Killing stuck process

Arista:
# bash
$ ps –ef | grep -i Stp
$ sudo kill PID

CheckPoint:
ps -auxww  Report all active processes in the kernel we can see zombi process with this command  (z)
You must first identify the parent process of these zombies;
ps -l -p <pid of zombie>
pidof fwd (splat)
pgrep -l sshd   Find the PIDs of processes by (part of) name
ps axjf              See in tree format also i can see parent pid )
pmap PID       Memory map of process (good for hunting memory leaks)

Displaying the top 10 CPU-consuming processes (% of total usage)
ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying the processes in order of real memory use
ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10

Displaying the processes using whatchdog (CPWD) for  (CDP,FWM,FWD)
cpwd_admin list
more explanation on  this post
******************************************************
Kill a Firewall process
kill -9 (pid of process)
fw kill [-t sig] proc_name
Example:
fw kill -t 9 fwm
Also process can be kill with top command and just press -k follow by process PID

Cisco:
# show processes cpu sorted
# clear sockets PID

F5
# ps ax | grep -i sshd
# kill -9 PID

Fortinet:
-check version
# fnsysctl cat /proc/version
Linux version 2.4.37 (root@build) #1 Mon Dec  4 20:51:05 UTC 2017
-check running daemon
# fnsysctl ls /var/run
alertmail.pid       authd.pid           bgpd.pid
cmdbsvr.pid         cw_acd.pid          daemon.pid
dhcpd.pid           dnsproxy.pid        eap_proxy.pid
fclicense.pid       fcnacd.pid          fgfmd.pid
fnbamd.pid          foauthd.pid         forticldd.pid
forticron.pid       fsvrd.pid           httpclid.pid
httpd.pid           iked.pid            imi.pid
init.pid            ipsengine.pid       ipsmonitor.pid
isisd.pid           kmiglogd.pid        merged_daemons.pid
miglogd000.pid      miglogd001.pid      nsm.pid
ntpd.pid            ospf6d.pid          ospfd.pid
pdmd.pid            pim6d.pid           pimd.pid
pyfcgid.pid         ripd.pid            ripngd.pid
snmpd.pid           sshd.pid            stpd.pid
telnetd.pid         updated.pid         uploadd.pid
wpad.pid            zebos_launcher.pid
-check running PID
# fnsysctl ps
PID       UID     GID     STATE   CMD
1         0       0       S       /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2         0       0       S       [keventd]
3         0       0       S       [ksoftirqd_CPU0]
4         0       0       S       [kswapd]
5         0       0       S       [bdflush]
6         0       0       S       [kupdated]
7         0       0       S       [memoryd]
8         0       0       S       [khubd]
12        0       0       S       [usb-storage-0]
13        0       0       S       [scsi_eh_0]
31        0       0       S       [mvl_link]
32        0       0       S       /bin/cmdbsvr
38        0       0       S       /bin/zebos_launcher
39        0       0       S       /bin/nsm -L 2
40        0       0       S       /bin/ripd -L 2
41        0       0       S       /bin/ripngd -L 2
42        0       0       S       /bin/ospfd -L 3
43        0       0       S       /bin/ospf6d -L 2
44        0       0       S       /bin/bgpd -L 3
45        0       0       S       /bin/isisd -L 2
46        0       0       S       /bin/pimd -L 2
47        0       0       S       /bin/pim6d -L 2
48        0       0       S       /bin/pdmd -L 2
49        0       0       S       /bin/imi -L 2
50        0       0       S       /bin/uploadd
51        0       0       S       /bin/miglogd
52        0       0       S       /bin/kmiglogd
53        0       0       S       /bin/httpsd
55        0       0       S       /bin/getty
56        0       0       S       /bin/ipsmonitor
59        0       0       S       /bin/merged_daemons
60        0       0       S       /bin/fnbamd
61        0       0       S       /bin/fclicense
62        0       0       S       /bin/ipshelper
63        0       0       S       /bin/forticron
64        0       0       S       /bin/forticldd
65        0       0       S       /bin/authd
66        0       0       S       /bin/foauthd
67        0       0       S       /bin/httpclid
68        0       0       S       /bin/iked
69        0       0       S       /bin/updated
70        0       0       S       /bin/snmpd
71        0       0       S       /bin/dhcpd
72        0       0       S       /bin/miglogd 1
73        0       0       S       /bin/ntpd
74        0       0       S       /bin/sshd
75        0       0       S       /bin/telnetd
78        0       0       S       /bin/alertmail
79        0       0       S       /bin/dnsproxy
80        0       0       S       /bin/eap_proxy
81        0       0       S       /bin/fgfmd
82        0       0       S       /bin/cw_acd
83        0       0       S       /bin/wpad_ac
84        0       0       S       /bin/stpd
85        0       0       S       /bin/fsvrd
87        0       0       S       /bin/fcnacd
92        0       0       S       /bin/httpsd
93        0       0       S       /bin/httpsd
94        0       0       S       /bin/httpsd
510       0       0       S       /bin/pyfcgid
512       0       0       S       /bin/pyfcgid
513       0       0       S       /bin/pyfcgid
514       0       0       S       /bin/pyfcgid
553       0       0       S       /bin/sshd
554       0       0       S       /bin/newcli
556       0       0       R       ps

-you can use diag to check 100 the most 100 top resources with 25s delay, but the list not as comprehensive as “fnsysctl ps” above
# diag sys top 25 100
Run Time:  0 days, 8 hours and 15 minutes
0U, 0N, 0S, 100I; 499T, 253F
         pyfcgid      510      S       0.0     5.1
         pyfcgid      512      S       0.0     5.0
         pyfcgid      513      S       0.0     5.0
         pyfcgid      514      S       0.0     5.0
         cmdbsvr       32      S       0.0     5.0
          httpsd       94      S       0.0     4.7
          httpsd       93      S       0.0     4.7
          httpsd       53      S       0.0     4.1
          cw_acd       82      S       0.0     4.0
          httpsd       92      S       0.0     3.9
       forticron       63      S       0.0     3.3
         miglogd       51      S       0.0     3.3
          newcli      560      R       0.0     3.1
          newcli      554      S       0.0     3.1
           fgfmd       81      S       0.0     3.0
       ipshelper       62      S <     0.0     2.5
          fcnacd       87      S       0.0     2.4
           authd       65      S       0.0     2.3
            iked       68      S       0.0     2.2
       eap_proxy       80      S       0.0     2.2

-for example we want to check dhcp PID
# fnsysctl more /var/run/dhcpd.pid
71
-to kill dhcpd
# diag sys kill 9 71
or
# fnsysctl kill -9 71
-to disable dhcpd service
# config sys dhcp server
# edit 1
# set status dis
-to enable back
# set status ena

HP:

Juniper:
> show system processes extensive
last pid: 16727; load averages: 22.24, 22.19, 22.15 up 0+17:39:34 01:26:10
265 processes: 28 running, 215 sleeping, 1 zombie, 21 waiting
Mem: 970M Active, 128M Inact, 147M Wired, 230M Cache, 112M Buf, 386M Free
> start shell
% top
   last pid: 37244; load averages: 0.04, 0.03, 0.00 up 16+16:18:49 09:19:44 52 processes:    1 running, 51 sleeping, , 1 zombie, 21 waiting
   CPU states: 2.5% user, 0.0% nice, 0.6% system, 0.3% interrupt, 96.6% idle Mem: 429M     Active, 69M Inact, 59M Wired, 165M Cache, 110M Buf, 258M Free
If the PID is identified from CLI, or the top command
% ps aux | grep –Wz
Pid=16396
Pid=13256
-to kill target PID
# kill -9 16396

Mikrotik:

PaloAlto:
Sangfor:

SonicWall:

Sophos:

Firewall/Router Attack – BlackNurse

SOURCE: blacknurse.dk

This BlackNurse attack will causing high CPU on target device

REQUIREMENT:

-Kali linux

Attack (flood better)
# hping3 -1 -C 3 -K 3 -i u20

# hping3 -1 -C 3 -K 3 –flood

RESULTS:
-Mikrotik v6.37.1 CPU utilization before attack 4%, after attack 44%
-Fortigate 5.2 CPU utilization before attack idle 99%, after attack idle 70%

This attack only from 1 source. Could be more damage if I am using more attack sources

LIST OF REPORTED AFFECTED PRODUCTS :
-Cisco ASA 5505, 5506, 5515, 5525 , 5540 (default settings)
-Cisco 6500 routers with SUP2T and Netflow v9 on the inbound interface – 100% CPU load
-Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
-Cisco Router 897 – Can be mitigated – The current code from https://www.cymru.com/Documents/secure-ios-template.html will make evil worse.
-Fortinet v5.4.1 – One CPU consumed
-Fortigate units 60c and 100D (even with drop ICMP on) – RESPONSE FROM FORTINET
-Some unverified Palo Alto – SEE ANSWER FROM PALO ALTO
-Palo Alto 5050 Firewalls with firmware 7.1.4-h2
-SonicWall – Misconfiguration can be changed and mitigated (Enable Anti-DDOS)
-Zyxel NWA3560-N (Wireless attack from LAN Side)

-Zyxel Zywall USG50

NOT AFFECTED:
-AVM Fritz!Box 7360 (common ADSl router in Germany)
-Check Point Security Gateways – Checkpoint response!
-Cisco ISR4321 Router IOS XE – Version 15.5(3)S2, RELEASE SOFTWARE (fc2)
-GigaVUE HC-Serie (Gigamon)
-Iptables
-Juniper SRX
-Mikrotik CCR1036-12G-4S firmware: 3.27 (250 Mbit/sek) and no problem && RouterOS 5.4 on Mikrotik RB750
-OpenBSD 6.0 and current
-pfSense
-Ubiquiti Networks – EdgeRouter Lite CPU 60-70% load but still going
-Windows Firewalls

How to disable SIP ALG

SOURCE:
http://www.voip-info.org/wiki/view/Routers+SIP+ALG

Many of today’s commercial routers implement SIP ALG (Application-level gateway), coming with this feature enabled by default. While ALG could help in solving NAT related problems, the fact is that many routers’ ALG implementations are wrong and break SIP.

CheckPoint
login to Smart Dashboard
click Smart Defence tab
expand Application Intelligence
expand VoIP
disable all features on H.323

Cisco
(config)# no ip nat service sip tcp port 5060
(config)# no ip nat service sip udp port 5060

ASA
(config)# policy-map global_policy
(config)# no inspect sip

Cyberoam
> cyberoam system_modules sip unload

D-Link
Open a browser and enter the router’s IP address in the address bar. Go to “Firewall Settings” under the “Advanced” item.
Uncheck the box to disable SPI – usually, directly below this item are options for “NAT Endpoint Filtering” that must be changed to “Endpoint Independent” for both TCP and UDP.
Next, find the “Application Level Gateway (ALG) Configuration” area and uncheck the box for SIP.
Save these settings and reboot the device if requested

FortiGate
disable SIP ALG
# config system settings
# set sip-helper disable
# set sip-nat-trace disable
# end
verify
# show full-configuration system settings
delete sip
# config system session-helper
(session-helper) # show
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 13
set name sip
set protocol 17
set port 5060
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
(session-helper) # delete 13
(session-helper) # end

Juniper
https://kb.juniper.net/InfoCenter/index?page=content&id=KB7078&actp=search
# set security alg sip disable
# commit and quit

Mikrotik
> ip firewall service-port set sip disabled=yes

Netgear
From Wan Setup Menu, NAT Filtering, uncheck the box next to “Disable SIP ALG”

PaloAlto
https://live.paloaltonetworks.com/t5/Configuration-Articles/How-to-Disable-SIP-ALG/ta-p/60637
# set shared alg-override application sip alg-disabled yes

Peplink
go to http://<router.LAN.IP>/cgi-bin/MANGA/support.cgi
Click the “Disable” button under “SIP ALG Support”

SonicWall
in GUI, go to VOIP>Settings>General Settings
tick Enable consistent NAT
untick Enable SIP Transformations

SpeedTouch
telnet router
> connection unbind application=SIP port=5060
> saveall

Zyxel
telnet router
Menu option “24. System Maintenance”.
Menu option “8. Command Interpreter Mode”.
ip nat service sip active 0

PaloAlto UNL Basic config

20160809 22.09.jpg

NOTE:
-make sure all nics in UNL vm using vmxnet3 and not e1000
-I feel PA6.1 is more stable than PA7.0.1
-I don’t have URL Filtering license, so I can’t test blocking website

-set PA mgmt nic ip to 192.168.1.1
> configure
# set deviceconfig system ip-address 192.168.1.1 netmask 255.255.255.0
# commit

PC1:
MGMT NIC
   ip 192.168.1.10/24
LAN NIC
   ip 10.0.0.10/24
   gw 10.0.0.1
-open PC1 browser and go to https://192.168.1.1
L: admin
P: admin

set Device/Management section
Image.png

-set Service Route Configuration
Image.png

-set Network/Network Profiles/Interface Mgmt
Image.png

-set Network/Zones
Image.png

-set Network/Interfaces
Image.png

-set Network/DHCP

Image.png

-set Objects/Addresses

Image.png

-set Policies/Security

Image.png

-set Policies/NAT

14cf68d6570787bcc52ed77bbd863a68

-click Commit
-click Save
Now you can test whether you can surfing from PC1

Blocking Browsec Chrome Extension

Browsec is VPN extension similar to ZenMate

CheckPoint:
Image.png

Cisco ASA:

Cyberoam:

Fortigate:

Juniper:

Mikrotik:

/ip firewall address-list
add address=12.12.12.0/24 list=LAN
/ip firewall layer7-protocol
add name=browsec regexp=”^.+(postls.com).*\$”
/ip firewall filter

add action=drop chain=forward layer7-protocol=browsec src-address-list=LAN

PaloAlto:

SonicWall:

Blocking Telegram

Telegram is like WhatsApp that can be downloaded here

https://telegram.org

CheckPoint:
Image.png

Cisco ASA:

interface Ethernet0
 nameif outside
 security-level 0
 ip address dhcp
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 12.12.12.1 255.255.255.0
clock timezone gmt 7
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 8.8.8.8
 name-server 8.8.4.4
object network PAT
 subnet 12.12.12.0 255.255.255.0
object network telegram1
 subnet 91.108.4.0 255.255.252.0
object network telegram2
 subnet 91.108.56.0 255.255.252.0
object network telegram3
 subnet 149.154.160.0 255.255.252.0
object network telegram4
 subnet 149.154.164.0 255.255.252.0
object network telegram5
 subnet 149.154.168.0 255.255.252.0
object network telegram6
 subnet 149.154.172.0 255.255.252.0
object-group network objgrp-telegram
 network-object object telegram1
 network-object object telegram2
 network-object object telegram3
 network-object object telegram4
 network-object object telegram5
 network-object object telegram6
access-list LAN extended permit ip any any
access-list acl-telegram extended deny ip any object-group objgrp-telegram
access-list ping extended permit icmp any interface outside
access-list ping extended permit icmp any interface inside
access-list outside_access_out extended deny ip any object-group objgrp-telegram
access-list outside_access_out extended permit ip any any
object network PAT
 nat (inside,outside) dynamic interface
access-group outside_access_out out interface outside
access-group LAN in interface inside
route outside 0.0.0.0 0.0.0.0 10.0.10.1 1
user-identity default-domain LOCAL
http server enable
http 10.0.10.0 255.255.255.0 outside
http 12.12.12.0 255.255.255.0 inside
ntp server 180.211.88.211
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect icmp error

 

FortiGate:
config system interface
    edit “port1”
        set vdom “root”
        set mode dhcp
        set allowaccess ping https ssh http fgfm
        set type physical
        set snmp-index 1
    next
    edit “port2”
        set vdom “root”
        set ip 12.12.12.1 255.255.255.0
        set allowaccess ping https ssh fgfm
        set type physical
        set snmp-index 2
    next
end
config firewall policy
    edit 1
        set name “PAT”
        set uuid 170d4c60-0d49-51e6-102b-cc84e02a9dfb
        set srcintf “port2”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “all”
        set action accept
        set schedule “always”
        set service “ALL”
        set nat enable
    next
    edit 2
        set name “telegram”
        set uuid 0b2d9320-0d5b-51e6-ce90-307685813f39
        set srcintf “port2”
        set dstintf “port1”
        set srcaddr “all”
        set dstaddr “telegramgroup”
        set schedule “always”
        set service “HTTP” “HTTPS”
        set logtraffic all
    next
end
config firewall address
    edit “telegram”
        set uuid 532c2ac0-0d5a-51e6-754f-62c1c2f11af6
        set subnet 91.108.4.0 255.255.252.0
    next
    edit “telegram2”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 91.108.56.0 255.255.252.0
    next
    edit “telegram3”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.160.0 255.255.252.0
    next
    edit “telegram4”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.164.0 255.255.252.0
    next
    edit “telegram5”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.168.0 255.255.252.0
    next
    edit “telegram6”
        set uuid a0149520-0d5a-51e6-b083-9fda96570787
        set subnet 149.154.172.0 255.255.252.0
    next
end
config firewall addrgrp
    edit “telegramgroup”
        set uuid 72081cc0-0d5e-51e6-f4e3-e05511d7c552
        set member “telegram” “telegram2” “telegram3” “telegram4” “telegram5” “telegram6”
    next

end

Juniper:

# show
version 12.1X46-D10.2;
system {
    host-name SRX1;
    root-authentication {
        encrypted-password “$1$htJmWkYL$Dij6D2dwMvBOvSm64mJVt0”; ## SECRET-DATA
    }
    name-server {
        8.8.8.8;
        8.8.4.4;
    }
    services {
        ssh;
        web-management {
            http {
                interface ge-0/0/0.0;
            }
        }
    }
    syslog {
        file messages {
            any any;
        }
    }
    license {
        autoupdate {
        }
    }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input BLOCK-TELEGRAM;
                }
                dhcp;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 12.12.12.1/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop 10.0.10.1;
    }
}
policy-options {
    prefix-list ADDRESSLIST-TELEGRAM {
        91.108.4.0/22;
        91.108.56.0/22;
        149.154.160.0/22;
        149.154.164.0/22;
        149.154.168.0/22;
        149.154.172.0/22;
    }
}
security {
    screen {
        ids-option untrust-screen {
            icmp {
                ping-death;
            }
            ip {
                source-route-option;
                tear-drop;
            }
            tcp {
                syn-flood {
                    alarm-threshold 1024;
                    attack-threshold 200;
                    source-threshold 1024;
                    destination-threshold 2048;
                    queue-size 2000; ## Warning: ‘queue-size’ is deprecated
                    timeout 20;
                }
                land;
            }
        }
    }
    nat {
        source {
            rule-set PAT {
                from zone trust;
                to zone untrust;
                rule PAT {
                    match {
                        source-address 0.0.0.0/0;
                        destination-address 0.0.0.0/0;
                    }
                    then {
                        source-nat {
                            interface;
                        }
                    }
                }
            }
        }
    }
    policies {
        from-zone trust to-zone trust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy default-permit {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone untrust to-zone trust {
            policy default-deny {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    deny;
                }
            }
        }
    }
    zones {
        security-zone trust {
            tcp-rst;
            interfaces {
                ge-0/0/1.0;
            }
        }
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcp;
                        }
                    }
                }
            }
        }
    }
}
firewall {
    filter BLOCK-TELEGRAM {
        term LIST-TELEGRAM {
            from {
                source-prefix-list {
                    ADDRESSLIST-TELEGRAM;
                }
            }
            then {
                discard;
            }
        }
        term ALLOW-REST {
            then accept;
        }
    }
}

 

Mikrotik:
/ip firewall address-list
add address=12.12.12.0/24 list=LAN
add address=149.154.160.0/22 list=telegram
add address=149.154.164.0 /22 list=telegram
add address=149.154.168.0 /22 list=telegram
add address=149.154.172.0 /22 list=telegram
add address=91.108.4.0/22 list=telegram
add address=91.108.56.0/22 list=telegram
/ip firewall filter
add action=drop chain=forward dst-address-list=telegram src-address-list=LAN

PaloAlto:

SonicWall:

Blocking ZenMate

CheckPoint:
Image.png

Cisco ASA:

(config)# object-group network zenmate
(config)# network-object host 78.137.98.120
(config)# network-object host 78.137.98.123
(config)# network-object host 162.159.244.96
(config)# network-object host 162.159.245.96
(config)# network-object host 207.244.77.22
(config)# network-object host 103.10.197.146
(config)# network-object host 46.165.220.211
(config)# network-object host 81.17.26.242
(config)# network-object host 149.3.140.250

(config)# access-list acl-inside extended deny ip any object-group zenmate

Cyberoam:

FortiGate:

Juniper:

Mikrotik:
# export
/ip firewall address-list
add address=12.12.12.0/24 list=LAN
/ip firewall layer7-protocol
add name=zenmate regexp=”^.+(zenguard.biz|zenmate.io|zenguard.zendesk.com|zendesk.com|zenguard.org).*\$”
/ip firewall filter

add action=drop chain=forward disabled=yes layer7-protocol=zenmate src-address-list=LAN

PaloAlto:

SonicWall:

Eve-NG Installation on ESXi

ESXi:
-check your CPU support virtualization
http://ark.intel.com/Products/VirtualizationTechnology

-check your hardware support virtualization
# esxcfg-info |grep “HV Support”
|—-HV Support……………………………………..3
|—-World Command Line……………………………grep HV Support
0 – VT/AMD-V indicates that support is not available for this hardware.
1 – VT/AMD-V indicates that VT or AMD-V might be available but it is not supported for this hardware.
2 – VT/AMD-V indicates that VT or AMD-V is available but is currently not enabled in the BIOS.
3 – VT/AMD-V indicates that VT or AMD-V is enabled in the BIOS and can be used.

-Edit the VM settings and go to VM settings > Options > CPUID mask > Advanced > Level 1, add the following CPU mask level
ECX —- —- —- —- —- —- –H- —-
NOTE: do above only if all else failed

-Edit the VM settings and go to VM settings > Options > CPU/MMU
Virtualization . Select
“Use Intel VT-x/AMD-V for instruction set virtualization and Intel EPT/AMD RVI for MMU virtualization”
Image

-vm hardware version must be version 9 or above
# vim-cmd vmsvc/getallvms
# vim-cmd vmsvc/upgrade unetlab-vmid vmx-09

-modify /etc/vmware/config
add in the last line then  logout and relogin from web gui
vhv.enable = “TRUE”
or better
modify /vmfs/volume/datastore1/UnetLab/UnetLab.vmx
add to the last line
vhv.enable = “TRUE”

-should show “nestedHVSupported true”
# vim-cmd vmsvc/get.capability 8

-test in ubuntu
# egrep -c ‘(vmx|svm)’ /proc/cpuinfo
the output should be 8

-to reconfigure network
# rm -f /opt/ovf/.configured
# exit
and login back

-if sometime you can’t login Web GUI, try this
# /etc/init.d/apache2 restart

Download Unetlab from: http://www.eve-ng.net/index.php/downloads

-check current version
# dpkg -l eve-ng
ii  eve-ng         2.0.3-53     amd64        A new generation software for net
# apt autoremove (answer Y)
# apt-get update
# apt-get install eve-ng
# apt-get dist-upgrade (answer Y)
# reboot ( if previous version < V84 )
-check new version
# dpkg -l eve-ng
ii  eve-ng         2.0.3-60     amd64        A new generation software for net

-to check what version are you running and what version is the freshest one
# cat /etc/apt/sources.list.d/unetlab.list
deb http://www.unetlab.com/apt trusty rrlabs
# apt-cache policy unetlab
unetlab:
Installed: 0.9.0-96
Candidate: 0.9.0-96
Version table:
*** 0.9.0-96 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
100 /var/lib/dpkg/status
0.9.0-94 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-92 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-88 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-76 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-70 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-68 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages
0.9.0-54 0
500 http://www.unetlab.com/apt/ trusty/rrlabs amd64 Packages

-Below is the reference node in UNL: “/opt/unetlab/html/includes/init.php”
‘a10’ => ‘A10 vThunder’,
‘osx’ => ‘Apple OSX’,
‘clearpass’ => ‘Aruba ClearPass’,
‘aruba’ => ‘Aruba WiFi Controller’,
‘veos’ => ‘Arista vEOS’,
‘barracuda’ => ‘Barraccuda NGIPS’,
‘brocadevadx’ => ‘Brocade vADX’,
‘cpsg’ => ‘CheckPoint Security Gateway VE’,
//’docker’ => ‘Docker.io’,
‘acs’ => ‘Cisco ACS’,
‘ampcloud’ => ‘Cisco AMP Cloud’,
‘asa’ => ‘Cisco ASA’,
‘asav’ => ‘Cisco ASAv’,
‘cda’ => ‘Cisco Context Directory Agent’,
‘csr1000v’ => ‘Cisco CSR 1000V’,
‘csr1000vng’ => ‘Cisco CSR 1000V (Denali and Everest)’,
‘cips’ => ‘Cisco IPS’,
‘cucm’ => ‘Cisco CUCM’,
‘ise’ => ‘Cisco ISE’,
‘c1710’ => ‘Cisco IOS 1710 (Dynamips)’,
‘c3725’ => ‘Cisco IOS 3725 (Dynamips)’,
‘c7200’ => ‘Cisco IOS 7206VXR (Dynamips)’,
‘iol’ => ‘Cisco IOL’,
‘titanium’ => ‘Cisco NX-OSv (Titanium)’,
‘nxosv9k’ => ‘Cisco NX-OSv 9K’,
‘firepower’ => ‘Cisco FirePower’,
‘firepower6’ => ‘Cisco FirePower 6′,
//’ucspe’ => ‘Cisco UCS-PE’,
‘vios’ => ‘Cisco vIOS’,
‘viosl2’ => ‘Cisco vIOS L2’,
‘vnam’ => ‘Cisco vNAM’,
‘vwlc’ => ‘Cisco vWLC’,
‘vwaas’ => ‘Cisco vWAAS’,
‘prime’ => ‘Cisco Prime Infra’,
‘phoebe’ => ‘Cisco Email Security Appliance (ESA)’,
‘coeus’ => ‘Cisco Web Security Appliance (WSA)’,
‘xrv’ => ‘Cisco XRv’,
‘xrv9k’ => ‘Cisco XRv 9000’,
‘nsvpx’ => ‘Citrix Netscaler’,
‘sonicwall’ => ‘Dell SonicWall’,
‘cumulus’ => ‘Cumulus VX’,
‘extremexos’ => ‘ExtremeXOS’,
‘bigip’ => ‘F5 BIG-IP LTM VE’,
‘fortinet’ => ‘Fortinet FortiGate’,
‘huaweiusg6kv’ => ‘Huawei USG6000v’,
‘hpvsr’ => ‘HP VSR1000’,
‘jspace’ => ‘Junos Space’,
‘olive’ => ‘Juniper Olive’,
‘vmx’ => ‘Juniper vMX’,
‘vmxvcp’ => ‘Juniper vMX VCP’,
‘vmxvfp’ => ‘Juniper vMX VFP’,
‘vsrx’ => ‘Juniper vSRX’,
‘vsrxng’ => ‘Juniper vSRX NextGen’,
‘vqfxre’ => ‘Juniper vQFX RE’,
‘vqfxpfe’ => ‘Juniper vQFX PFE’,
‘junipervrr’ => ‘Juniper RR’,
‘linux’ => ‘Linux’,
‘mikrotik’ => ‘MikroTik RouterOS’,
‘timos’ => ‘Nokia 7750 VSR-I’,
‘timoscpm’ => ‘Nokia 7750 CPM’,
‘timosiom’ => ‘Nokia 7750 IOM’,
‘ostinato’ => ‘Ostinato’,
‘paloalto’ => ‘Palo Alto VM-100 Firewall’,
‘pfsense’ => ‘pfSense Firewall’,
‘alteon’ => ‘Radware AlteonVA’,
‘riverbed’ => ‘Riverbed’,
‘sterra’ => ‘S-Terra’,
‘vyos’ => ‘VyOS’,
‘esxi’ => ‘VMWare ESXi’,
‘vcenter’ => ‘VMWare vCenter’,
‘win’ => ‘Windows’,
‘winserver’ => ‘Windows Server’,
‘vpcs’ => ‘Virtual PC (VPCS)’

Qemu folder name EVE Vendor Qemu image .qcow2 name
a10- A10-vthunder hda
osx- Apple OSX
clearpass- Aruba ClearPass hda
aruba- Aruba WiFi Controller hda, hdb
veos Arista vEOS hda, cdrom.iso
barracuda- Barraccuda NGIPS hda
brocadevadx- Brocade vADX virtioa
cpsg- CheckPoint Security Gateway VE hda
docker- Docker.io
acs- Cisco ACS hda
ampcloud Cisco AMP Cloud
asa- Cisco ASA hda
asav- Cisco ASAv virtioa
cda- Cisco Context Directory Agent hda
csr1000v- Cisco CSR 1000v virtioa
csr1000vng- Cisco CSR 1000v (Denali and Everest) virtioa
cips- Cisco IPS hda, hdb
cucm- Cisco CUCM virtioa
ise- Cisco ISE hda
titanium- Cisco NX-OSv (Titanium) virtioa
nxosv9k- Cisco NX-OSv 9k hda
firepower- Cisco FirePower scsia
firepower6- Cisco FirePower 6 hda
ucspe Cisco UCS-PE
vios- Cisco vIOS virtioa
viosl2- Cisco vIOS L2 virtioa
vnam- Cisco vNAM hda
vwlc- Cisco vWLC megasasa
vwaas- Cisco vWAAS virtioa
prime- Cisco Prime Infra
phoebe- Cisco Email Security Appliance (ESA) hda
coeus- Cisco Web Security Appliance (WSA) virtioa
xrv- Cisco XRv hda
xrv9k- Cisco XRv 9000 virtioa
nsvpx- Citrix Netscaler virtioa
sonicwall- DELL Sonicwall hda
cumulus- Cumulus VX hda
extremexos- ExtremeOS hda
bigip- F5 BIG-IP LTM VE hda, hdb
fortinet- Fortinet FW virtioa
fortinet- Fortinet SGT virtioa
fortinet- Fortinet mail virtioa, virtiob
fortinet- Fortinet manager virtioa
huaweiusg6kv Huawei USG6000v
hpvsr- HP VSR1000 hda
jspace- Junos Space hda
olive- Juniper Olive hda
vmx- Juniper vMX hda
vmxvcp- Juniper vMXVCP hda, hdb, hdc
vmxvfp- Juniper vMXVFP hda
vsrx- Juniper vSRX virtioa
vsrxng- Juniper vSRX NextGen hda
vqfxre- Juniper vQFXRE hda
vqfxpfe- Juniper vQFXPFE hda
junipervrr Juniper RR
linux- Linux hda
mikrotik- MikroTik RouterOS hda
timos- Nokia 7750 VSR-I hda
timoscpm- Nokia 7750 CPM
timosiom- Nokia 7750 IOM
ostinato- Ostinato traffic generator hda
paloalto- Palo Alto VM-100 Firewall virtioa
pfsense- pfSense Firewall hda
alteon- Radware AlteonVA virtioa
riverbed- Riverbed virtioa, virtiob
sterra- S-terra VPN hda
vyos- VyOS virtioa
esxi- VMWare ESXi
vcenter- VMWare Vcenter
win- Windows hda
winserver- Windows Server hda
vpcs Virtual PC (VPCS)

-to install ios image
scp c1710-bk9no3r2sy-mz.124-23.bin, c3725-adventerprisek9-mz.124-15.T14.bin and c7200-adventerprisek9-mz.152-4.S6.bin to /opt/unetlab/addons/dynamips
# cd /opt/unetlab/addons/dynamips
# unzip c1710-bk9no3r2sy-mz.124-23.bin
# unzip c3725-adventerprisek9-mz.124-15.T14.bin
# unzip c7200-adventerprisek9-mz.152-4.S6.bin
# mv C1710-BK.BIN c1710-bk9no3r2sy-mz.124-23.image
# mv C3725-AD.BIN c3725-adventerprisek9-mz.124-15.T14.image
# mv C7200-AD.BIN c7200-adventerprisek9-mz.152-4.S6.image
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install asa
# mkdir -p /opt/unetlab/addons/qemu/asa-8.42
scp ASA-8.42.vmdk and ASA-8.42-0.vmdk into /opt/unetlab/addons/qemu/asa-8.42
# cd /opt/unetlab/addons/qemu/asa-8.42
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ASA-8.42-0.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create two asa node with ram 1024mb
ASA1
# conf t
(config)# hostname asa1
(config)# int e0
(config-if)# ip add 10.0.0.101 255.255.255.0
(config-if)# nameif outside
(config-if)# no sh
ASA2
# conf t
(config)# hostname asa2
(config)# int e0
(config-if)# ip add 10.0.0.102 255.255.255.0
(config-if)# nameif outside
(config-if)# no sh
(config-if)# end
# ping 10.0.0.101# mkdir -p /opt/unetlab/addons/qemu/asa-9.15
scp hda.qcow2 and hdb.qcow2 into /opt/unetlab/addons/qemu/asa-9.15
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE:
Forum said only asa-9.15 can do Active/Active

-to install a10
# mkdir -p /opt/unetlab/addons/qemu/a10-4.0.1
# scp vThunder-4.0.1.ova into /opt/unetlab/addons/qemu/a10-4.0.1
# cd  /opt/unetlab/addons/qemu/a10-4.0.1
# tar xf vThunder-4.0.1.ova
# # /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vThunder-4.0.1-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

 -to install acs
download acs-5.7.0.15.iso
create acs vm in ESXi with 4GB RAM, 2x CPU core, 40GB thin disk, OS Other Linux 64bit
boot acs vm and attach acs-5.7.0.15.iso
Image
after install, reboot and remove detach acs.iso
login: setup
Enter hostname[]: acs
Enter IP address: 10.0.20.86
Enter IP netmask[]: 255.255.255.0
Enter IP default gateway[]: 10.0.20.1
Enter default DNS domain[]: poc.com
Enter primary nameserver[]: 8.8.8.8
Add seconday nameserver? Y/N [N}:
Enter NTP server[time.nist.gov]:
Add another NTP server? Y/N [N]:
Enter system timezone[UTC]: GMT
Enable SSH service? Y/N [N]: y
Enter username[admin]:
Enter password:
Enter password again:shutdown acs vm
ssh as root to unetlab
# mkdir -p /opt/unetlab/addons/qemu/acs-5.7.0.15
ssh as root into ESXi
# cd /vmfs/volume/datastore1/acs
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/acs-5.7.0.15
switch to unetlab
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 acs.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
-to install asav
# mkdir -p /opt/unetlab/addons/qemu/asav-932-200
scp asav932-200.qcow2 into /opt/unetlab/addons/qemu/asav-932-200
# cd /opt/unetlab/addons/qemu/asav-932-200
# cp -p asav932-200.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
create asav lab
Make sure console is vnc in unl file.
# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install Aruba CX
# mkdir /opt/unetlab/addons/qemu/aruba-cx-10_02
scp ArubaOS-CX_10_02_0010_ova.zip into /tmp
# cd /tmp
# unzip ArubaOS-CX_10_02_0010_ova.zip
# tar xf ArubaOS-CX_10_02_0010.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 arubaoscx-disk-image-genericx86-p4-20190129201401.vmdk /opt/unetlab/addons/qemu/aruba-cx-10_02/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Wipe before Start node
L: admin
P:

-to install Aruba MM
# mkdir /opt/unetlab/addons/qemu/aruba-mm-8.2.0.2
scp ArubaOS_MM_8.2.0.2_62929.ova into /tmp
# cd /tmp
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_MM_8.2.0.2_62929-disk1.vmdk /opt/unetlab/addons/qemu/aruba-mm-8.2.0.2 /hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_MM_8.2.0.2_62929-disk2.vmdk /opt/unetlab/addons/qemu/aruba-mm-8.2.0.2 /hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
-set 6GB RAM and 3 CPU minimum. NICs must be 3 before turn on

-to install aruba vmc
# mkdir -p /opt/unetlab/addons/qemu/aruba-vmc-8.2.0.2
scp ArubaOS_VMC_8.2.0.2_62929.tar into /tmp
# tar xf ArubaOS_VMC_8.2.0.2_62929.tar
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_VMC_8.2.0.2_62929-disk1.vmdk /opt/unetlab/addons/qemu/aruba-vmc-8.2.0.2/hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 ArubaOS_VMC_8.2.0.2_62929-disk2.vmdk /opt/unetlab/addons/qemu/aruba-vmc-8.2.0.2/hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install bigip-12.0
download BIGIP-12.0.0.1.0.628.LTM.qcow2.zip from
https://downloads.f5.com/esd/serveDownload.jsp?path=/big-ip/big-ip_v12.x/12.0.0/english/virtual-edition_base-plus-hf1/&sw=BIG-IP&pro=big-ip_v12.x&ver=12.0.0&container=Virtual-Edition_Base-Plus-HF1&file=BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# mkdir -p /opt/unetlab/addons/qemu/bigip-12.0/
scp BIGIP-12.0.0.1.0.628.LTM.qcow2.zip into /opt/unetlab/addons/qemu/bigip-12.0/
# cd /opt/unetlab/addons/qemu/bigip-12.0/
# unzip BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# rm BIGIP-12.0.0.1.0.628.LTM.qcow2.zip
# mv BIGIP-12.0.0.1.0.628.LTM.qcow2 hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install brocadevadx
# mkdir -p /opt/unetlab/addons/qemu/brocadevadx-3100
# scp SSR3100ESX_EVAL.zip into /opt/unetlab/addons/qemu/brocadevadx-3100
# cd /opt/unetlab/addons/qemu/brocadevadx-3100
# unzip SSR3100ESX_EVAL.zip
# tar xf SSR03100ESX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 SSR1000ESX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Make sure console is vnc in unl file.
# cat /opt/unetlab/labs/LAB.unl

logout and relogin from web gui

-to install cda
open ESXi and prepare cda vm with minimum spec
OS: Windows 2003, 2008, 2008R2, 2012, 2012R2
Disk Size: 120GB
RAM: 2GB
CPU: 2 virtual core
NIC: 1pc
See p2-2

Click to access cda10.pdf


Download and install cda_1.0.0.011.i386.iso
see p2-12 pdf above
shutdown vm
ssh as root into unetlab
# mkdir -p /opt/unetlab/addons/qemu/cda-1.0
ssh as root into ESXi
# cd /vmfs/volume/datastore1/cda
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/cda-1.0
ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/cda-1.0
# /opt/qemu/bin/qemu-img create -f qcow cda-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cips
# mkdir -p /opt/unetlab/addons/qemu/cips-4240
scp IPS-4240.ova into /opt/unetlab/addons/qemu/cips-4240
# cd /opt/unetlab/addons/qemu/cips-4240
# tar xf IPS-4240.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk1.vmdk hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 IPS-4240-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
when you start cips for first time
L: cisco
P: cisco

-to install clearpass
scp CPPM-VM-x86_64-6.7.0.101814-ESX-ovf.zip into /tmp
# mkdir -p /opt/unetlab/addons/qemu/clearpass-6.7.0
# cd /tmp
# unzip CPPM-VM-x86_64-6.7.0.101814-ESX-ovf.zip
# cd CPPM-VM-x86_64-6.7.0.101814-ESX
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CPPM-VM-x86_64-6.7.0.101814-ESX-CP-VA-disk1.vmdk /opt/unetlab/addons/qemu/clearpass-6.7.0/hda.qcow2
# cd /opt/unetlab/addons/qemu/clearpass-6.7.0
# /opt/qemu/bin/qemu-img create -f raw hdb.qcow2 80G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cnMaestro
download cnMaestro on-premise
https://www.cambiumnetworks.com/products/management/cnmaestro/
# mkdir -p /opt/unetlab/addons/qemu/linux-cnmaestro
scp cnmaestro-on-premises_2.1.0-r22_amd64.ova /opt/unetlab/addons/qemu/linux-cnmaestro
# cd /opt/unetlab/addons/qemu/linux-cnmaestro
# tar xvf cnmaestro-on-premises_2.1.0-r22_amd64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cnmaestro-on-premises_2.1.0-r22_amd64-disk1.vmdk qcow2 hda.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cnmaestro-on-premises_2.1.0-r22_amd64-disk2.vmdk hdb.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-9.0.0.324
scp coeus-9-0-0-324-S100V.zip into /opt/unetlab/addons/qemu/coeus-9.0.0.324
# cd /opt/unetlab/addons/qemu/coeus-9.0.0.324
# unzip coeus-9-0-0-324-S100V.zip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
change
$p[‘console’] = ‘telnet’;
to
$p[‘console’] = ‘vnc’;

-to install cpsg
download CheckPoint GAIA R77-30 iso
create cpsg-r7730 vm in ESXI with 30GB HD, 2GB RAM, 4 nics and Other Linux 64bit
1. Install Gaia on this system
press Enter
2. Keyboard Selection
click US and OK
3. Partitions Configuration
click OK
4. Account Configuration
Password:
Confirm:
click OK
5. Management Port
choose your manament nic
click OK
6. Management Interface (eth0)
IP address:
Netmask:
Default gateway:
click OK
7. Confirmation
click OK
Shutdown vm and export as ova
# mkdir -p /opt/unetlab/addons/qemu/cpsg-r7730
scp cpsg-r7730.ova into /opt/unetlab/addons/qemu/cpsg-r7730
# tar xf cpsg-r7730.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 cpsg-r7730-disk1.vmdk hda.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install csr
# mkdir -p /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
scp csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova into /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# cd /opt/unetlab/addons/qemu/csr1000v-universalk9.03.14.00.S.155-1.S
# tar xf csr1000v-universalk9.03.14.01.S.155-1.S1-std.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 csr1000v_harddisk.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install cumulus
Download Cumulus VX for VMware from https://cumulusnetworks.com/cumulus-vx/download/
# mkdir -p /opt/unetlab/addons/qemu/cumulus-2.5.3
scp CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova /opt/unetlab/addons/qemu/cumulus-2.5.3
# cd /opt/unetlab/addons/qemu/cumulus-2.5.3
# tar xf CumulusVX-2.5.3-4eb681f3df86c478.vmware.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 CumulusVX-2.5.3-4eb681f3df86c478-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install extremexos
# mkdir -p /opt/unetlab/addons/qemu/extremexos-15.3.2.11
scp extremexosvm.zip /opt/unetlab/addons/qemu/extremexos-15.3.2.11
# cd /opt/unetlab/addons/qemu/extremexos-15.3.2.11
# unzip extremexosvm.zip
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “EXOS_VM_15.3.2.11 sw1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install linux cyberoam
# cp linux-cyberoam.tar /opt/unetlab/addons/qemu/
# tar xf linux-cyberoam.tar
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Set
CPU: 1
RAM: 1024MB
Ethernet: 3
QEMU Nic: E1000

Console: vnc

-to install fortinet
NOTE:
We must download fortios KVM version not VMware version. The hd name must be virtioa not hda otherwise you will get country error
# mkdir -p /opt/unetlab/addons/qemu/fortinet-5.2.3b670
scp fortios_5-2-3.qcow2 into /opt/unetlab/addons/qemu/fortinet-5.2.3b670
# cd /opt/unetlab/addons/qemu/fortinet-5.2.3b670
# mv fortios_5-2-3.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to add log disk
# cd /opt/unetlab/addons/qemu/fortinet-5.6
create 500MB log disk size
# /opt/qemu/bin/qemu-img create -f raw virtiob.qcow2 500M
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
on FortiGate
# get system status
Version: FortiGate-VM64-KVM v5.6.0,build1449,170330 (GA)
Virus-DB: 1.00123(2015-12-11 13:18)
Extended DB: 1.00000(2012-10-17 15:46)
IPS-DB: 6.00741(2015-12-01 02:30)
IPS-ETDB: 0.00000(2001-01-01 00:00)
APP-DB: 6.00741(2015-12-01 02:30)
INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)
Serial-Number: FGVMEV0000000000
IPS Malicious URL Database: 1.00001(2015-01-01 01:01)
Botnet DB: 1.00000(2012-05-28 22:51)
License Status: Valid
Evaluation License Expires: Sun May  7 05:35:13 2017
VM Resources: 1 CPU/1 allowed, 995 MB RAM/1024 MB allowed
BIOS version: 04000002
Log hard disk: Need format
Hostname: FortiGate-VM64-KVM
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: 1
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 1449
Release Version Information: GA
FortiOS x86-64: Yes
System time: Sat Apr 22 05:46:50 2017
FortiGate-VM64-KVM # execute formatlogdisk
Log disk is /dev/vdb.
Formatting this storage will erase all data on it, including
  logs, quarantine files;
and require the unit to reboot.
Do you want to continue? (y/n)y
FortiGate-VM64-KVM # get hardware status
Model name: FortiGate-VM64-KVM
ASIC version: not available
CPU: QEMU Virtual CPU version 1.0
Number of CPUs: 1
RAM: 995 MB
Compact Flash: 2056 MB /dev/vda
Hard disk: 500 MB /dev/vdb

USB Flash: not available

NOTE:
Fortigate: You cannot create VDOMs, have a throughput limit, have some SSL limitation and has no Subscription signatures for IPS / App Control, AV, Web Filtering and Antispam.
   You cannot try FortiGate HA with trial version because the trial VM has the same S/N of the other and the Cluster could not form
FortiManager / FortiAnalyzer: Limit of log per day or management devices
FortiADC (VM and D series): I believe that latest version only release the GUI after upload the license. The older versions has no limitation.
FortiWeb: There’s no signature update
FortiSandbox: Did not download the Windows VM’s
FortiAuthenticator: Limit the number of users in database

FortiMail: There’s no signature (antivirus) and no antispam (cloud)

-to install hpvsr
Download hpvsr from https://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG811AAE&lang=en&cc=us&prodSeriesId=5443163

# mkdir /opt/unetlab/addons/qemu/hpvsr-1001-CMW710
scp VSR1000_HPE-CMW710-E0325-X64.zip into /tmp
# cd /tmp
# unzip VSR1000_HPE-CMW710-E0325-X64.zip
# tar xf VSR1000_HPE-CMW710-E0325-X64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VSR1000_HPE-CMW710-E0325-X64-disk1.vmdk /opt/unetlab/addons/qemu/hpvsr-1001-CMW710/hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install iol
find in google these 3 files
i86bi_linux-adventerprisek9-ms.154-2.T4
i86bi_linux_l2-adventerprisek9-ms.156-0.9.S
CiscoIOUKeygen.py.zip

copy above files into /opt/unetlab/addons/iol/bin
# cd /opt/unetlab/addons/iol/bin
# mv i86bi_linux-adventerprisek9-ms.154-2.T4 i86bi_linux-adventerprisek9-ms.154-2.T4.bin
# mv i86bi_linux_l2-adventerprisek9-ms.156-0.9.S i86bi_linux_l2-adventerprisek9-ms.156-0.9.S.bin
# unzip CiscoIOUKeygen.py.zip
# python CiscoIOUKeygen.py
# mv iourc.txt iourc
NOTE: don’t use .iourc, otherwise it won’t run

-to import iou lab
SOURCE: http://www.unetlab.com/2015/06/importing-iou-web-labs/
download IOU-WEB from
http://certcollection.org/forum/topic/236548-iou-web-vm-v22-rsv5-ud-compilation-august-2014-new-links/page__hl__%20iou
Download, extract and import v22VMIOU2014 into VMware
Power on the vm and modify its ip address
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=”eth0″
BOOTPROTO=”none”
NM_CONTROLLED=”yes”
ONBOOT=”yes”
TYPE=”Ethernet”
IPADDR=10.0.20.84
PREFIX=24
GATEWAY=10.0.20.1
DEFROUTE=yes
ONBOOT=yes

# service network restart
open web browser and go to http://10.0.10.84
click Downloads/database.sdb
scp database.sdb into unetlab server tmp

login as root into unetlab vm
# apt-get install php5-sqlite sqlite
# cd /opt/unetlab/scripts/
# wget https://raw.githubusercontent.com/dainok/unetlab/master/scripts/import_iou-web.php .
# chmod 755 /opt/unetlab/scripts/import_iou-web.php
# /opt/unetlab/scripts/import_iou-web.php /tmp/database.sdb
All labs will be imported under /opt/unetlab/labs/Imported

NOTE:
IOU assigns DCE/DTE on a per slot basis. Even slots are DTE, Odd slots are DCE

e.g. Slots 0, 2, 4.. = DTE; Slots 1, 3, 5.. = DCE

-to install ise
In ESXi import ISE-1.4.0.253-eval.ova
ssh as root to ESXi
# /vmfs/volumes/datastore1/ISE
# scp *vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/ise-1.4.0.253
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/ise-1.4.0.253
# cd /opt/unetlab/addons/qemu/ise-1.4.0.253
# /opt/qemu/bin/qemu-img convert -f qcow ISE-flat.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install mikrotik
Download latest chr vmdk from http://www.mikrotik.com/download
# mkdir /opt/unetlab/addons/qemu/mikrotik-6.34.3
scp chr-6.34.3.vmdk into /opt/unetlab/addons/qemu/mikrotik-6.34.3
# cd /opt/unetlab/addons/qemu/mikrotik-6.34.3
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 chr-6.34.3.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P:

-to install nsvpx
# mkdir -p /opt/unetlab/addons/qemu/nsvpx-11.0.55.20
scp NSVPX-ESX-11.0-55.20_nc.zip into /opt/unetlab/addons/qemu/nsvpx-11.0.55.20
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NSVPX-ESX-11.0-55.20_nc-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install olive
# mkdir -p /opt/unetlab/addons/qemu/olive-12.1R1.9
scp “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova” into /opt/unetlab/addons/qemu/olive-12.1R1.9
# cd /opt/unetlab/addons/qemu/olive-12.1R1.9
# tar xf “Juniper JunOS Olive12.1R1.9 Virtualbox image.ova”
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 “JunOS Olive-disk1.vmdk” hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install ostinato
Download ost-drone-0.7-v1.qcow2 from
http://www.bernhard-ehlers.de/projects/ostinato4gns3/install-qemu.html
# mkdir /opt/unetlab/addons/qemu/ostinato-0.7-v1
scp ost-drone-0.7-v1.qcow2 into /opt/unetlab/addons/qemu/ostinato-0.7-v1
# cd /opt/unetlab/addons/qemu/ostinato-0.7-v1
# mv ost-drone-0.7-v1.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install paloalto
# mkdir -p /opt/unetlab/addons/qemu/PA-VM-ESX-7.0.1
scp PA-VM-ESX-6.1.0.ova into /opt/unetlab/addons/qemu/paloalto-7.0.1
# cd /opt/unetlab/addons/qemu/paloalto-7.0.1
# tar xf PA-VM-ESX-7.0.1 .ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 PA-VM-ESX-7.0.1-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

NOTE:

PA in UNL no need license but no URL and threat signature updates, as well as fewer sessions through the firewall

-to install radware
SOURCE: http://www.unetlab.com/forum/viewtopic.php?f=7&t=39&sid=0ade6575a07ae6534a3fbce8dd7e3049
download alteon radware from https://www.radware.com/resources/softwaredownloads/network-admin-software/
Icon: Load Balancer.png
CPU: 2 (minimum)
RAM: 2560MB (minimum)
Ethernets: 3 (minimum)
console: VNC (since telnet won’t work)
# mkdir /opt/unetlab/addons/qemu/linux-radware
scp AlteonOS-30A-5-0-0.ova into /opt/unetlab/addons/qemu/linux-radware
# cd /opt/unetlab/addons/qemu/linux-radware
# tar xf AlteonOS-30-5-0-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AlteonOS-30.5.0.0-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Enter password: admin

-to install riverbed
# mkdir /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
scp image_rbt_vcx_9_2_0_n8_x86_64.ova into /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
# cd /opt/unetlab/addons/qemu/riverbed-vcx9.2.0/
# tar xf image_rbt_vcx_9_2_0_n8_x86_64.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk1.vmdk virtioa.qcow2
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 image-vcx-disk2.vmdk virtiob.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P: password
NOTE:
disregard cdrom complain when booting

it will probably boot 2x when power on for the first time and will take around 15min to get login prompt

-to install Ruckus SmartZone
Ruckus vSZ High-Scale
vSZ High-Scale min requirement
RAM: 13GB
CPU: 2 Cores
# mkdir /opt/unetlab/addon/qemu/linux-ruckuswireless
scp vscg-3.4.1.0.208.ova into /opt/unetlab/addon/qemu/linux-ruckuswireless
# cd /opt/unetlab/addon/qemu/linux-ruckuswireless
# tar xf vscg-3.4.1.0.208.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vscg-3.4.1.0.208-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
follow this
L: admin
P: admin

# setup

-to install sophos XG
download latest sophos XG KVM from https://secure2.sophos.com/en-us/products/next-gen-firewall/free-trial.aspx#
# mkdir -p /opt/unetlab/addons/qemu/sophos-16.05
scp VI-SFOS_16.05.3_MR-3.KVM-183.zip into /opt/unetlab/addons/qemu/sophos-16.05
# cd /opt/unetlab/addons/qemu/sophos-16.05
# unzip VI-SFOS_16.05.3_MR-3.KVM-183.zip
# mv PRIMARY-DISK.qcow2 hda.qcow2
# mv AUXILIARY-DISK.qcow2 hdb.qcow2
# rm VI-SFOS_16.05.3_MR-3.KVM-183.zip
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# cd /opt/unetlab/html/templates
# cp cpsg.php sophos.php
# sed -i ‘s/cpsg/sophos/g’ sophos.php
# sed -i ‘s/CP/sophos/g’ sophos.php
# cd ../includes
# vi init.php
add
‘sophos’ => ‘Sophos’,
after sterra line
LAN IP: 172.16.16.16 (default) port1
WAN IP: dhcp port2
WEB GUI: https://172.16.16.16:4444
L: admin
P: admin

-to install sourcefire
download from Cisco Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2
# mkdir -p /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
scp Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 into /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# cd /opt/unetlab/addons/qemu/sourcefire-6.1.0-330
# mv Cisco_Firepower_Management_Center_Virtual-6.1.0-330.qcow2 virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install timos
# mkdir -p /opt/unetlab/addons/qemu/timos-12.0.R6
scp TiMOS-SR-12.0.R6-vm.zip into /opt/unetlab/addons/qemu/timos-12.0.R6
# cd /opt/unetlab/addons/qemu/timos-12.0.R6
# mv TiMOS-SR-12.0.R6-vm/vm/7xxx-i386/sros-vm.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install titanium
# mkdir -p /opt/unetlab/addons/qemu/titanium-7
scp hda.qcow2 into /opt/unetlab/addons/qemu/titanium-7
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install coeus
# mkdir -p /opt/unetlab/addons/qemu/coeus-9.0.0.324
scp coeus-9-0-0-324-S100V.zip into /opt/unetlab/addons/qemu/coeus-9.0.0.324
# cd /opt/unetlab/addons/qemu/coeus-9.0.0.324
# unzip coeus-9-0-0-324-S100V.zip
# mv coeus-9-0-0-324-S100V/coeus-9-0-0-324-S100V-disk1.vmdk ..
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 coeus-9-0-0-324-S100V-disk1.vmdk virtioa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
# vi /opt/unetlab/html/templates/coeus.php
change
$p[‘console’] = ‘telnet’;
to
$p[‘console’] = ‘vnc’;

-to install Force10
download OS10_Virtualization_10.4.1.0V.zip from https://www.cocheno.com/category/routing/
# mkdir /opt/unetlab/addons/qemu/linux-dellos10-10.4.1.0
scp OS10_Virtualization_10.4.1.0V.zip into /opt/unetlab/addons/qemu/linux-dellos10-10.4.1.0
# cd /opt/unetlab/addons/qemu/linux-dellos10-10.4.1.0
# unzip OS10_Virtualization_10.4.1.0V.zip
# mv OS10-Installer-10.4.1.0.qcow2 virtiob.qcow2
# mv OS10-Disk-1.0.0.vmdk sataa.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vios
# mkdir -p /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mkdir -p /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
scp vIOS-L3.qcow2 into /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
scp vIOS-L2.qcow2 into /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# cd /opt/unetlab/addons/qemu/vios-adventerprisek9-m-15.5
# mv vIOS-L3.qcow2 hda.qcow2
# cd /opt/unetlab/addons/qemu/viosl2-adventerprisek9-m-15.2
# mv vIOS-L2.qcow2 hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vmx
# mkdir -p /opt/unetlab/addons/qemu/vmx-1.0
scp vMX.ova into /opt/unetlab/addons/qemu/vmx-1.0
# cd /opt/unetlab/addons/qemu/vmx-1.0
# tar xf vMX.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 vMX-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
NOTE: to speed up vmx
http://noshut.ru/2015/09/how-to-run-juniper-vmx-in-unetlab/
# vi /opt/unetlab/html/templates/vmx.php
change
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic’;
to
$p[‘qemu_options’] = ‘ -serial mon:stdio -nographic -enable-kvm’;

-to install vnam
# mkdir -p /opt/unetlab/addons/qemu/vnam-6.1.1
scp nam-app-x86_64.6-1-1.ova and nam-app-x86_64.6-1-1.iso into /opt/unetlab/addons/qemu/vnam-6.1.1
# cd /opt/unetlab/addons/qemu/vnam-6.1.1
# tar xf nam-app-x86_64.6-1-1.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 NAM-VX-6.1-disk1.vmdk hda.qcow2
# mv nam-app-x86_64.6-1-1.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

From UnetLab gui, Start vnam icon
Main menu
1 – Download application image and write to HDD
2 – Download application image and reformat HDD
3 – Install application image from CD and reformat HDD
4 – Display software versions
5 – Reset application image CLI passwords to default
6 – Send Ping
f – Check for and fix file system errors on local disk
s – Show upgrade log
n – Configure network
r – Exit and reset Services Engine
h – Exit and shutdown Services Engine
Selection [123456fsnrh]:

NOTE:
I have black screen problem with vnam 6.2.1. So I use 6.1.1 instead
Any idea what to do next after do you see menu above?

-to install vsrx
# mkdir -p /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
scp junos-vsrx-12.1X46-D10.2-domestic.ova into /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# cd /opt/unetlab/addons/qemu/vsrx-12.1X46-D10.2-domestic
# tar xf junos-vsrx-12.1X46-D10.2-domestic.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 junos-vsrx-12.1X46-D10.2-domestic-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vsrxng
NOTE:
for vSRX-NG can be downloaded here
# mkdir -p /opt/unetlab/addons/qemu/vsrxng-151x49d406
scp media-vsrx-vmdisk-15.1X49-D40.6.qcow2 into /opt/unetlab/addons/qemu/vsrxng-151x49d406
# cd /opt/unetlab/addons/qemu/vsrxng-151x49d406
# mv media-vsrx-vmdisk-15.1X49-D40.6.qcow2 virtioa.qcow2

# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vwaas
download vwaas from
https://drive.google.com/folderview?id=0B-v2VUXWowDLYWRBcFJEcmtLQkE&usp=drive_web
# mkdir -p /opt/unetlab/addons/qemu/vwaas-200-5.5.3
scp virtioa.qcow2 into /opt/unetlab/addons/qemu/vwaas-200-5.5.3
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: admin
P:

-to install vwlc
# mkdir -p /opt/unetlab/addons/qemu/vwlc-8.1.102.0
scp AIR-CTVM-K9-8-1-102-0.ova and AIR-CTVM-k9-8-1-102-0.iso into /opt/unetlab/addons/qemu/vwlc-8.1.102.0
# cd /opt/unetlab/addons/qemu/vwlc-8.1.102.0
# tar xf AIR-CTVM-K9-8-1-102-0.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 AS_CTVM_8_1_102_0.vmdk hda.qcow2
# mv AIR-CTVM-k9-8-1-102-0.iso cdrom.iso
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install tinylinux
SOURCE: http://www.802101.com/2015/06/unetlab-ubuntu-guest-node.html
change dsl-4-4-10.doc to dsl-4-4-10.ova
ssh as root to unetlab server
# mkdir -p /opt/unetlab/addons/qemu/linux-dsl
# cd /opt/unetlab/addons/qemu/linux-dsl
scp dsl-4-4-10.ova into /opt/unetlab/addons/qemu/linux-dsl
# tar xf dsl-4-4-10.ova
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 DSL-4.4.10-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add linux linux-dsl node
NOTE:
L: root

P: Password123!@#

-to install slitaz
download slitaz from
extract it in your pc
# mkdir -p /opt/unetlab/addons/qemu/linux-slitaz-3.0
scp slitaz-3.0-x86.vdi into /opt/unetlab/addons/qemu/linux-slitaz-3.0
# cd /opt/unetlab/addons/qemu/linux-slitaz-3.0
# qemu-img convert -f vdi -O qcow2 slitaz-3.0-x86.vdi hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: root
P: root

-to install win win7
SOURCE: http://www.802101.com/2015/06/windows-7-host-on-unetlab.html
install WIN7 in ESXi
update all patches
do not install vmware-tools
shutdown

ssh to ESXi server and cd to WIN7 directory
# cd /vmfs/volumes/datastore1/WIN7
# scp WIN7.vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/win-win7
# scp WIN7-flat.vmdk root@10.0.20.71:/opt/unetlab/addons/qemu/win-win7

ssh as root to unetlab server
# cd /opt/unetlab/addons/qemu/win-win7
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 WIN7.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
open UnetLab gui and add win win-win7 node

-to install xrv
# mkdir -p /opt/unetlab/addons/qemu/xrv-k9-5.2.2
scp hda.qcow2 into /opt/unetlab/addons/qemu/xrv-k9-5.2.2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions

-to install vyos
copy to unetlab
# mkdir -p /opt/unetlab/addons/qemu/vyos-117
# cd /opt/unetlab/addons/qemu/vyos-117
# /opt/qemu/bin/qemu-img convert -f vmdk -O qcow2 VyOS-1.1.7-signed-disk1.vmdk hda.qcow2
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
L: vyos

P: vyos

-to install zeroshell
SOURCE: http://www.802101.com/2015/08/running-zeroshell-in-unetlab.html
Download zeroshell iso from http://www.zeroshell.org/download/#
# mkdir -p /opt/unetlab/addons/qemu/linux-zeroshell
scp ZeroShell-3.3.2.iso into /opt/unetlab/addons/qemu/linux-zeroshell
# cd /opt/unetlab/addons/qemu/linux-zeroshell
# mv ZeroShell-3.3.2.iso cdrom.iso
# /opt/qemu/bin/qemu-img create -f qcow hda.qcow2 5G
# /opt/unetlab/wrappers/unl_wrapper -a fixpermissions
I then added a new node to a test lab I had on the go, and fired it up. Once connected via VNC, you can then install it to the hard drive, by selecting option A from the menu:
Just accept all the defaults
# mv cdrom.iso ZeroShell-3.3.2.iso
from unetlab gui stop the node and start again

-to upgrade VMware-Tools
mount iso on datastore
click CD-ROM icon on ESXi console
click CD DVD drive 1/Connect to iso image on a datastore
open vmimages/tools-isoimages/linux.iso
# mkdir /mnt/cdrom
# mount /dev/cdrom /mnt/cdrom/
# tar xzvf /mnt/cdrom/VMwareTools-9.10.0-2476743.tar.gz -C /tmp/
# cd /tmp/vmware-tools-distrib
# perl vmware-install.pl
Do you still want to proceed with this legacy installer? [yes]
Uninstallation of previous install failed. Would you like to remove the install DB? [no] yes
# perl vmware-install.pl -d

-Log location
# cat /opt/unetlab/data/Logs/

WINDOWS:
-download and install UltraVNC from http://www.uvnc.com/downloads/ultravnc.html
-download and install Wireshark from https://www.wireshark.org/download.html
-download and extract http://UNLip/files/windows.zip
copy UNetLab into c:\Program Files
copy ultravnc_wrapper.bat into C:\Program Files\uvnc bvba\UltraVNC
run win7_64bit_ultravnc.reg
run win7_64bit_putty.reg

run win7_64bit_wireshark.reg

-to open multiple tab session in SecureCRT
run win7_64bit_crt.reg
edit C:\Users\username\AppData\Roaming\VanDyke\Config\Global.ini
change
D:”Single Instance”=00000000
to

D:”Single Instance”=00000001

-to open multiple tab with SuperPutty
   download and install SuperPutty from https://github.com/jimradford/superputty/releases
   open SuperPutty and tick Tools/Options/Advanced/Only allow single instance of SuperPuTTYy to run
   create SuperPutty.reg
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\telnet]
@=”URL:Telnet Protocol”
“URL Protocol”=””
[HKEY_CLASSES_ROOT\telnet\shell]
[HKEY_CLASSES_ROOT\telnet\shell\open]
[HKEY_CLASSES_ROOT\telnet\shell\open\command]

@=”\”C:\\Program Files (x86)\\SuperPuTTY\\SuperPutty.exe\” %1″

go to http://10.0.20.71 and Sign-in with
L: admin
P: unl

-to connect unetlab to the cloud
http://www.unetlab.com/2014/11/using-cloud-devices/

-to rename a lab file
clone or open existing file
click More Actions/Edit lab

change the Name

-to convert VirtualBox vdi to qcow2 format

# /opt/qemu/bin/qemu-img convert -f vdi -O qcow2 vm.vdi vm.qcow2

-cisco CSR 1000v take 2.5GB RAM per node, if you want less ram, use L3-ADVENTERPRISEK9-M-15.4-2T.bin instead