password in Controller Wizard.
Navigate to Configuration > Controller Wizard > Under Wizards > Configure Controller >Basic Info> Enter any Name of your choice, Password for User Admin, retype the same, Password for Enable mode Access here is the place where we can reset the enable mode password and retype the same click on Next


Cisco
:
1. Connect Console cable
2. Reboot the router and press the Break key to interrupt the boot sequence.

For break key sequences
SOURCE: http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/12818-61.html

Software Platform Operating System Try This
Hyperterminal IBM Compatible Windows XP Ctrl-Break
Hyperterminal IBM Compatible Windows 2000 Ctrl-Break
Hyperterminal IBM Compatible Windows 98 Ctrl-Break
Hyperterminal (version 595160) IBM Compatible Windows 95 Ctrl-F6-Break
Kermit Sun Workstation UNIX Ctrl-\l
Ctrl-\b
MicroPhone Pro IBM Compatible Windows Ctrl-Break
Minicom IBM Compatible Linux Ctrl-a f
ProComm Plus IBM Compatible DOS or Windows Alt-b
SecureCRT IBM Compatible Windows Ctrl-Break
Telix IBM Compatible DOS Ctrl-End
Telnet N/A N/A Ctrl-], then type send brk
Telnet to Cisco IBM Compatible N/A Ctrl-]
Teraterm IBM Compatible Windows Alt-b
Terminal IBM Compatible Windows Break
Ctrl-Break
Tip Sun Workstation UNIX Ctrl-], then Break or Ctrl-c
~#
VT 100 Emulation Data General N/A F16
Windows NT IBM Compatible Windows Break-F5
Shift-F5
Shift-6 Shift-4 Shift-b (^$B)
Z-TERMINAL Mac Apple Command-b
N/A Break-Out Box N/A Connect pin 2 (X-mit) to +V for half a second
Cisco to aux port N/A Control-Shft-6, then b
IBM Compatible N/A Ctrl-Break

3. reset
rommon 1 > confreg 0x2142
You must reset or power cycle for new config to take effect
rommon 2 > reset

4. Change the password
Type no after each setup question, or press Ctrl-C in order to skip the initial setup procedure
Router> enable
Router# copy startup-config running-config
Destination filename [running-config]? (hit enter)
Building configuration…
[OK]
Router# configure terminal
Router(config)# enable password cisco
Router(config)# enable secret cisco
Router(config)# line console 0
Router(config-line)# password cisco
Router(config)# username cisco privilege 15 secret cisco
Router(config)# config-register 0x2102
Router(config)# exit
Router# copy running-config startup-config
Destination filename [startup-config]? (hit enter)
Building configuration…
[OK]
Router# reload


Citrix
:
Netscaler MPX / VPX
SOURCE: http://msandbu.wordpress.com/2013/11/04/netscaler-tips-and-tricks/

Now from time to time you might come by this, you have a customer which has a Netscaler setup and they have forgotten the password for the device. What do you do ?
If you have a MPX you need to connect to the device using a serial cable and use for instance Putty to connect to the serial port. If you have an VPX you just need to open the console. Now when the device boots you need to press CTRL + C now on the VPX it is simple the boot menu appears

1

Then you just press 4 and go into single user mode. On the MPX we have to press CTRL + C simultaneously as well when the following appears in the console
Press [Ctrl-C] for command prompt, or any other key to boot immediately.
Booting [kernel] in 2 seconds…
Now to start the MPX in single-user mode you have to type either boot –s or reboot — -s torestart in single user mode. When you are in single user mode the console will look like this.

2

Next we have to mount the flash device since this is where the config file resides. Now on different devices this flash device has different nameshttp://support.citrix.com/article/CTX121853
For VPX this device is called /dev/ad0s1a
So first we have to check disk consistency first before we can mount the device.
fsck /dev/da0s1a (This checks disk consistency)
mount/dev/da0s1a/flash (This mounts the drive under the folder /flash )
df –l (List the devices and where they are mounted)

3

Next we need to change directory to the flash drive where the config file is located.
cd /flash/nsconfig from there

4

Next we use a grep command to create a new config file but without the line which contains the passoword string.
grep –v “set system user nsroot” ns.conf > new.conf
Next we need to rename the current config to another name
mv ns.conf old.ns.conf
mv new.conf ns.conf

After this is done we have a new config file without the password for nsroot and we can reboot.

XenServer:
SOURCE: http://virtualizze-en.blogspot.fr/2012/12/xenserver-how-to-reset-your-root.html
At the boot screen, you will see “SYSLINUX 4.02 … Boot:”, write to the next “menu.c32”
Secondly, you can see a blue window. Move to “xe-serial” and press “tab”
Now, you can read command line start with “mboot.c32…..”. You have to change this part of the line “xencons=hvc console=hvc0” and write “console= ttySO,115200n8 single”.
And press “Enter”, the server continue the starting process.
Then you can see the command line interface, write “passwd” to change your root password

Cyberoam:
1. Connect Console cable and launch putty
2. Power on Cyberoam and continously press Enter until you see CRLoader
You are navigated to CRLoader screen. Go to Option 0 – CRLoader and Press Enter
Select Option 2 – Troubleshoot
Select Option 1 – Reset console password
This would reset the admin user password. Press “Ok” to continue
Select Option 5 – Reboot. This will reboot the appliance
Once Cyberoam is rebooted, Enter the Default Password as “admin” and then CLI access will be available


F5
:
1. When booted press e
2. Change i.e
to
press Enter
press b

3. Changing password
After booted, # will appear
# mount -a
# passwd root
New BIG-IP password:
Retype new BIG-IP password:
SN: FGT-603907516189
L: maintainer
P: bcpbFGT-603907516189
password=bcpb+SNHP

:
1. Press Clear hole for 10s
Once you release the “Clear” button, only the password protection will be removed. All other configuration settings will remain intact, and the switch will not reboot
If you would like to disable the clear password button on the front of the HP Procurve switch then enter the following
>conf t
Switch(config)# no front-panel-security password-clear
You will also notice the reset button next to the clear button. To disable this button enter the following.
Switch(config)# no front-panel-security factory-reset
Both buttons are now disabled.If you would like to enable these buttons again, do so with the commands below.
Switch(config)# front-panel-security password-clear
Switch(config)# front-panel-security factory-reset

Finally if you are unsure of the status of the reset and clear buttons on the procurve switch then enter the following.
Switch(config)# show front-panel-securityJuniper:

1. Connect your Console cable with settings 9600/8/N/1
2. Power on the device and watch the screen for the line:
Hit [Enter] to boot immediately, or space bar for command prompt.
When you see that line, hit the SPACE BAR and you will receive an OK prompt.
3. At the OK prompt, you want to the system into single user mode by issuing the command
boot -s

4. The system will boot in single user mode and you will then be prompted if you want to enter the path name for shell or “recovery” for root password recovery. Since we are trying to recover the password, we will enter
recovery
5. The system will then boot and run a recovery script and place you in at the > prompt
> edit
# set system root-authentication plain-text-password
# commit
# exit
> exit
Reboot the system? [y/n] yRuckus:

StandAlone AP
Press Hard Reset hole in the back of AP for >12s
L: super
P: sp-admin

ZoneDirector
If you have a saved ZoneDirector backup or debug log, contact Ruckus Tech Support, who may be able to decipher the admin password from your files. Ruckus Technical Support will need to validate you are the legal administrator of the device before doing this.

SonicWall:
SOURCE: https://support.software.dell.com/kb/sw3916

VMWare ESXi:

SOURCE: http://www.vdsyn.com/resetting-the-root-password-for-esxi-5-x/
REQUIREMENT:
-Download Live CD from
Kali Linux
https://www.kali.org/downloads/
or Ubuntu Desktop
http://www.ubuntu.com/download/desktop
1. Insert the CD or ISO
2. Boot ESXi from either CD above
In Dell is by pressing F2 on boot
If your ESXi is under VMWare Workstation, then click VM > Power > Power On to BIOS
3. if you using Ubuntu, click Try Ubuntu instead of Install Ubuntu.
If you using Kali Linux, you can see desktop right away
4. open Terminal
#mount /dev/sda5 /mnt
#cp /mnt/stage.tgz /tmp
#cd /tmp
#tar xzf state.tgz
#tar xzf local.tgz
#vi etc/shadow
this is just example
change
root:$6$klP1V.Uf$zm1ecoMUBF7.nEmPoQ7R.4SN681iQNGW8iP6qZ.7qhKiWp0sNIIF6GR/zmQH7163UPHZ8MW.ZpBOAXdYedhiE1:16396:0:99999:7:::
to
root::16396:0:99999:7:::
save
#tar czf local.tgz etc
#tar czf state.tgz local.tgz
#cp state.tgz /mnt
#reboot
remove the cd
Now you can login using vSphere client as root without password

Upgrade Dell firmware

METHOD 1: Online
1. When Dell booting, press F10=System Services
2. Once in “Unified Server Configurator”
click Platform Update
Make sure your server can connect to Internet either by static ip or dhcp

3. Click “Launch Platform Update”

4. Once you have setup the network and checked your current versions you can simply connect to FTP.DELL.COM to see what updates are available.  Select the ones you want to install and the rest will happen for you including any reboots that are required

METHOD 2: Offline

1. Download and install “Repository Manager” from
2. Run Dell Repository Manager Updater, then update
3. Run Dell Repository Manager Data Center version
click Sync Database with Dell Online Catalog
4. click “My Repositories” tab
click New/Create New Repository
Name and Description
   Name: R320
Base Repository
   click Dell Online Catalog
Select Brand
   select your hardware type, for example Server/PowerEdge/Rack
Select OS
   tick Windows 64-bit
   tick Linux (32-bit and 64-bit)
Select Models
   click Select Model(s)
   tick PowerEdge R320/NX400
Select Bundles
Optional Components
Summary
   click Finish
5. click Export
Select Destination
   click Bootable ISO
Set BIOS to boot from CD

METHOD 3: From within XenServer
SOURCE: http://neil.spellings.net/2012/03/03/updating-dell-firmware-from-within-xenserver-dom0/

First put your XenServer into maintenance mode to migrate all the running VMs off it.
Login to your server via ssh as root and run:
# wget -q -O – http://linux.dell.com/repo/hardware/latest/bootstrap.cgi | bash

This will configure yum with the Dell software repository. We can now download the required firmware upgrade software, and upgrade files:
# yum install dell_ft_install
# yum install $(bootstrap_firmware)

We can then run the following command to view current firmware versions:
# inventory_firmware

which gives the following output on my Dell R415:
BIOS = 1.2.5
ST2000NM0001 Firmware = ps04
PERC H200A Controller 0 Firmware = 07.03.05.00
Dell 32 Bit Diagnostics, v.5154A0, 5154.1 = 5154a0
SAS/SATA Backplane 0:0 Backplane Firmware = 1.07
NetXtreme II BCM5716 Gigabit Ethernet rev 20 (eth0) = 6.2.12
NetXtreme II BCM5716 Gigabit Ethernet rev 20 (eth1) = 6.2.12
Dell Unified Server Configurator, v.1.5.0.29, A00 = 1.5.0.29
System BIOS for PowerEdge R415 = 1.2.5

To upgrade the firmware, we run:
# update_firmware –yes

This will apply any firmware updates required, and will then require a reboot to complete.
Whilst this is a great way to apply multiple updates with a single reboot the only downside is that some more recent firmware files are not included by default (for example the latest BIOS) so we have to download and install these manually:
# wget http://downloads.dell.com/FOLDER00196858M/2/R415_BIOS_JW0MK_LN32_1.8.6.BIN
# chmod +x R415_BIOS_JW0MK_LN32_1.8.6.BIN
# ./R415_BIOS_JW0MK_LN32_1.8.6.BIN

Cisco VXC 2112 connect to XenApp 6.5

DHCP:
Scope Options
3 Router 192.168.3.1
6 DNS Servers 192.168.3.61
15 DNS Domain Name poc.com
42 NTP Servers 192.168.3.61
161 FTP Server 10.10.50.112
162 FTP Path firmware$
184 FTP Username ftp
185 FTP Password P@$$w0r6
FTP:
WNOS.INI FILE
autoload=2
Timeserver=192.168.3.61
TimeZone=’GMT + 08:00′ ManualOverride=yes
SignOn=Yes
DomainList=”poc”
Seamless=yes
#PnliteServer=http://XenApp.poc.com/Citrix/PNAgent/Config.xml
FOLDER STRUCTURE
firmware
firmware\wnos
firmware\wnos\ini
XENAPP:
XML port: 8080
-XenApp Services Sites: PNAgent http://XenApp.poc.com/Citrix/PNAgent
XML port: 8080