Cisco Prime Upgrade

Hello, In this blog we are going to see How to identify and remove unused policies. Firewall unused policy clean up is essential as those policies may mess up the rule base and offer an approach of attack to infiltrators. Remove these rules to clean up the rule base and reduce the attack surface or modify them, so they apply to application traffic and serve a legitimate purpose in the rule base. How to Identify unused policies in FortGate V 6.0.9. Step 1:- Login to Fortigate GUI and select the VDOM (Virtual Domain) on which you want to find out the Unused Policies. Step 2:- GOTO Policy&Objects and Select appropriate policy Ex. Here we have selected IPv4 Policy. Then Click on Configuration Table and insert Hit Count and Last Used columns in your IPv4 policy dashboard. This is the easiest way to find out unused policies in Fortigate firewall.                                        ...

 Hello Friends, In this blog we are going to discuss on how to create DNS entry for new server. Please follow below steps to create DNS entry ( A record under domain ). Step 1:- Login to DNS server and search for DNS manager. Step 2:- Under DNS Manager click on Forward Lookup Zones and then select your domain (xyz.com) Step 3:- Under your domain --> right click on the page--->click on New Host (A or AAAA).                Step 4:- Fill the Server name and IP address of new server and make sure you select the check box of Create associated pointer (PTR) record. A Pointer (PTR) record is a type of domain Name System (DNS) record that resolves an IP address to a domain or host name, unlike an A record which points a domain name to an IP address. PTR records are used for the reverse DNS lookup.

All Prime Infrastructure installations of 3.9 have same issue; regardless of whether it is a fresh install, or a system upgraded from an earlier version. On the Administration > System Monitoring Dashboard > System Information panel, the DNS server's IP address always shows 127.0.0.1, even after being updated from the CLI. Prime/admin# show running-config | include name-server ip name-server x.x.x.x x.x.x.x Prime/admin# Prime/admin# show running-config | include dnssec ip dnssec Prime/admin#   ade # cat /etc/resolv.conf # Generated by dnssec-trigger 0.11 domain xyz.org search xyz.org nameserver 127.0.0.1 ade #   This was observed in Prime Infrastructure 3.9 when DNS Sec is enabled, which is the default setting. See the Release Notes for Prime Infrastructure 3.9 at  https://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/3-9/release/notes/bk_Cisco_Prime_Infrastructure_3_9_0_Release_Notes.html Workaround: If DNS Sec is enabled,...

 Hello, In this article you will get to know how to upgrade Cisco prime from 3.8 to 3.9. Please refer below steps. Step:1   Download all image files and latest patches from Cisco website. See below for reference. Step2 :  In order to transfer image file to CLI of Cisco prime, Download WinSCP application from google. Step3: Login to CLI of Cisco prime using Admin account and then go to shell mode by typing “shell” in CLI Step4:- Create a user for WinSCP so that we can transfer image to Prime CLI. Follow below procedure. In Shell mode of Cisco Prime run below commands: Sudo -i cd //localdisk/defaultRepo/ Adduser <username> Passwd <Pwd> It will ask for new password then you can change it to new one. Step5 :- Open WinSCP application then click on new session.   In Hostname section put Cisco Prime IP and in username and Password put which was created in step4. Click on login and then you can drag and drop whichever file you want to send it to C...