Browsing All Posts filed under »Security«

RA VPN Configuration on Fortigate

June 19, 2012

0

Remote Access VPN with fortigate client configuration. Used Version: v4.0,build0521,120313 (MR3 Patch 6) 1. Add user. In this example a simple local user, but as we can see the list of the remote authentication servers, the fortigate has a lot of possibilities. myfirewall (root) # sh user adgrp FSSO groups ban configure banned IP addresses […]

RPF – AKA Antispoofing on Fortigate

June 19, 2012

0

With the RPF function the Firewall checks if the packet comes in the firewall on the correct interface and does not try to spoof the address. For example in a DMZ network a packet coming in the dmz interface of the firewall and has a source IP from the internal network is spoofed. The firewall […]

Virtual Firewalls with Fortigate

June 18, 2012

0

It is pretty easy to configure more firewalls on a Fortigate box and against Cisco ASA they can do VPN as well! And the virtual firewalls can work in transparent and routed mode independently from each other, this is not possible with Cisco. The missing feature would be what Cisco already has is the resource […]

Dead Gateway Detection – AKA Backup or Redundant ISP Service

June 18, 2012

2

Dead Gateway Detection is feature like the backup or reduntant ISP service. In case we have 2 ISP connections to internet – a backup line with smaller bandwith and another used normally – we can use one as a backup internet connection. The topology: 1.1.1.0/24 | | Firewall | | | 2.2.2.0/24 | | | […]

The dhcpc process on Fortigate

June 6, 2012

0

Just a little bit zoom in a dhcp traffic, too see how it really works in the background. It is a memory Post of an old story at Cisco TAC: I had a big problem with the DHCP Client on a PIX Firewall and at the end I managed to prove it that this was […]

drops on IPSO interface

May 15, 2012

0

On IPSO the counter for packet drops is almost similar with the cisco drop counters. It is really detailed and can show us many kind of drops. To see if the number iof drops raises we have to check it 2-3 times when the issue arises. I guess with snmp we can monitor that value […]

My Apps on Ubuntu

May 12, 2012

0

The Ubuntu is my best OS after Fedora. The basic installation contains many applications I need, but not all. I am pretty sure that I will reinstall my linux and those apps should I install again: – skype from http://www.skype.com/intl/en-us/get-skype/on-your-computer/linux/ – openssh-server – secure shell (SSH) server, for secure access from remote machines – virtualbox […]

external CA for Remote Access VPN

May 9, 2012

19

Checkpoint has a complete Certificate Authority infrastructure and I would use it for small and medium sized businesses where there is only some user for remote access. For large enterprises or for companies with existing CA infrasturcture it is worth to use their certificates, because it gives much more flexibility. In this example I illustrate […]

Virtualbox – the tool I use for virtualization of course with CLI

April 24, 2012

0

The Task: Create your virtual machine on a linux server and install it without X. Ohh, without GUI? iI must be difficult or not? Lets see it, to belive it. First I had to update the server and then install virtualbox. It can be done easily with apt. As my test server is behind a […]

Certficate renewal – how was it after years?

April 18, 2012

0

Actually you cannot renew an existing certificate, but you can generate a new one with the same subject and same mandatory fields. For that you have to generate a certificate request again within a new trustpoint and not with the old one. The issuer of the previous certificate should sign the new certificate request and […]

Create a free website or blog at WordPress.com.