Beruflich Dokumente
Kultur Dokumente
vision Control
Title E-mail address
Security Engineer christopher.mckay@wyn.com
er)
Onsite Resource
Outage (Yes/No) Vendor SR #'s Site Name / Site code (Y/N)
Identify individuals in BU that this was discussed with (add names in notes
2 Completed
section)
Single Point of contact for testing coordination identified (add name in
3 Completed
notes field and overview tab)
4 Document detailed testing plan Completed
Identify testing resources from business teams (add testers names in
5 Completed
overview tab)
6 Confirm onsite resource for implementation date (add to overview tab) Completed
Brian crawford
BS
BS
BS
BS
BS
BS
BS
BS
BS
Project Name (Quarterly Maintenance Scheduled Fai
Pre Implementation - Technical Tasks
Item Task Description Status
1
Download Hotfix file "Check_Point_R76.linux.tar" to
Completed
bastion host, per CheckPoint Support instructions
8
Populate tab "Supporting Docs - Affected IPs" with
list of IP Ranges/Subnets under each cluster, as well Completed
as affected business unit
9 Confirm content of /etc./host file on each node, and
whether file is Immutable or not Completed
rly Maintenance Scheduled Failover)
entation - Technical Tasks
Notes Initials Peer Review Manager Review
CM
BS
BS
BS
BS
BS
BS
BS
1
Communication
Communication 2
Implementation
Implementation 3
Implementation 4
5
Communication 6
7
Communication
8
Implementation 9
Implementation 10
Implementation 11
Implementation 12
Implementation 13
Implementation 14
Implementation 15
Implementation 16
Implementation 17
TESTING 18
Implementation 19
Implementation 20
Implementation 21
Implementation 22
Implementation 23
Implementation 24
Implementation 25
Implementation 26
Implementation 27
TESTING 28
29
30
31
32
33
Communication
Communication 34
Completion 35
Project Name (Quarterly Maintenance Scheduled Failover)
Implementation Plan
Task
Pre-Implementation Steps
Notify WYN-Change of that RFC will begin and which Firewalls will be affected. Include Sec
Ops, SDRM (Mangers listed in Overview), Gian Watt and testers.
Advise NOC to ignore Indeni Alarms for firewallS affected
Implementation
Join bridge with testers
Log into the 10.230.100.103 bastion host
Perform first phase of testing to establish a baseline for expected results
Email all testers to commence testing, and to email a pass/fail via reply email
Email all parties with interest (WYN-Changes, Sec Ops, SDRM, Gian Watt and testers) that
testing was successful, and we are about to fail over to the standby member of the TUSGR
firewall cluster.
Determine active node of Saint John and reboot the standby node in preparation for
failover
ssh to 01 node of the cluster (FWWYNTUSGR01 209.12.76.75) using the credentials for WHG
firewalls in the pw vault
expert
cphaprob stat
determine which firewall is active and which is on standby
ssh to STANDBY firewall, using the credentials for WHG firewalls in the pw vault
cat /etc/hosts to confirm the firewall IP is listed to resolve to the firewall host name
lsattr /etc/hosts (to confirm that the Immutable attribute ("i") is set on the hosts file, to
prevent the OS from overwriting hosts with a default file upon reboot)
If the Immutable ("i") flag is not on the etc/hosts file, set it with the following command:
chattr +ia /etc/hosts
reboot
Perform verification per steps outlined in Testing Plan to confirm secondary node is up, can
be reached by ssh and is logging
lsattr /etc/hosts (to confirm that the Immutable attribute ("i") is set on the hosts file, to
prevent the OS from overwriting hosts with a default file upon reboot)
If the Immutable ("i") flag is not on the etc/hosts file, set it with the following command:
chattr +ia /etc/hosts
reboot
Perform verification per steps outlined in Testing Plan to confirm secondary node is up, can
be reached by ssh and is logging
Verify no unexpected Orion/ Indeni alarms (per testing plan)
Verify SNMP is working as expected (per testing plan)
Confirm NTP is working as expected (per testing plan)
Ensuring logging is setup and working (per testing plan)
Email all parties with interest (WYN-Changes, Sec Ops, SDRM, Gian Watt and testers) that
testing was successful, and that the RFC is complete.
Post Implementation tasks
Advise NOC to ignore Indeni Alarms for firewallS affected
Complete decision task in RFC
nce Scheduled Failover)
0:10:00
0:10:00
0:45:00
0:50:00
1:05:00
1:20:00
1:05:00
2:00:00
2:00:00
2:00:00
Notes
Project Name (Quarterly
Communication 1
Rollback 1
Rollback 2
Rollback 3
Rollback 4
Rollback 5
Rollback 6
Rollback 7
Rollback 8
Testing 9
Communication 10
Project Name (Quarterly Maintenance Scheduled Failover) : Rollback plan
Rollback Plan
Task
Send out the Communication (WYN-Changes, Sec Ops, SDRM, Gian Watt and testers) that
we are rolling back the change on current firewall.
Failing over TUSGR FWWYNTUSGR_CL Cluster (FWWYNTUSGR01 209.12.76.75 | FWWYNTUSGR02
209.12.76.78)
ssh to 01 node of the cluster (FWWYNTUSGR01 209.12.76.75) using the credentials for WHG
firewalls in the pw vault
expert
cphaprob stat
determine which firewall is active and which is on standby
ssh to active firewall, using the credentials for WHG firewalls in the pw vault
expert
clusterXL_admin down
clusterXL_admin up
Perform testing plan to ensure firewall cluster is operational again.
Send out communication (WYN-Changes, Sec Ops, SDRM, Gian Watt and testers) indicating that the
change is rolled back. Have testers confirm via email that testing is successful
d Failover) : Rollback plan
1:00 AM CM
Testing Plan [ Engin
Application or Service to be
Task # Date of test Time of test
tested
17 Application/Service #4
OWA/Outlook
17 Application/Service #5
Purge DNS records (IPConfig /flushdns front desk works
17 Application/Service #5
19
WHG Test Plan - Upgrade Firewalls to R76 Code
HTCS Steps
HTCS will join the call to assist the property to test functionality. The folk’s onsite will
not assist the property to make sure that all functionality is working. HTCS will assist to
help test a number of functions and answer any questions or problems that may pop
up. The list below can be expanded as we complete more of these changes. HTCS
needs to make sure the site has enough time to print all necessary reports.
Tests
· RDP to the Site
· Opera Working
· Interfaces - OIFC
· Printing – Windows and Opera
· Bomgar (FD, BO, Server)
· Authorize and Process Credit Cards
· Scan to email
· Websites
o Wyndham.com
o MyPortal
o Webinar
o Brand websites
· Network Shares
Testing Plan [ Engineer Test and WHG Test Plans]
URL or IP address to be tested IP address of client or source where
Tester Name
(i.e. "destination IP") tests will be run from
#
# Configuration of FWWYNTUSGR02
# Language version: 11.0v1
#
# Exported by admin on Tue Jan 17 08:18:08 2017
set router-id 10.14.216.1
set max-path-splits 8
set tracefile maxnum 10
set tracefile size 1
set net-access telnet off
set inactivity-timeout 10
set clienv debug 0
set clienv echo-cmd off
set clienv output pretty
set clienv prompt "%M"
set clienv rows 24
set clienv syntax-check off
set password-controls min-password-length 7
set password-controls complexity 2
set password-controls palindrome-check true
set password-controls history-checking
set password-controls history-length 10
set password-controls password-expiration never
set password-controls expiration-warning-days 7
set password-controls expiration-lockout-days never
set password-controls force-change-when no
set password-controls deny-on-nonuse enable true
set password-controls deny-on-nonuse allowed-days 90
set password-controls deny-on-fail enable false
set password-controls deny-on-fail failures-allowed 5
set password-controls deny-on-fail allow-after 900
add dhcp server subnet 10.14.216.64 netmask 27
set dhcp server subnet 10.14.216.64 default-lease 86400
set dhcp server subnet 10.14.216.64 max-lease 86400
set dhcp server subnet 10.14.216.64 dns 10.14.216.6, 10.85.15.133
set dhcp server subnet 10.14.216.64 router 10.14.216.65
add dhcp server subnet 10.14.216.64 include-ip-pool start 10.14.216.66 end 10.14.216.88
set dhcp server subnet 10.14.216.64 enable
add dhcp server subnet 10.14.216.128 netmask 25
set dhcp server subnet 10.14.216.128 default-lease 86400
set dhcp server subnet 10.14.216.128 max-lease 86400
set dhcp server subnet 10.14.216.128 dns 10.14.216.6, 10.85.15.133
set dhcp server subnet 10.14.216.128 router 10.14.216.129
add dhcp server subnet 10.14.216.128 include-ip-pool start 10.14.216.132 end 10.14.216.230
set dhcp server subnet 10.14.216.128 enable
set dhcp server enable
set domainname wyndham.com
set aaa tacacs-servers state off
set aaa radius-servers super-user-uid 96
set timezone America / Phoenix
add allowed-client host any-host
set dns suffix wyndham.com
set dns primary 10.14.216.6
set dns secondary 216.136.95.2
set dns tertiary 64.132.94.250
set ipv6-state off
set web session-timeout 10
set web ssl-port 443
set web daemon-enable on
set hostname FWWYNTUSGR02
set arp table cache-size 4096
set arp table validity-timeout 60
set user admin shell /bin/bash
set user admin password-hash $1$1fNvulms$X6KlcSXRnTYUXTpXPUmEQ/
add user backbox uid 0 homedir /home/backbox
set user backbox gid 100 shell /bin/bash
set user backbox password-hash $1$LMUnYYwy$Pcen3OirDES3AdzWINCfo0
add user indeni uid 0 homedir /home/indeni
set user indeni gid 100 shell /bin/bash
set user indeni password-hash $1$Am7P.hvW$UKmrbBrGMFXu0PfywH3aK.
set user monitor shell /etc/cli.sh
set user monitor password-hash *
add rba user backbox roles adminRole
add rba user indeni roles adminRole
set interface eth2 state on
add interface eth2 vlan 10
set interface eth2 state on
add interface eth2 vlan 20
set interface eth2 state on
add interface eth2 vlan 30
set interface eth2 state on
add interface eth2 vlan 40
set interface eth2 state on
add interface eth2 vlan 50
set interface Mgmt link-speed 100M/full
set interface Mgmt state on
set interface Mgmt auto-negotiation off
set interface Mgmt mtu 1500
set interface Mgmt ipv4-address 209.12.76.78 mask-length 29
set interface eth1 link-speed 1000M/full
set interface eth1 state on
set interface eth1 auto-negotiation on
set interface eth1 mtu 1500
set interface eth1 ipv4-address 10.14.245.227 mask-length 27
set interface eth2 link-speed 1000M/full
set interface eth2 state on
set interface eth2 auto-negotiation on
set interface eth2 mtu 1500
set interface eth2.10 state on
set interface eth2.10 ipv4-address 10.14.216.3 mask-length 26
set interface eth2.20 state on
set interface eth2.20 ipv4-address 10.14.216.99 mask-length 27
set interface eth2.30 state on
set interface eth2.30 ipv4-address 10.14.216.131 mask-length 25
set interface eth2.40 state on
set interface eth2.40 ipv4-address 10.14.216.67 mask-length 27
set interface eth2.50 state on
set interface eth2.50 ipv4-address 10.14.238.131 mask-length 27
set interface eth3 link-speed 1000M/full
set interface eth3 state off
set interface eth3 auto-negotiation on
set interface eth3 mtu 1500
set interface eth4 state off
set interface eth4 auto-negotiation off
set interface eth4 mtu 1500
set interface eth5 comments "SYNC - RFC R225095"
set interface eth5 link-speed 1000M/full
set interface eth5 state off
set interface eth5 auto-negotiation on
set interface eth5 mtu 1500
set interface eth5 ipv4-address 192.168.1.2 mask-length 24
set interface lo state on
set interface lo ipv4-address 127.0.0.1 mask-length 8
set rip update-interval default
set rip expire-interval default
set rip auto-summary on
set format date dd-mmm-yyyy
set format time 24-hour
set format netmask Dotted
set snmp agent on
set snmp agent-version any
set snmp community Wpdcadvmgr read-only
add snmp traps receiver 10.230.131.48 community Wpdcadvmgr version v2
add snmp traps receiver 10.230.131.49 community Wpdcadvmgr version v2
set snmp traps trap authorizationError disable
set snmp traps trap coldStart disable
set snmp traps trap configurationChange disable
set snmp traps trap configurationSave disable
set snmp traps trap fanFailure disable
set snmp traps trap highVoltage disable
set snmp traps trap linkUpLinkDown disable
set snmp traps trap lowDiskSpace disable
set snmp traps trap lowVoltage disable
set snmp traps trap overTemperature disable
set snmp traps trap powerSupplyFailure disable
set snmp traps trap raidVolumeState disable
set snmp contact "Call Network Security On call - 602-335-2188"
set expert-password-hash $1$B_BBBT]N$j1HfFMNlQ3PxQ4BGodu061
set ospf area backbone on
set ntp active on
set ntp server primary 10.230.135.253 version 1
set ntp server secondary 10.230.135.254 version 1
set static-route default nexthop gateway address 192.168.1.254 on
set static-route default nexthop gateway address 209.12.76.73 priority 1 on
set ipv6 ospf3 area backbone on
set core-dump enable
set core-dump total 1000
set core-dump per_process 2
FWWYNTUSGR02>
set snmp traps trap linkUpLinkDown disable
set snmp traps trap lowDiskSpace disable
set snmp traps trap lowVoltage disable
set snmp traps trap overTemperature disable
set snmp traps trap powerSupplyFailure disable
set snmp traps trap raidVolumeState disable
set snmp contact "Call Network Security On call - 602-335-2188"
add allowed-client host any-host
set user admin shell /etc/cli.sh
set user admin password-hash $1$RQ82SDsd$o6FWv8/usS1yXMpT3SBNw.
add user backbox uid 0 homedir /home/backbox
set user backbox gid 100 shell /bin/bash
set user backbox password-hash $1$tRA8UdcW$ry5RvU4s/XScPT5R.Zvso0
set user ctamero password-hash $1$7TAMyc6S$emkVtE1s8Xz3Tbjx6WtxC1
add user indeni uid 0 homedir /home/indeni
set user indeni gid 100 shell /bin/bash
set user indeni password-hash $1$EfMhD/I8$DFlRDqlDKcXqWLj1xu3NI0
set user monitor shell /etc/cli.sh
set user monitor password-hash *
add rba user backbox roles adminRole
add rba user indeni roles adminRole
set lcd screensaver mode model
set lcd screensaver timeout 30
set hostname fwstjwhgcor02
set rip update-interval default
set rip expire-interval default
set rip auto-summary on
set net-access telnet off
set router-id 1.1.1.2
set max-path-splits 8
set tracefile maxnum 10
set tracefile size 1
set ospf area backbone on
set core-dump enable
set core-dump total 1000
set core-dump per_process 2
fwstjwhgcor02>
FWWYNTUSGR01> cphaprob stat
[Expert@FWWYNTUSGR01:0]#
[Expert@FWWYNTUSGR02:0]# ifconfig
Mgmt Link encap:Ethernet HWaddr 00:1C:7F:53:46:4F
inet addr:209.12.76.78 Bcast:209.12.76.79 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:411067148 errors:1685852 dropped:0 overruns:0 frame:1685852
TX packets:446660020 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:108877589 (103.8 MiB) TX bytes:2126216351 (1.9 GiB)
Interrupt:106 Memory:febe0000-fec00000
[Expert@FWWYNTUSGR02:0]#
Firewall Routes FWWYNTUSGR01/02
[Expert@FWWYNTUSGR01:0]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
209.12.76.72 0.0.0.0 255.255.255.248 U 0 0 0 Mgmt
10.14.238.128 0.0.0.0 255.255.255.224 U 0 0 0 eth2.50
10.14.245.224 0.0.0.0 255.255.255.224 U 0 0 0 eth1
10.14.216.64 0.0.0.0 255.255.255.224 U 0 0 0 eth2.40
10.14.216.96 0.0.0.0 255.255.255.224 U 0 0 0 eth2.20
10.14.216.0 0.0.0.0 255.255.255.192 U 0 0 0 eth2.10
10.14.216.128 0.0.0.0 255.255.255.128 U 0 0 0 eth2.30
0.0.0.0 209.12.76.73 0.0.0.0 UGD 0 0 0 Mgmt
[Expert@FWWYNTUSGR01:0]#
[Expert@FWWYNTUSGR02:0]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
209.12.76.72 0.0.0.0 255.255.255.248 U 0 0 0 Mgmt
10.14.238.128 0.0.0.0 255.255.255.224 U 0 0 0 eth2.50
10.14.245.224 0.0.0.0 255.255.255.224 U 0 0 0 eth1
10.14.216.64 0.0.0.0 255.255.255.224 U 0 0 0 eth2.40
10.14.216.96 0.0.0.0 255.255.255.224 U 0 0 0 eth2.20
10.14.216.0 0.0.0.0 255.255.255.192 U 0 0 0 eth2.10
10.14.216.128 0.0.0.0 255.255.255.128 U 0 0 0 eth2.30
0.0.0.0 209.12.76.73 0.0.0.0 UGD 0 0 0 Mgmt
[Expert@FWWYNTUSGR02:0]#
[Expert@FWWYNTUSGR01:0]# cat $FWDIR/modules/fwkern.conf [Expert@FWWYNTUSGR02:0
fw ctl set int fwha_forw_packet_to_not_active 1 fw ctl set int fwha_forw_pac
[Expert@FWWYNTUSGR01:0]#
[Expert@FWWYNTUSGR02:0]# cat $FWDIR/modules/fwkern.conf
fw ctl set int fwha_forw_packet_to_not_active 1
[Expert@FWWYNTUSGR01:0]# more /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Performance tuning
## Ephemeral ports range
net.ipv4.ip_local_port_range = 32768 65535
## Increase the amount of memory associated w. input and output socket buffers
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
# performance tuning (allow more arp entries and less frequent cleanup overhead)
net.ipv4.neigh.default.gc_thresh1 = 1024
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
vm.max_map_count = 524288
[Expert@FWWYNTUSGR02:0]# more /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1
# Performance tuning
## Ephemeral ports range
net.ipv4.ip_local_port_range = 32768 65535
## Increase the amount of memory associated w. input and output socket buffers
net.core.rmem_default = 262144
net.core.rmem_max = 262144
net.core.wmem_default = 262144
net.core.wmem_max = 262144
# performance tuning (allow more arp entries and less frequent cleanup overhead)
net.ipv4.neigh.default.gc_thresh1 = 1024
net.ipv4.neigh.default.gc_thresh2 = 4096
net.ipv4.neigh.default.gc_thresh3 = 8192
vm.max_map_count = 524288
[Expert@FWWYNTUSGR01:0]# ARP
bash: ARP: command not found
[Expert@FWWYNTUSGR01:0]# arp
Address HWtype HWaddress Flags Mask Iface
10.14.216.238 (incomplete) eth2.
10.14.245.227 ether 00:1C:7F:53:46:4A C eth1
10.14.216.221 ether D4:BE:D9:C0:C6:AA C eth2.
10.14.216.208 ether 44:8A:5B:4B:77:4C C eth2.
wh-tusgr-spa.wyndham.co ether 18:03:73:CF:05:43 C eth2.
10.14.216.210 ether D0:67:E5:21:12:EB C eth2.
10.14.245.246 ether AC:81:12:90:CB:56 C eth1
10.14.238.142 ether 00:A0:A4:20:8C:70 C eth2.
wh-tusgr-fd3.wyndham.co ether D0:67:E5:20:F7:90 C eth2.
wh-tusgrw039.wyndham.co ether D8:CB:8A:03:08:97 C eth2.
wh-tusgrw018.wyndham.co ether D4:BE:D9:C0:7F:88 C eth2.
10.14.216.228 ether D4:BE:D9:C0:C6:FD C eth2.
10.14.245.238 ether 2C:3F:38:D6:BA:41 C eth1
10.14.216.201 ether D4:BE:D9:C0:CE:37 C eth2.
wh-tusgr-fd2.wyndham.co ether D4:BE:D9:C0:CE:43 C eth2.
wh-tusgr-dc.wyndham.com ether D4:AE:52:6E:EB:6A C eth2.
wh-tusgrw032.wyndham.co ether 44:8A:5B:4B:77:FD C eth2.
10.14.216.180 ether 28:80:23:D5:5C:2D C eth2.
10.14.216.188 ether 6C:62:6D:60:44:28 C eth2.
10.14.245.253 ether 00:D0:83:05:A2:D4 C eth1
10.14.216.160 ether D0:67:E5:21:0F:4E C eth2.
10.14.216.224 ether D0:67:E5:21:0E:08 C eth2.
10.14.216.190 ether D0:67:E5:20:F9:90 C eth2.
10.14.216.214 ether D4:BE:D9:C0:C6:BE C eth2.
10.14.216.220 ether D0:67:E5:21:09:5E C eth2.
10.14.245.232 ether 2C:3F:38:DE:86:C1 C eth1
10.14.216.206 ether D0:67:E5:21:12:07 C eth2.
wh-tusgr-key.wyndham.co ether 14:18:77:4E:41:FE C eth2.
10.14.216.226 ether D4:BE:D9:C2:EB:AA C eth2.
10.14.216.203 ether D0:67:E5:21:0F:98 C eth2.
10.14.245.229 ether 68:BC:0C:9E:03:C1 C eth1
10.14.216.204 ether D0:67:E5:21:10:9A C eth2.
10.14.216.236 ether 00:80:91:74:27:3F C eth2.
10.14.216.222 ether D4:BE:D9:C0:82:DF C eth2.
10.14.216.181 ether D4:BE:D9:C0:CD:E5 C eth2.
wh-tusgr-nas.wyndham.co ether D4:AE:52:69:5C:34 C eth2.
10.14.216.199 ether 44:8A:5B:4B:78:14 C eth2.
10.14.245.247 ether AC:81:12:C3:7C:F9 C eth1
10.14.216.146 ether 44:8A:5B:4B:78:59 C eth2.
10.14.238.135 ether 00:A0:A4:20:8B:82 C eth2.
microsrv.wyndham.com ether 3C:A8:2A:0D:B2:28 C eth2.
10.14.216.237 (incomplete) eth2.
10.14.216.189 ether D4:BE:D9:C0:CE:58 C eth2.
10.14.216.197 ether D8:9D:67:D4:36:A1 C eth2.
wh-tusgroifc.wyndham.co ether 18:03:73:CF:47:B2 C eth2.
10.14.216.215 ether 28:80:23:D4:65:5C C eth2.
10.14.216.207 ether D0:67:E5:21:08:97 C eth2.
wh-tusgr-oxi.wyndham.co ether 34:17:EB:AD:C1:E9 C eth2.
10.14.245.233 ether 2C:3F:38:E0:D2:C1 C eth1
10.14.238.136 ether 00:A0:A4:20:8C:1E C eth2.
10.14.216.225 ether D0:67:E5:21:0C:A1 C eth2.
wh-tusgrw917.wyndham.co ether 44:8A:5B:4B:77:F3 C eth2.
wh-tusgr-fd1.wyndham.co ether D4:BE:D9:C0:CE:29 C eth2.
10.14.238.137 ether 00:A0:A4:20:87:D6 C eth2.
10.14.216.209 ether 44:8A:5B:4B:78:11 C eth2.
10.14.245.254 ether 00:D0:83:07:42:EC C eth1
10.14.216.229 ether D0:67:E5:21:11:5B C eth2.
wh-tusgr-01.wyndham.com ether D4:AE:52:6A:29:54 C eth2.
10.14.216.187 ether D4:BE:D9:C0:C6:A7 C eth2.
10.14.216.223 ether D0:67:E5:21:12:5E C eth2.
10.14.245.230 ether 2C:3F:38:4F:9C:C1 C eth1
10.14.245.228 ether 68:BC:0C:99:DA:41 C eth1
10.14.238.133 ether 00:A0:A4:20:8C:02 C eth2.
10.14.245.235 ether 2C:3F:38:CC:52:41 C eth1
10.14.245.236 ether 2C:3F:38:DE:86:41 C eth1
wh-tusgr-opr1.wyndham.c ether 14:18:77:5A:32:CD C eth2.
10.14.238.141 ether 00:A0:A4:20:89:CF C eth2.
10.14.245.237 ether 2C:3F:38:D6:E7:41 C eth1
10.14.245.248 ether AC:81:12:C3:83:F5 C eth1
209.12.76.73 ether 00:A0:C8:59:DE:7A C Mgmt
10.14.245.239 ether 2C:3F:38:D6:F8:41 C eth1
10.14.245.234 ether 2C:3F:38:D6:F6:41 C eth1
10.14.216.218 ether D4:BE:D9:C0:83:57 C eth2.
10.14.216.212 ether D0:67:E5:21:15:74 C eth2.
10.14.216.211 ether D4:BE:D9:C0:7F:60 C eth2.
10.14.216.5 ether 14:18:77:5A:35:A2 C eth2.
10.14.245.231 ether 2C:3F:38:B6:BD:41 C eth1
[Expert@FWWYNTUSGR01:0]#
[Expert@FWWYNTUSGR02:0]# arp
Address HWtype HWaddress Flags Mask Iface
209.12.76.73 ether 00:A0:C8:59:DE:7A C Mgmt
10.14.245.247 ether AC:81:12:C3:7C:F9 C eth1
30 10.14.245.246 ether AC:81:12:90:CB:56 C eth1
10.14.245.226 ether 00:1C:7F:35:F2:36 C eth1
30 10.14.245.248 ether AC:81:12:C3:83:F5 C eth1
30 wh-tusgr-dc.wyndham.com ether D4:AE:52:6E:EB:6A C eth2.10
10
30
50
20
20
30
30
30
20
10
20
30
30
30
30
30
30
30
30
10
30
30
30
30
30
30
10
30
30
50
50
30
30
30
10
30
30
30
50
30
30
20
50
30
30
10
30
30
50
10
50
30
30
30
10
ask Iface
Mgmt
eth1
eth1
eth1
eth1
A C eth2.10
[Expert@FWWYNTUSGR01:0]# cplic print
Host Expiration Features
10.86.243.39 never CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB
Contract Coverage:
# ID Expiration SKU
===+===========+============+====================
1 | YDY06I9 | 31Aug2017 | CPES-SS-PREMIUM-ADD
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA
===+===========+============+====================
2 | GOS76I3 | 18Apr2014 | CPSB-APCL-S-1Y
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA
===+===========+============+====================
3 | 264US23 | 18Apr2014 | CPSB-IPS-S-1Y
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA
===+===========+============+====================
[Expert@FWWYNTUSGR01:0]#
Contract Coverage:
# ID Expiration SKU
===+===========+============+====================
1 | 41YOOY2 | 6Jun2013 | CPSB-IPS-S-1Y
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA
===+===========+============+====================
2 | YDY06I9 | 31Aug2017 | CPES-SS-PREMIUM-ADD
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA
===+===========+============+====================
3 | 447E261 | 6Jun2013 | CPSB-APCL-S-1Y
+-----------+------------+--------------------
|Covers: CPAP-SG220X CPSB-FW CPSM-C-2 CPSB-VPN CPSB-NPM CPSB-LOGS CPSB-IA
===+===========+============+====================
[Expert@FWWYNTUSGR02:0]#
-LOGS CPSB-IA CPSB-SSLVPN-5 CPSB-ADNC CPSB-IPS-S1 CPSB-APCL-S1 CK-00-1C-7
PCL-S1 CK-00-1C-7F-35-F2-3B
PCL-S1 CK-00-1C-7F-35-F2-3B
PCL-S1 CK-00-1C-7F-35-F2-3B
PCL-S1 CK-00-1C-7F-53-46-4F
PCL-S1 CK-00-1C-7F-53-46-4F
PCL-S1 CK-00-1C-7F-53-46-4F