Common Brocade ADX Commands


The following commands are based upon Brocade ADX 12.4.


show ip int — show interface(s) ip`s

show default values — show defaults

show server global — show global configured parameters

show ip vrrp-extended brief — show cluster status

show server real — show real server stats

show server real http [real server] — show real server http details for given server

show server real [real server/port] detail — show details of real servers port or real server

show server virtual — show virtual server stats

show server bind — show virtual to real server bindings

show server global — show global parameters

show server sessions — show summary of real server connections

show cookie-info — show content switching cookie information

show statistics ethernet 1 — show interface stats

rconsole / sh sessions all 0 / rcon-exit — show flows across all BP’s (Barrel Processors)


The rconsole is used to view and run commands across the various processors i.e BP. To invoke the rconsole the commands rconsole is used. To exit use rcon-exit.

show ssl statistics counters — shows connection attempts and succesful completions.

show ssl statistics alert — if errors are show RX increase the issue is on the ADX.

show ssl statistics — show statistics for ssl flows (12.4u includes SSL/TLS version stats).

show ssl debug — shows failures and causes such as certificate verify failures.

show ssl con — show ssl connections.

show cp debug — show client/server connection details.

show cp stats — show client/server connection stats.


server no-fast-bringup — stops port becom`g ACTIVE until Layer4&7 healthchecks are successfully completed

[no] server no-periodic-arp — enables/disables periodic L2 health checks

[no] server no-real-l3-check — enables/disables periodic ICMP healthchecks

server disable-ping-vip-down — stops vip responding to ping if all backend servers are down

server msl 2 — change maximum session life in delete queue to 2 secs

server l7-dont-reset-on-vip-port-fail — used to allow csw to still be used when all servers are down (12.4+)

server l7-tcp-window-size — limit size of packets in large HTTP requests that can cause BP buffering issues

server l7-dont-ack-last-packet — prevents drop of last packet in request after CSW decision has been completed

server l7-rewrite-pkt-in-sequence — prevents issues with ooo packets when using csw content insertion/rewrite by ensuring they are sent in order


max-conn — configures the total maximum of connections per real server


tcp keepalives 5 1 — modify layer 4 healthchecks

tcp keepalive use-master-state — tie the health status of the alias port to the master port

Ubuntu 14.04 Juno Openstack F5 LBaaS conf File examples



One drawback of examples is the lack of real-world relational information such as an example of an actual OpenStack install on the Internet without the use of RFC1918 space for all networks.

Additionally the conf files are presented without any real explanation of the consequences of changes, what is superfluous, what is required, etc.

Starting point:
OS – 1TB
Raid 10 – 6TB
3TB went to an LVM for cinder

  --- Physical volume ---
  PV Name               /dev/sdb1
  VG Name               cinder-volumes
  PV Size               2.73 TiB / not usable 2.00 MiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              715255
  Free PE               702455
  Allocated PE          12800
  PV UUID               QdLfoA-NAq3-BJQJ-W5r9-857T-f7fq-bl9rnI

3TB as a single swift ring

Filesystem                    Size  Used Avail Use% Mounted on
/dev/sdb2                     2.8T   33M  2.8T   1% /srv/node/sdb2


VERSION="14.04.2 LTS, Trusty Tahr"
PRETTY_NAME="Ubuntu 14.04.2 LTS"

Single Node OpenStack Install for Juno with F5 LBaaS plugin

Single Node OpenStack Install for Juno with F5 LBaaS plugin

Use this install guide for the basic install of components.

Swift is installed after using the basic openstack swift install guide.

Conf file examples and more

F5 CLI Context Change

tmsh -m -c 'cd /f1 ; delete net arp /f1/test'


tmsh -m -c 'cd /uuid_844a8ccf756947cf860510b2d2f26448 ; delete net arp /uuid_844a8ccf756947cf860510b2d2f26448/'

OpenVAS v7, WPScan, Metasploit, ZAP on Ubuntu 14.04


Install OpenVAS7, WPScan, Metasploit, ZAP

Fix Linux VM NIC assigment after migrating to new hypervisor


/etc/udev/rules.d/70-persistent-net.rule accordingly to reflect the changes. After completing you also need to change /etc/sysconfig/network-scripts/ifcfg-eth0 to change MAC and name of the eth0.

vi /etc/udev/rules.d/70-persistent-net.rule

F5 HA score view

To view the HA score and other details
At the system prompt on unit 1, type:
show ha-group  details
Repeat the commands on unit 2.
To compare the HA scores of both units
You can compare the score of the HA score on the current unit with the HA score of the peer unit. At the system prompt on either unit, type:
show ha-status all-properties

Self-Signed SSL CA Certs & Keys


Create the CA cert to sign your new cert.

The server certificate is used to terminate SSL on your endpoint (LB, server, HAproxy).

The client cert can be issued to authenticated clients for 2-way authentication.

CA Certificate

echo "0001" > <serial_number_file>.sr1

openssl req -new -x509 -days 3650 -keyout <ca_cert_key>.key -out <ca_cert_file_name>.crt

Server Certificate

openssl req -new -newkey rsa:2048 -nodes -out <cert_request>.req -keyout <cert_key>.key

openssl x509 -CA <ca_cert_file_name>.crt -CAkey <ca_cert_key>.key -CAserial <serial_number_file>.sr1 -req -in <cert_request>.req -out <domain_name>.crt -days 3650

Client Certificate

openssl req -new -newkey rsa:2048 -nodes -out <client_cert_file_name>.req -keyout <client_cert_file_name>.key 

openssl x509 -CA <ca_cert_file_name>.crt -CAkey <ca_cert_key>.key -CAserial <serial_number_file>.sr1 -req -in <client_cert_file_name>.req -out <client_cert_file_name>.crt -days 3650

openssl pkcs12 -export -out <client_cert_file_name>.p12 -inkey <client_cert_file_name>.key -in <client_cert_file_name>.crt -certfile <ca_cert_file_name>.crt


F5 Aggressive Connection Reaping


More OpenVAS and Greenbone


Step 1: Configure OBS Repository

sudo apt-get -y install python-software-properties
sudo add-apt-repository “deb ./”
sudo apt-key adv –keyserver hkp:// –recv-keys BED1E87979EAFD54
sudo apt-get update

Step 2: Quick-Install OpenVAS

sudo apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager openvas-scanner openvas-administrator sqlite3 xsltproc

Step 3: Quick-Start OpenVAS
(copy and paste whole block, during first time you will be asked to set a password for user “admin”)

test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd –migrate
sudo openvasmd –rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin

Step 4: Log into OpenVAS as “admin”

Open https://localhost:9392/ or start “gsd” on a command line as a regular user (not as root!).

News & Info

Confidence with the CLI

Sourcefire vs Palo Alto UTM Appliances

Unified threat from Sourcefire and Palo Alto Solutions


Version 4.10 from Sourcefire was a stable, robust, competent piece of software. The detection engines performed their duties as expected and IPS/IDS functionality worked as expected.


Vendor Sites

Juniper Networks
F5 Networks
Arista Networks

Punk Innovation

Legacy Archives