Killing stuck process

# bash
$ ps –ef | grep -i Stp
$ sudo kill PID

ps -auxww  Report all active processes in the kernel we can see zombi process with this command  (z)
You must first identify the parent process of these zombies;
ps -l -p <pid of zombie>
pidof fwd (splat)
pgrep -l sshd   Find the PIDs of processes by (part of) name
ps axjf              See in tree format also i can see parent pid )
pmap PID       Memory map of process (good for hunting memory leaks)

Displaying the top 10 CPU-consuming processes (% of total usage)
ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying the processes in order of real memory use
ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes using whatchdog (CPWD) for  (CDP,FWM,FWD)
cpwd_admin list
more explanation on  this post
Kill a Firewall process
kill -9 (pid of process)
fw kill [-t sig] proc_name
fw kill -t 9 fwm
Also process can be kill with top command and just press -k follow by process PID

# show processes cpu sorted
# clear sockets PID

# ps ax | grep -i sshd
# kill -9 PID

-check version
# fnsysctl cat /proc/version
Linux version 2.4.37 (root@build) #1 Mon Dec  4 20:51:05 UTC 2017
-check running daemon
# fnsysctl ls /var/run                     
-check running PID
# fnsysctl ps
PID       UID     GID     STATE   CMD
1         0       0       S       /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2         0       0       S       [keventd]
3         0       0       S       [ksoftirqd_CPU0]
4         0       0       S       [kswapd]
5         0       0       S       [bdflush]
6         0       0       S       [kupdated]
7         0       0       S       [memoryd]
8         0       0       S       [khubd]
12        0       0       S       [usb-storage-0]
13        0       0       S       [scsi_eh_0]
31        0       0       S       [mvl_link]
32        0       0       S       /bin/cmdbsvr
38        0       0       S       /bin/zebos_launcher
39        0       0       S       /bin/nsm -L 2
40        0       0       S       /bin/ripd -L 2
41        0       0       S       /bin/ripngd -L 2
42        0       0       S       /bin/ospfd -L 3
43        0       0       S       /bin/ospf6d -L 2
44        0       0       S       /bin/bgpd -L 3
45        0       0       S       /bin/isisd -L 2
46        0       0       S       /bin/pimd -L 2
47        0       0       S       /bin/pim6d -L 2
48        0       0       S       /bin/pdmd -L 2
49        0       0       S       /bin/imi -L 2
50        0       0       S       /bin/uploadd
51        0       0       S       /bin/miglogd
52        0       0       S       /bin/kmiglogd
53        0       0       S       /bin/httpsd
55        0       0       S       /bin/getty
56        0       0       S       /bin/ipsmonitor
59        0       0       S       /bin/merged_daemons
60        0       0       S       /bin/fnbamd
61        0       0       S       /bin/fclicense
62        0       0       S       /bin/ipshelper
63        0       0       S       /bin/forticron
64        0       0       S       /bin/forticldd
65        0       0       S       /bin/authd
66        0       0       S       /bin/foauthd
67        0       0       S       /bin/httpclid
68        0       0       S       /bin/iked
69        0       0       S       /bin/updated
70        0       0       S       /bin/snmpd
71        0       0       S       /bin/dhcpd
72        0       0       S       /bin/miglogd 1
73        0       0       S       /bin/ntpd
74        0       0       S       /bin/sshd
75        0       0       S       /bin/telnetd
78        0       0       S       /bin/alertmail
79        0       0       S       /bin/dnsproxy
80        0       0       S       /bin/eap_proxy
81        0       0       S       /bin/fgfmd
82        0       0       S       /bin/cw_acd
83        0       0       S       /bin/wpad_ac
84        0       0       S       /bin/stpd
85        0       0       S       /bin/fsvrd
87        0       0       S       /bin/fcnacd
92        0       0       S       /bin/httpsd
93        0       0       S       /bin/httpsd
94        0       0       S       /bin/httpsd
510       0       0       S       /bin/pyfcgid
512       0       0       S       /bin/pyfcgid
513       0       0       S       /bin/pyfcgid
514       0       0       S       /bin/pyfcgid
553       0       0       S       /bin/sshd
554       0       0       S       /bin/newcli
556       0       0       R       ps

-you can use diag to check 100 the most 100 top resources with 25s delay, but the list not as comprehensive as “fnsysctl ps” above
# diag sys top 25 100
Run Time:  0 days, 8 hours and 15 minutes
0U, 0N, 0S, 100I; 499T, 253F
         pyfcgid      510      S       0.0     5.1
         pyfcgid      512      S       0.0     5.0
         pyfcgid      513      S       0.0     5.0
         pyfcgid      514      S       0.0     5.0
         cmdbsvr       32      S       0.0     5.0
          httpsd       94      S       0.0     4.7
          httpsd       93      S       0.0     4.7
          httpsd       53      S       0.0     4.1
          cw_acd       82      S       0.0     4.0
          httpsd       92      S       0.0     3.9
       forticron       63      S       0.0     3.3
         miglogd       51      S       0.0     3.3
          newcli      560      R       0.0     3.1
          newcli      554      S       0.0     3.1
           fgfmd       81      S       0.0     3.0
       ipshelper       62      S <     0.0     2.5
          fcnacd       87      S       0.0     2.4
           authd       65      S       0.0     2.3
            iked       68      S       0.0     2.2
       eap_proxy       80      S       0.0     2.2

-for example we want to check dhcp PID
# fnsysctl more /var/run/
-to kill dhcpd
# diag sys kill 9 71
# fnsysctl kill -9 71
-to disable dhcpd service
# config sys dhcp server
# edit 1
# set status dis
-to enable back
# set status ena


> show system processes extensive
last pid: 16727; load averages: 22.24, 22.19, 22.15 up 0+17:39:34 01:26:10
265 processes: 28 running, 215 sleeping, 1 zombie, 21 waiting
Mem: 970M Active, 128M Inact, 147M Wired, 230M Cache, 112M Buf, 386M Free
> start shell
% top
   last pid: 37244; load averages: 0.04, 0.03, 0.00 up 16+16:18:49 09:19:44 52 processes:    1 running, 51 sleeping, , 1 zombie, 21 waiting
   CPU states: 2.5% user, 0.0% nice, 0.6% system, 0.3% interrupt, 96.6% idle Mem: 429M     Active, 69M Inact, 59M Wired, 165M Cache, 110M Buf, 258M Free
If the PID is identified from CLI, or the top command
% ps aux | grep –Wz
-to kill target PID
# kill -9 16396





Firewall/Router Attack – BlackNurse


This BlackNurse attack will causing high CPU on target device


-Kali linux

Attack (flood better)
# hping3 -1 -C 3 -K 3 -i u20

# hping3 -1 -C 3 -K 3 –flood

-Mikrotik v6.37.1 CPU utilization before attack 4%, after attack 44%
-Fortigate 5.2 CPU utilization before attack idle 99%, after attack idle 70%

This attack only from 1 source. Could be more damage if I am using more attack sources

-Cisco ASA 5505, 5506, 5515, 5525 , 5540 (default settings)
-Cisco 6500 routers with SUP2T and Netflow v9 on the inbound interface – 100% CPU load
-Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
-Cisco Router 897 – Can be mitigated – The current code from will make evil worse.
-Fortinet v5.4.1 – One CPU consumed
-Fortigate units 60c and 100D (even with drop ICMP on) – RESPONSE FROM FORTINET
-Some unverified Palo Alto – SEE ANSWER FROM PALO ALTO
-Palo Alto 5050 Firewalls with firmware 7.1.4-h2
-SonicWall – Misconfiguration can be changed and mitigated (Enable Anti-DDOS)
-Zyxel NWA3560-N (Wireless attack from LAN Side)

-Zyxel Zywall USG50

-AVM Fritz!Box 7360 (common ADSl router in Germany)
-Check Point Security Gateways – Checkpoint response!
-Cisco ISR4321 Router IOS XE – Version 15.5(3)S2, RELEASE SOFTWARE (fc2)
-GigaVUE HC-Serie (Gigamon)
-Juniper SRX
-Mikrotik CCR1036-12G-4S firmware: 3.27 (250 Mbit/sek) and no problem && RouterOS 5.4 on Mikrotik RB750
-OpenBSD 6.0 and current
-Ubiquiti Networks – EdgeRouter Lite CPU 60-70% load but still going
-Windows Firewalls

How to disable SIP ALG


Many of today’s commercial routers implement SIP ALG (Application-level gateway), coming with this feature enabled by default. While ALG could help in solving NAT related problems, the fact is that many routers’ ALG implementations are wrong and break SIP.

login to Smart Dashboard
click Smart Defence tab
expand Application Intelligence
expand VoIP
disable all features on H.323

(config)# no ip nat service sip tcp port 5060
(config)# no ip nat service sip udp port 5060

(config)# policy-map global_policy
(config)# no inspect sip

> cyberoam system_modules sip unload

Open a browser and enter the router’s IP address in the address bar. Go to “Firewall Settings” under the “Advanced” item.
Uncheck the box to disable SPI – usually, directly below this item are options for “NAT Endpoint Filtering” that must be changed to “Endpoint Independent” for both TCP and UDP.
Next, find the “Application Level Gateway (ALG) Configuration” area and uncheck the box for SIP.
Save these settings and reboot the device if requested

disable SIP ALG
# config system settings
# set sip-helper disable
# set sip-nat-trace disable
# end
# show full-configuration system settings
delete sip
# config system session-helper
(session-helper) # show
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
edit 2
set name h323
set protocol 6
set port 1720
edit 3
set name ras
set protocol 17
set port 1719
edit 4
set name tns
set protocol 6
set port 1521
edit 5
set name tftp
set protocol 17
set port 69
edit 6
set name rtsp
set protocol 6
set port 554
edit 7
set name rtsp
set protocol 6
set port 7070
edit 8
set name rtsp
set protocol 6
set port 8554
edit 9
set name ftp
set protocol 6
set port 21
edit 10
set name mms
set protocol 6
set port 1863
edit 11
set name pmap
set protocol 6
set port 111
edit 12
set name pmap
set protocol 17
set port 111
edit 13
set name sip
set protocol 17
set port 5060
edit 14
set name dns-udp
set protocol 17
set port 53
edit 15
set name rsh
set protocol 6
set port 514
edit 16
set name rsh
set protocol 6
set port 512
edit 17
set name dcerpc
set protocol 6
set port 135
edit 18
set name dcerpc
set protocol 17
set port 135
edit 19
set name mgcp
set protocol 17
set port 2427
edit 20
set name mgcp
set protocol 17
set port 2727
(session-helper) # delete 13
(session-helper) # end

# set security alg sip disable
# commit and quit

> ip firewall service-port set sip disabled=yes

From Wan Setup Menu, NAT Filtering, uncheck the box next to “Disable SIP ALG”

# set shared alg-override application sip alg-disabled yes

go to http://<router.LAN.IP>/cgi-bin/MANGA/support.cgi
Click the “Disable” button under “SIP ALG Support”

in GUI, go to VOIP>Settings>General Settings
tick Enable consistent NAT
untick Enable SIP Transformations

telnet router
> connection unbind application=SIP port=5060
> saveall

telnet router
Menu option “24. System Maintenance”.
Menu option “8. Command Interpreter Mode”.
ip nat service sip active 0

PaloAlto UNL Basic config

20160809 22.09.jpg

-make sure all nics in UNL vm using vmxnet3 and not e1000
-I feel PA6.1 is more stable than PA7.0.1
-I don’t have URL Filtering license, so I can’t test blocking website

-set PA mgmt nic ip to
> configure
# set deviceconfig system ip-address netmask
# commit

-open PC1 browser and go to
L: admin
P: admin

set Device/Management section

-set Service Route Configuration

-set Network/Network Profiles/Interface Mgmt

-set Network/Zones

-set Network/Interfaces

-set Network/DHCP


-set Objects/Addresses


-set Policies/Security


-set Policies/NAT


-click Commit
-click Save
Now you can test whether you can surfing from PC1

Blocking Browsec Chrome Extension

Browsec is VPN extension similar to ZenMate


Cisco ASA:





/ip firewall address-list
add address= list=LAN
/ip firewall layer7-protocol
add name=browsec regexp=”^.+(*\$”
/ip firewall filter

add action=drop chain=forward layer7-protocol=browsec src-address-list=LAN



Blocking Telegram

Telegram is like WhatsApp that can be downloaded here


Cisco ASA:

interface Ethernet0
 nameif outside
 security-level 0
 ip address dhcp
interface Ethernet1
 nameif inside
 security-level 100
 ip address
clock timezone gmt 7
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
object network PAT
object network telegram1
object network telegram2
object network telegram3
object network telegram4
object network telegram5
object network telegram6
object-group network objgrp-telegram
 network-object object telegram1
 network-object object telegram2
 network-object object telegram3
 network-object object telegram4
 network-object object telegram5
 network-object object telegram6
access-list LAN extended permit ip any any
access-list acl-telegram extended deny ip any object-group objgrp-telegram
access-list ping extended permit icmp any interface outside
access-list ping extended permit icmp any interface inside
access-list outside_access_out extended deny ip any object-group objgrp-telegram
access-list outside_access_out extended permit ip any any
object network PAT
 nat (inside,outside) dynamic interface
access-group outside_access_out out interface outside
access-group LAN in interface inside
route outside 1
user-identity default-domain LOCAL
http server enable
http outside
http inside
ntp server
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect icmp error


config system interface
    edit “port1”
        set vdom “root”
        set mode dhcp
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 1
    edit “port2”
        set vdom “root”
        set ip
        set allowaccess ping https ssh fgfm
        set type physical
        set snmp-index 2
config firewall policy
    edit 1
        set name “PAT”
        set uuid 170d4c60-0d49-51e6-102b-cc84e02a9dfb
        set srcintf “port2”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
        set nat enable
    edit 2
        set name “telegram”
        set uuid 0b2d9320-0d5b-51e6-ce90-307685813f39
        set srcintf “port2”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “telegramgroup”
        set schedule “always”
        set service “HTTP” “HTTPS”
        set logtraffic all
config firewall address
    edit “telegram”
        set uuid 532c2ac0-0d5a-51e6-754f-62c1c2f11af6
        set subnet
    edit “telegram2”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet
    edit “telegram3”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet
    edit “telegram4”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet
    edit “telegram5”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet
    edit “telegram6”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet
config firewall addrgrp
    edit “telegramgroup”
        set uuid 72081cc0-0d5e-51e6-f4e3-e05511d7c552
        set member “telegram” “telegram2” “telegram3” “telegram4” “telegram5” “telegram6”



# show
version 12.1X46-D10.2;
system {
    host-name SRX1;
    root-authentication {
        encrypted-password “$1$htJmWkYL$Dij6D2dwMvBOvSm64mJVt0”; ## SECRET-DATA
    name-server {;;
    services {
        web-management {
            http {
                interface ge-0/0/0.0;
    syslog {
        file messages {
            any any;
    license {
        autoupdate {
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input BLOCK-TELEGRAM;
    ge-0/0/1 {
        unit 0 {
            family inet {
routing-options {
    static {
        route next-hop;
policy-options {
    prefix-list ADDRESSLIST-TELEGRAM {;;;;;;
security {
    screen {
        ids-option untrust-screen {
            icmp {
            ip {
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: ‘queue-size’ is deprecated
                    timeout 20;
    nat {
        source {
            rule-set PAT {
                from zone trust;
                to zone untrust;
                rule PAT {
                    match {
                    then {
                        source-nat {
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                then {
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                then {
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                then {
    zones {
        security-zone trust {
            interfaces {
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
firewall {
    filter BLOCK-TELEGRAM {
        term LIST-TELEGRAM {
            from {
                source-prefix-list {
            then {
        term ALLOW-REST {
            then accept;


/ip firewall address-list
add address= list=LAN
add address= list=telegram
add address= /22 list=telegram
add address= /22 list=telegram
add address= /22 list=telegram
add address= list=telegram
add address= list=telegram
/ip firewall filter
add action=drop chain=forward dst-address-list=telegram src-address-list=LAN



Blocking ZenMate


Cisco ASA:

(config)# object-group network zenmate
(config)# network-object host
(config)# network-object host
(config)# network-object host
(config)# network-object host
(config)# network-object host
(config)# network-object host
(config)# network-object host
(config)# network-object host
(config)# network-object host

(config)# access-list acl-inside extended deny ip any object-group zenmate




# export
/ip firewall address-list
add address= list=LAN
/ip firewall layer7-protocol
add name=zenmate regexp=”^.+(||||*\$”
/ip firewall filter

add action=drop chain=forward disabled=yes layer7-protocol=zenmate src-address-list=LAN



Eve-NG Installation on ESXi

-check your CPU support virtualization

-check your hardware support virtualization
# esxcfg-info |grep “HV Support”
|—-HV Support……………………………………..3
|—-World Command Line……………………………grep HV Support
0 – VT/AMD-V indicates that support is not available for this hardware.
1 – VT/AMD-V indicates that VT or AMD-V might be available but it is not supported for this hardware.
2 – VT/AMD-V indicates that VT or AMD-V is available but is currently not enabled in the BIOS.
3 – VT/AMD-V indicates that VT or AMD-V is enabled in the BIOS and can be used.

-Edit the VM settings and go to VM settings > Options > CPUID mask > Advanced > Level 1, add the following CPU mask level
ECX —- —- —- —- —- —- –H- —-
NOTE: do above only if all else failed

-Edit the VM settings and go to VM settings > Options > CPU/MMU
Virtualization . Select
“Use Intel VT-x/AMD-V for instruction set virtualization and Intel EPT/AMD RVI for MMU virtualization”

-vm hardware version must be version 9 or above
# vim-cmd vmsvc/getallvms
# vim-cmd vmsvc/upgrade unetlab-vmid vmx-09

-modify /etc/vmware/config
add in the last line then  logout and relogin from web gui
vhv.enable = “TRUE”
or better
modify /vmfs/volume/datastore1/UnetLab/UnetLab.vmx
add to the last line
vhv.enable = “TRUE”

-should show “nestedHVSupported true”
# vim-cmd vmsvc/get.capability 8

-test in ubuntu
# egrep -c ‘(vmx|svm)’ /proc/cpuinfo
the output should be 8

-to reconfigure network
# rm -f /opt/ovf/.configured
# exit
and login back

-if sometime you can’t login Web GUI, try this
# /etc/init.d/apache2 restart

Download Unetlab from:

-check current version
# dpkg -l eve-ng
ii  eve-ng         2.0.3-53     amd64        A new generation software for net
# apt autoremove (answer Y)
# apt-get update
# apt-get install eve-ng
# apt-get dist-upgrade (answer Y)
# reboot ( if previous version < V84 )
-check new version
# dpkg -l eve-ng
ii  eve-ng         2.0.3-60     amd64        A new generation software for net

-to check what version are you running and what version is the freshest one
# cat /etc/apt/sources.list.d/unetlab.list
deb trusty rrlabs
# apt-cache policy unetlab
Installed: 0.9.0-96
Candidate: 0.9.0-96
Version table:
*** 0.9.0-96 0
500 trusty/rrlabs amd64 Packages
100 /var/lib/dpkg/status
0.9.0-94 0
500 trusty/rrlabs amd64 Packages
0.9.0-92 0
500 trusty/rrlabs amd64 Packages
0.9.0-88 0
500 trusty/rrlabs amd64 Packages
0.9.0-76 0
500 trusty/rrlabs amd64 Packages
0.9.0-70 0
500 trusty/rrlabs amd64 Packages
0.9.0-68 0
500 trusty/rrlabs amd64 Packages
0.9.0-54 0
500 trusty/rrlabs amd64 Packages

-Below is the reference node in UNL: “/opt/unetlab/html/includes/init.php”
‘a10’ => ‘A10 vThunder’,
‘osx’ => ‘Apple OSX’,
‘clearpass’ => ‘Aruba ClearPass’,
‘aruba’ => ‘Aruba WiFi Controller’,
‘veos’ => ‘Arista vEOS’,
‘barracuda’ => ‘Barraccuda NGIPS’,
‘brocadevadx’ => ‘Brocade vADX’,
‘cpsg’ => ‘CheckPoint Security Gateway VE’,
//’docker’ => ‘’,
‘acs’ => ‘Cisco ACS’,
‘ampcloud’ => ‘Cisco AMP Cloud’,
‘asa’ => ‘Cisco ASA’,
‘asav’ => ‘Cisco ASAv’,
‘cda’ => ‘Cisco Context Directory Agent’,
‘csr1000v’ => ‘Cisco CSR 1000V’,
‘csr1000vng’ => ‘Cisco CSR 1000V (Denali and Everest)’,
‘cips’ => ‘Cisco IPS’,
‘cucm’ => ‘Cisco CUCM’,
‘ise’ => ‘Cisco ISE’,
‘c1710’ => ‘Cisco IOS 1710 (Dynamips)’,
‘c3725’ => ‘Cisco IOS 3725 (Dynamips)’,
‘c7200’ => ‘Cisco IOS 7206VXR (Dynamips)’,
‘iol’ => ‘Cisco IOL’,
‘titanium’ => ‘Cisco NX-OSv (Titanium)’,
‘nxosv9k’ => ‘Cisco NX-OSv 9K’,
‘firepower’ => ‘Cisco FirePower’,
‘firepower6’ => ‘Cisco FirePower 6′,
//’ucspe’ => ‘Cisco UCS-PE’,
‘vios’ => ‘Cisco vIOS’,
‘viosl2’ => ‘Cisco vIOS L2’,
‘vnam’ => ‘Cisco vNAM’,
‘vwlc’ => ‘Cisco vWLC’,
‘vwaas’ => ‘Cisco vWAAS’,
‘prime’ => ‘Cisco Prime Infra’,
‘phoebe’ => ‘Cisco Email Security Appliance (ESA)’,
‘coeus’ => ‘Cisco Web Security Appliance (WSA)’,
‘xrv’ => ‘Cisco XRv’,
‘xrv9k’ => ‘Cisco XRv 9000’,
‘nsvpx’ => ‘Citrix Netscaler’,
‘sonicwall’ => ‘Dell SonicWall’,
‘cumulus’ => ‘Cumulus VX’,
‘extremexos’ => ‘ExtremeXOS’,
‘bigip’ => ‘F5 BIG-IP LTM VE’,
‘fortinet’ => ‘Fortinet FortiGate’,
‘huaweiusg6kv’ => ‘Huawei USG6000v’,
‘hpvsr’ => ‘HP VSR1000’,
‘jspace’ => ‘Junos Space’,
‘olive’ => ‘Juniper Olive’,
‘vmx’ => ‘Juniper vMX’,
‘vmxvcp’ => ‘Juniper vMX VCP’,
‘vmxvfp’ => ‘Juniper vMX VFP’,
‘vsrx’ => ‘Juniper vSRX’,
‘vsrxng’ => ‘Juniper vSRX NextGen’,
‘vqfxre’ => ‘Juniper vQFX RE’,
‘vqfxpfe’ => ‘Juniper vQFX PFE’,
‘junipervrr’ => ‘Juniper RR’,
‘linux’ => ‘Linux’,
‘mikrotik’ => ‘MikroTik RouterOS’,
‘timos’ => ‘Nokia 7750 VSR-I’,
‘timoscpm’ => ‘Nokia 7750 CPM’,
‘timosiom’ => ‘Nokia 7750 IOM’,
‘ostinato’ => ‘Ostinato’,
‘paloalto’ => ‘Palo Alto VM-100 Firewall’,
‘pfsense’ => ‘pfSense Firewall’,
‘alteon’ => ‘Radware AlteonVA’,
‘riverbed’ => ‘Riverbed’,
‘sterra’ => ‘S-Terra’,
‘vyos’ => ‘VyOS’,
‘esxi’ => ‘VMWare ESXi’,
‘vcenter’ => ‘VMWare vCenter’,
‘win’ => ‘Windows’,
‘winserver’ => ‘Windows Server’,
‘vpcs’ => ‘Virtual PC (VPCS)’

Qemu folder name EVE Vendor Qemu image .qcow2 name
a10- A10-vthunder hda
osx- Apple OSX
clearpass- Aruba ClearPass hda
aruba- Aruba WiFi Controller hda, hdb
veos Arista vEOS hda, cdrom.iso
barracuda- Barraccuda NGIPS hda
brocadevadx- Brocade vADX virtioa
cpsg- CheckPoint Security Gateway VE hda
acs- Cisco ACS hda
ampcloud Cisco AMP Cloud
asa- Cisco ASA hda
asav- Cisco ASAv virtioa
cda- Cisco Context Directory Agent hda
csr1000v- Cisco CSR 1000v virtioa
csr1000vng- Cisco CSR 1000v (Denali and Everest) virtioa
cips- Cisco IPS hda, hdb
cucm- Cisco CUCM virtioa
ise- Cisco ISE hda
titanium- Cisco NX-OSv (Titanium) virtioa
nxosv9k- Cisco NX-OSv 9k hda
firepower- Cisco FirePower scsia
firepower6- Cisco FirePower 6 hda
ucspe Cisco UCS-PE
vios- Cisco vIOS virtioa
viosl2- Cisco vIOS L2 virtioa
vnam- Cisco vNAM hda
vwlc- Cisco vWLC megasasa
vwaas- Cisco vWAAS virtioa
prime- Cisco Prime Infra
phoebe- Cisco Email Security Appliance (ESA) hda
coeus- Cisco Web Security Appliance (WSA) virtioa
xrv- Cisco XRv hda
xrv9k- Cisco XRv 9000 virtioa
nsvpx- Citrix Netscaler virtioa
sonicwall- DELL Sonicwall hda
cumulus- Cumulus VX hda
extremexos- ExtremeOS hda
bigip- F5 BIG-IP LTM VE hda, hdb
fortinet- Fortinet FW virtioa
fortinet- Fortinet SGT virtioa
fortinet- Fortinet mail virtioa, virtiob
fortinet- Fortinet manager virtioa
huaweiusg6kv Huawei USG6000v
hpvsr- HP VSR1000 hda
jspace- Junos Space hda
olive- Juniper Olive hda
vmx- Juniper vMX hda
vmxvcp- Juniper vMXVCP hda, hdb, hdc
vmxvfp- Juniper vMXVFP hda
vsrx- Juniper vSRX virtioa
vsrxng- Juniper vSRX NextGen hda
vqfxre- Juniper vQFXRE hda
vqfxpfe- Juniper vQFXPFE hda
junipervrr Juniper RR
linux- Linux hda
mikrotik- MikroTik RouterOS hda
timos- Nokia 7750 VSR-I hda
timoscpm- Nokia 7750 CPM
timosiom- Nokia 7750 IOM
ostinato- Ostinato traffic generator hda
paloalto- Palo Alto VM-100 Firewall virtioa
pfsense- pfSense Firewall hda
alteon- Radware AlteonVA virtioa
riverbed- Riverbed virtioa, virtiob
sterra- S-terra VPN hda
vyos- VyOS virtioa
esxi- VMWare ESXi
vcenter- VMWare Vcenter
win- Windows hda
winserver- Windows Server hda
vpcs Virtual PC (VPCS)

-to install ios image
scp c1710-bk9no3r2sy-mz.124-23.bin, c3725-adventerprisek9-mz.124-15.T14.bin and c7200-adventerprisek9-mz.152-4.S6.bin to /opt/unetlab/addons/dynamips
# cd /opt/unetlab/addons/dynamips
# unzip c1710-bk9no3r2sy-mz.124-23.bin
# unzip c3725-adventerprisek9-mz.124-15.T14.bin
# unzip c7200-adventerprisek9-mz.152-4.S6.bin
# mv C1710-BK.BIN c1710-bk9no3r2sy-mz.124-23.image
# mv C3725-AD.BIN c3725-adventerprisek9-mz.124-15.T14.image
# mv C7200-AD.BIN c7200-adventerprisek9-mz.152-4.S6.image
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install asa
# mkdir -p /opt/unetlab/addons/qemu/asa-8.42
scp ASA-8.42.vmdk and ASA-8.42-0.vmdk into /opt/unetlab/addons/qemu/asa-8.42
# cd /opt/unetlab/addons/qemu/asa-8.42
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42-0.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create two asa node with ram 1024mb
# conf t
(config)# hostname asa1
(config)# int e0
(config-if)# ip add
(config-if)# nameif outside
(config-if)# no sh
# conf t
(config)# hostname asa2
(config)# int e0
(config-if)# ip add
(config-if)# nameif outside
(config-if)# no sh
(config-if)# end
# ping mkdir -p /opt/unetlab/addons/qemu/asa-9.15
scp hda.qcow2 and hdb.qcow2 into /opt/unetlab/addons/qemu/asa-9.15
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Forum said only asa-9.15 can do Active/Active

-to install a10
# mkdir -p /opt/unetlab/addons/qemu/a10-4.0.1
# scp vThunder-4.0.1.ova into /opt/unetlab/addons/qemu/a10-4.0.1
# cd  /opt/unetlab/addons/qemu/a10-4.0.1
# tar xf vThunder-4.0.1.ova
# # /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vThunder-4.0.1-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

 -to install acs
download acs-
create acs vm in ESXi with 4GB RAM, 2x CPU core, 40GB thin disk, OS Other Linux 64bit
boot acs vm and attach acs-
after install, reboot and remove detach acs.iso
login: setup
Enter hostname[]: acs
Enter IP address:
Enter IP netmask[]:
Enter IP default gateway[]:
Enter default DNS domain[]:
Enter primary nameserver[]:
Add seconday nameserver? Y/N [N}:
Enter NTP server[]:
Add another NTP server? Y/N [N]:
Enter system timezone[UTC]: GMT
Enable SSH service? Y/N [N]: y
Enter username[admin]:
Enter password:
Enter password again:shutdown acs vm
ssh as root to unetlab
# mkdir -p /opt/unetlab/addons/qemu/acs-
ssh as root into ESXi
# cd /vmfs/volume/datastore1/acs
# scp *vmdk root@
switch to unetlab
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 acs.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
-to install asav
# mkdir -p /opt/unetlab/addons/qemu/asav-932-200
scp asav932-200.qcow2 into /opt/unetlab/addons/qemu/asav-932-200
# cd /opt/unetlab/addons/qemu/asav-932-200
# cp -p asav932-200.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create asav lab
Make sure console is vnc in unl file.
# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install Aruba CX
# mkdir /opt/unetlab/addons/qemu/aruba-cx-10_02
scp into /tmp
# cd /tmp
# unzip
# tar xf ArubaOS-CX_10_02_0010.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 arubaoscx-disk-image-genericx86-p4-20190129201401.vmdk /opt/unetlab/addons/qemu/aruba-cx-10_02/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Wipe before Start node
L: admin

-to install Aruba MM
# mkdir /opt/unetlab/addons/qemu/aruba-mm-
scp ArubaOS_MM_8.2.0.2_62929.ova into /tmp
# cd /tmp
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_MM_8.2.0.2_62929-disk1.vmdk /opt/unetlab/addons/qemu/aruba-mm- /hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_MM_8.2.0.2_62929-disk2.vmdk /opt/unetlab/addons/qemu/aruba-mm- /hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
-set 6GB RAM and 3 CPU minimum. NICs must be 3 before turn on

-to install aruba vmc
# mkdir -p /opt/unetlab/addons/qemu/aruba-vmc-
scp ArubaOS_VMC_8.2.0.2_62929.tar into /tmp
# tar xf ArubaOS_VMC_8.2.0.2_62929.tar
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_VMC_8.2.0.2_62929-disk1.vmdk /opt/unetlab/addons/qemu/aruba-vmc-
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_VMC_8.2.0.2_62929-disk2.vmdk /opt/unetlab/addons/qemu/aruba-vmc-
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install bigip-12.0
download from
# mkdir -p /opt/unetlab/addons/qemu/bigip-12.0/
scp into /opt/unetlab/addons/qemu/bigip-12.0/
# cd /opt/unetlab/addons/qemu/bigip-12.0/
# unzip
# rm
# mv BIGIP- hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install brocadevadx
# mkdir -p /opt/unetlab/addons/qemu/brocadevadx-3100
# scp into /opt/unetlab/addons/qemu/brocadevadx-3100
# cd /opt/unetlab/addons/qemu/brocadevadx-3100
# unzip
# tar xf SSR03100ESX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 SSR1000ESX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Make sure console is vnc in unl file.
# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install cda
open ESXi and prepare cda vm with minimum spec
OS: Windows 2003, 2008, 2008R2, 2012, 2012R2
Disk Size: 120GB
CPU: 2 virtual core
NIC: 1pc
See p2-2

Click to access cda10.pdf

Download and install cda_1.0.0.011.i386.iso
see p2-12 pdf above
shutdown vm
ssh as root into unetlab
# mkdir -p /opt/unetlab/addons/qemu/cda-1.0
ssh as root into ESXi
# cd /vmfs/volume/datastore1/cda
# scp *vmdk root@
ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/cda-1.0
# /opt/qemu/bin/qemu-img create -f qcow cda-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cips
# mkdir -p /opt/unetlab/addons/qemu/cips-4240
scp IPS-4240.ova into /opt/unetlab/addons/qemu/cips-4240
# cd /opt/unetlab/addons/qemu/cips-4240
# tar xf IPS-4240.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk1.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
when you start cips for first time
L: cisco
P: cisco

-to install clearpass
scp into /tmp
# mkdir -p /opt/unetlab/addons/qemu/clearpass-6.7.0
# cd /tmp
# unzip
# cd CPPM-VM-x86_64-
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CPPM-VM-x86_64- /opt/unetlab/addons/qemu/clearpass-6.7.0/hda.qcow2
# cd /opt/unetlab/addons/qemu/clearpass-6.7.0
# /opt/qemu/bin/qemu-img create -f raw hdb.qcow2 80G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cnMaestro
download cnMaestro on-premise
# mkdir -p /opt/unetlab/addons/qemu/linux-cnmaestro
scp cnmaestro-on-premises_2.1.0-r22_amd64.ova /opt/unetlab/addons/qemu/linux-cnmaestro
# cd /opt/unetlab/addons/qemu/linux-cnmaestro
# tar xvf cnmaestro-on-premises_2.1.0-r22_amd64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cnmaestro-on-premises_2.1.0-r22_amd64-disk1.vmdk qcow2 hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cnmaestro-on-premises_2.1.0-r22_amd64-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-
scp into /opt/unetlab/addons/qemu/coeus-
# cd /opt/unetlab/addons/qemu/coeus-
# unzip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
$p[‘console’] = ‘telnet’;
$p[‘console’] = ‘vnc’;

-to install cpsg
download CheckPoint GAIA R77-30 iso
create cpsg-r7730 vm in ESXI with 30GB HD, 2GB RAM, 4 nics and Other Linux 64bit
1. Install Gaia on this system
press Enter
2. Keyboard Selection
click US and OK
3. Partitions Configuration
click OK
4. Account Configuration
click OK
5. Management Port
choose your manament nic
click OK
6. Management Interface (eth0)
IP address:
Default gateway:
click OK
7. Confirmation
click OK
Shutdown vm and export as ova
# mkdir -p /opt/unetlab/addons/qemu/cpsg-r7730
scp cpsg-r7730.ova into /opt/unetlab/addons/qemu/cpsg-r7730
# tar xf cpsg-r7730.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cpsg-r7730-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install csr
# mkdir -p /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
scp csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova into /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# cd /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# tar xf csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 csr1000v_harddisk.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cumulus
Download Cumulus VX for VMware from
# mkdir -p /opt/unetlab/addons/qemu/cumulus-2.5.3
scp CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova /opt/unetlab/addons/qemu/cumulus-2.5.3
# cd /opt/unetlab/addons/qemu/cumulus-2.5.3
# tar xf CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CumulusVX-2.5.3-4eb681f3df86c478-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install extremexos
# mkdir -p /opt/unetlab/addons/qemu/extremexos-
scp /opt/unetlab/addons/qemu/extremexos-
# cd /opt/unetlab/addons/qemu/extremexos-
# unzip
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “EXOS_VM_15.3.2.11 sw1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install linux cyberoam
# cp linux-cyberoam.tar /opt/unetlab/addons/qemu/
# tar xf linux-cyberoam.tar
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
CPU: 1
RAM: 1024MB
Ethernet: 3
QEMU Nic: E1000

Console: vnc

-to install fortinet
We must download fortios KVM version not VMware version. The hd name must be virtioa not hda otherwise you will get country error
# mkdir -p /opt/unetlab/addons/qemu/fortinet-5.2.3b670
scp fortios_5-2-3.qcow2 into /opt/unetlab/addons/qemu/fortinet-5.2.3b670
# cd /opt/unetlab/addons/qemu/fortinet-5.2.3b670
# mv fortios_5-2-3.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to add log disk
# cd /opt/unetlab/addons/qemu/fortinet-5.6
create 500MB log disk size
# /opt/qemu/bin/qemu-img create -f raw virtiob.qcow2 500M
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
on FortiGate
# get system status
Version: FortiGate-VM64-KVM v5.6.0,build1449,170330 (GA)
Virus-DB: 1.00123(2015-12-11 13:18)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGVMEV0000000000
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Sun May  7 05:35:13 2017
VM Resources: 1 CPU/1 allowed, 995 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Need format
Hostname: FortiGate-VM64-KVM
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1449
Release Version Information: GA
FortiOS x86-64: Yes
System time: Sat Apr 22 05:46:50 2017
FortiGate-VM64-KVM # execute formatlogdisk
Log disk is /dev/vdb.
Formatting this storage will erase all data on it, including
  logs, quarantine files;
and require the unit to reboot.
Do you want to continue? (y/n)y
FortiGate-VM64-KVM # get hardware status
Model name: FortiGate-VM64-KVM
ASIC version: not available
CPU: QEMU Virtual CPU version 1.0
Number of CPUs: 1
RAM: 995 MB
Compact Flash: 2056 MB /dev/vda
Hard disk: 500 MB /dev/vdb

USB Flash: not available

Fortigate: You cannot create VDOMs, have a throughput limit, have some SSL limitation and has no Subscription signatures for IPS / App Control, AV, Web Filtering and Antispam.
   You cannot try FortiGate HA with trial version because the trial VM has the same S/N of the other and the Cluster could not form
FortiManager / FortiAnalyzer: Limit of log per day or management devices
FortiADC (VM and D series): I believe that latest version only release the GUI after upload the license. The older versions has no limitation.
FortiWeb: There’s no signature update
FortiSandbox: Did not download the Windows VM’s
FortiAuthenticator: Limit the number of users in database

FortiMail: There’s no signature (antivirus) and no antispam (cloud)

-to install hpvsr
Download hpvsr from

# mkdir /opt/unetlab/addons/qemu/hpvsr-1001-CMW710
scp into /tmp
# cd /tmp
# unzip
# tar xf VSR1000_HPE-CMW710-E0325-X64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VSR1000_HPE-CMW710-E0325-X64-disk1.vmdk /opt/unetlab/addons/qemu/hpvsr-1001-CMW710/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install iol
find in google these 3 files

copy above files into /opt/unetlab/addons/iol/bin
# cd /opt/unetlab/addons/iol/bin
# mv i86bi_linux-adventerprisek9-ms.154-2.T4 i86bi_linux-adventerprisek9-ms.154-2.T4.bin
# mv i86bi_linux_l2-adventerprisek9-ms.156-0.9.S i86bi_linux_l2-adventerprisek9-ms.156-0.9.S.bin
# unzip
# python
# mv iourc.txt iourc
NOTE: don’t use .iourc, otherwise it won’t run

-to import iou lab
download IOU-WEB from
Download, extract and import v22VMIOU2014 into VMware
Power on the vm and modify its ip address
# cat /etc/sysconfig/network-scripts/ifcfg-eth0

# service network restart
open web browser and go to
click Downloads/database.sdb
scp database.sdb into unetlab server tmp

login as root into unetlab vm
# apt-get install php5-sqlite sqlite
# cd /opt/unetlab/scripts/
# wget .
# chmod 755 /opt/unetlab/scripts/import_iou-web.php
# /opt/unetlab/scripts/import_iou-web.php /tmp/database.sdb
All labs will be imported under /opt/unetlab/labs/Imported

IOU assigns DCE/DTE on a per slot basis. Even slots are DTE, Odd slots are DCE

e.g. Slots 0, 2, 4.. = DTE; Slots 1, 3, 5.. = DCE

-to install ise
In ESXi import ISE-
ssh as root to ESXi
# /vmfs/volumes/datastore1/ISE
# scp *vmdk root@
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/ise-
# cd /opt/unetlab/addons/qemu/ise-
# /opt/qemu/bin/qemu-img convert -f qcow ISE-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install mikrotik
Download latest chr vmdk from
# mkdir /opt/unetlab/addons/qemu/mikrotik-6.34.3
scp chr-6.34.3.vmdk into /opt/unetlab/addons/qemu/mikrotik-6.34.3
# cd /opt/unetlab/addons/qemu/mikrotik-6.34.3
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 chr-6.34.3.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin

-to install nsvpx
# mkdir -p /opt/unetlab/addons/qemu/nsvpx-
scp into /opt/unetlab/addons/qemu/nsvpx-
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NSVPX-ESX-11.0-55.20_nc-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install olive
# mkdir -p /opt/unetlab/addons/qemu/olive-12.1R1.9
scp “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova” into /opt/unetlab/addons/qemu/olive-12.1R1.9
# cd /opt/unetlab/addons/qemu/olive-12.1R1.9
# tar xf “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova”
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “JunOS Olive-disk1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install ostinato
Download ost-drone-0.7-v1.qcow2 from
# mkdir /opt/unetlab/addons/qemu/ostinato-0.7-v1
scp ost-drone-0.7-v1.qcow2 into /opt/unetlab/addons/qemu/ostinato-0.7-v1
# cd /opt/unetlab/addons/qemu/ostinato-0.7-v1
# mv ost-drone-0.7-v1.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install paloalto
# mkdir -p /opt/unetlab/addons/qemu/PA-VM-ESX-7.0.1
scp PA-VM-ESX-6.1.0.ova into /opt/unetlab/addons/qemu/paloalto-7.0.1
# cd /opt/unetlab/addons/qemu/paloalto-7.0.1
# tar xf PA-VM-ESX-7.0.1 .ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 PA-VM-ESX-7.0.1-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions


PA in UNL no need license but no URL and threat signature updates, as well as fewer sessions through the firewall

-to install radware
download alteon radware from
Icon: Load Balancer.png
CPU: 2 (minimum)
RAM: 2560MB (minimum)
Ethernets: 3 (minimum)
console: VNC (since telnet won’t work)
# mkdir /opt/unetlab/addons/qemu/linux-radware
scp AlteonOS-30A-5-0-0.ova into /opt/unetlab/addons/qemu/linux-radware
# cd /opt/unetlab/addons/qemu/linux-radware
# tar xf AlteonOS-30-5-0-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AlteonOS- virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Enter password: admin

-to install riverbed
# mkdir /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
scp image_rbt_vcx_9_2_0_n8_x86_64.ova into /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
# cd /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
# tar xf image_rbt_vcx_9_2_0_n8_x86_64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk1.vmdk virtioa.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk2.vmdk virtiob.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P: password
disregard cdrom complain when booting

it will probably boot 2x when power on for the first time and will take around 15min to get login prompt

-to install Ruckus SmartZone
Ruckus vSZ High-Scale
vSZ High-Scale min requirement
CPU: 2 Cores
# mkdir /opt/unetlab/addon/qemu/linux-ruckuswireless
scp vscg- into /opt/unetlab/addon/qemu/linux-ruckuswireless
# cd /opt/unetlab/addon/qemu/linux-ruckuswireless
# tar xf vscg-
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vscg- hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
follow this
L: admin
P: admin

# setup

-to install sophos XG
download latest sophos XG KVM from
# mkdir -p /opt/unetlab/addons/qemu/sophos-16.05
scp into /opt/unetlab/addons/qemu/sophos-16.05
# cd /opt/unetlab/addons/qemu/sophos-16.05
# unzip
# mv PRIMARY-DISK.qcow2 hda.qcow2
# mv AUXILIARY-DISK.qcow2 hdb.qcow2
# rm
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# cd /opt/unetlab/html/templates
# cp cpsg.php sophos.php
# sed -i ‘s/cpsg/sophos/g’ sophos.php
# sed -i ‘s/CP/sophos/g’ sophos.php
# cd ../includes
# vi init.php
‘sophos’ => ‘Sophos’,
after sterra line
LAN IP: (default) port1
WAN IP: dhcp port2
L: admin
P: admin

-to install sourcefire
download from Cisco Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2
# mkdir -p /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
scp Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 into /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# cd /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# mv Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install timos
# mkdir -p /opt/unetlab/addons/qemu/timos-12.0.R6
scp into /opt/unetlab/addons/qemu/timos-12.0.R6
# cd /opt/unetlab/addons/qemu/timos-12.0.R6
# mv TiMOS-SR-12.0.R6-vm/vm/7xxx-i386/sros-vm.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install titanium
# mkdir -p /opt/unetlab/addons/qemu/titanium-7
scp hda.qcow2 into /opt/unetlab/addons/qemu/titanium-7
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-
scp into /opt/unetlab/addons/qemu/coeus-
# cd /opt/unetlab/addons/qemu/coeus-
# unzip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
$p[‘console’] = ‘telnet’;
$p[‘console’] = ‘vnc’;

-to install Force10
download from
# mkdir /opt/unetlab/addons/qemu/linux-dellos10-
scp into /opt/unetlab/addons/qemu/linux-dellos10-
# cd /opt/unetlab/addons/qemu/linux-dellos10-
# unzip
# mv OS10-Installer- virtiob.qcow2
# mv OS10-Disk-1.0.0.vmdk sataa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vios
# mkdir -p /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mkdir -p /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
scp vIOS-L3.qcow2 into /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
scp vIOS-L2.qcow2 into /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# cd /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mv vIOS-L3.qcow2 hda.qcow2
# cd /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# mv vIOS-L2.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vmx
# mkdir -p /opt/unetlab/addons/qemu/vmx-1.0
scp vMX.ova into /opt/unetlab/addons/qemu/vmx-1.0
# cd /opt/unetlab/addons/qemu/vmx-1.0
# tar xf vMX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vMX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE: to speed up vmx
# vi /opt/unetlab/html/templates/vmx.php
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic’;
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic -enable-kvm’;

-to install vnam
# mkdir -p /opt/unetlab/addons/qemu/vnam-6.1.1
scp nam-app-x86_64.6-1-1.ova and nam-app-x86_64.6-1-1.iso into /opt/unetlab/addons/qemu/vnam-6.1.1
# cd /opt/unetlab/addons/qemu/vnam-6.1.1
# tar xf nam-app-x86_64.6-1-1.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NAM-VX-6.1-disk1.vmdk hda.qcow2
# mv nam-app-x86_64.6-1-1.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

From UnetLab gui, Start vnam icon
Main menu
1 – Download application image and write to HDD
2 – Download application image and reformat HDD
3 – Install application image from CD and reformat HDD
4 – Display software versions
5 – Reset application image CLI passwords to default
6 – Send Ping
f – Check for and fix file system errors on local disk
s – Show upgrade log
n – Configure network
r – Exit and reset Services Engine
h – Exit and shutdown Services Engine
Selection [123456fsnrh]:

I have black screen problem with vnam 6.2.1. So I use 6.1.1 instead
Any idea what to do next after do you see menu above?

-to install vsrx
# mkdir -p /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
scp junos-vsrx-12.1X46-D10.2-domestic.ova into /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# cd /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# tar xf junos-vsrx-12.1X46-D10.2-domestic.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vsrxng
for vSRX-NG can be downloaded here
# mkdir -p /opt/unetlab/addons/qemu/vsrxng-151x49d406
scp media-vsrx-vmdisk-15.1X49-D40.6.qcow2 into /opt/unetlab/addons/qemu/vsrxng-151x49d406
# cd /opt/unetlab/addons/qemu/vsrxng-151x49d406
# mv media-vsrx-vmdisk-15.1X49-D40.6.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vwaas
download vwaas from
# mkdir -p /opt/unetlab/addons/qemu/vwaas-200-5.5.3
scp virtioa.qcow2 into /opt/unetlab/addons/qemu/vwaas-200-5.5.3
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin

-to install vwlc
# mkdir -p /opt/unetlab/addons/qemu/vwlc-
scp AIR-CTVM-K9-8-1-102-0.ova and AIR-CTVM-k9-8-1-102-0.iso into /opt/unetlab/addons/qemu/vwlc-
# cd /opt/unetlab/addons/qemu/vwlc-
# tar xf AIR-CTVM-K9-8-1-102-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AS_CTVM_8_1_102_0.vmdk hda.qcow2
# mv AIR-CTVM-k9-8-1-102-0.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install tinylinux
change dsl-4-4-10.doc to dsl-4-4-10.ova
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/linux-dsl
# cd /opt/unetlab/addons/qemu/linux-dsl
scp dsl-4-4-10.ova into /opt/unetlab/addons/qemu/linux-dsl
# tar xf dsl-4-4-10.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 DSL-4.4.10-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add linux linux-dsl node
L: root

P: Password123!@#

-to install slitaz
download slitaz from
extract it in your pc
# mkdir -p /opt/unetlab/addons/qemu/linux-slitaz-3.0
scp slitaz-3.0-x86.vdi into /opt/unetlab/addons/qemu/linux-slitaz-3.0
# cd /opt/unetlab/addons/qemu/linux-slitaz-3.0
# qemu-img convert -f vdi -O qcow2 slitaz-3.0-x86.vdi hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: root
P: root

-to install win win7
install WIN7 in ESXi
update all patches
do not install vmware-tools

ssh to ESXi server and cd to WIN7 directory
# cd /vmfs/volumes/datastore1/WIN7
# scp WIN7.vmdk root@
# scp WIN7-flat.vmdk root@

ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/win-win7
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 WIN7.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add win win-win7 node

-to install xrv
# mkdir -p /opt/unetlab/addons/qemu/xrv-k9-5.2.2
scp hda.qcow2 into /opt/unetlab/addons/qemu/xrv-k9-5.2.2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vyos
copy to unetlab
# mkdir -p /opt/unetlab/addons/qemu/vyos-117
# cd /opt/unetlab/addons/qemu/vyos-117
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VyOS-1.1.7-signed-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: vyos

P: vyos

-to install zeroshell
Download zeroshell iso from
# mkdir -p /opt/unetlab/addons/qemu/linux-zeroshell
scp ZeroShell-3.3.2.iso into /opt/unetlab/addons/qemu/linux-zeroshell
# cd /opt/unetlab/addons/qemu/linux-zeroshell
# mv ZeroShell-3.3.2.iso cdrom.iso
# /opt/qemu/bin/qemu-img create -f qcow hda.qcow2 5G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
I then added a new node to a test lab I had on the go, and fired it up. Once connected via VNC, you can then install it to the hard drive, by selecting option A from the menu:
Just accept all the defaults
# mv cdrom.iso ZeroShell-3.3.2.iso
from unetlab gui stop the node and start again

-to upgrade VMware-Tools
mount iso on datastore
click CD-ROM icon on ESXi console
click CD DVD drive 1/Connect to iso image on a datastore
open vmimages/tools-isoimages/linux.iso
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom/
# tar xzvf /mnt/cdrom/VMwareTools-9.10.0-2476743.tar.gz -C /tmp/
# cd /tmp/vmware-tools-distrib
# perl
Do you still want to proceed with this legacy installer? [yes]
Uninstallation of previous install failed. Would you like to remove the install DB? [no] yes
# perl -d

-Log location
# cat /opt/unetlab/data/Logs/

-download and install UltraVNC from
-download and install Wireshark from
-download and extract http://UNLip/files/
copy UNetLab into c:\Program Files
copy ultravnc_wrapper.bat into C:\Program Files\uvnc bvba\UltraVNC
run win7_64bit_ultravnc.reg
run win7_64bit_putty.reg

run win7_64bit_wireshark.reg

-to open multiple tab session in SecureCRT
run win7_64bit_crt.reg
edit C:\Users\username\AppData\Roaming\VanDyke\Config\Global.ini
D:”Single Instance”=00000000

D:”Single Instance”=00000001

-to open multiple tab with SuperPutty
   download and install SuperPutty from
   open SuperPutty and tick Tools/Options/Advanced/Only allow single instance of SuperPuTTYy to run
   create SuperPutty.reg
Windows Registry Editor Version 5.00
@=”URL:Telnet Protocol”
“URL Protocol”=””

@=”\”C:\\Program Files (x86)\\SuperPuTTY\\SuperPutty.exe\” %1″

go to and Sign-in with
L: admin
P: unl

-to connect unetlab to the cloud

-to rename a lab file
clone or open existing file
click More Actions/Edit lab

change the Name

-to convert VirtualBox vdi to qcow2 format

# /opt/qemu/bin/qemu-img convert -f vdi -O qcow2 vm.vdi vm.qcow2

-cisco CSR 1000v take 2.5GB RAM per node, if you want less ram, use L3-ADVENTERPRISEK9-M-15.4-2T.bin instead