Authentication Based Routing
https://kb.fortinet.com/kb/documentLink.do?externalID=13610
вторник, 27 ноября 2018 г.
fortigate vip portforwarding to the same ip (Configuration Example: Using VIP (Virtual IP) for Port Translation only)
https://kb.fortinet.com/kb/documentLink.do?externalID=FD31702
понедельник, 27 августа 2018 г.
Extreme Networks x690 CPU, RAM & ASIC version
Slot-1 Stack1Extreme.75 # debug hal show version slot 1
Slot 1 Version Information:
Branch : 22.4.1.4-patch1-2
Version: 22.4.1.4
Card type: X690-48x-2q-4c rev 1
MAC--1: BCM56768_B0
Saved Chip Data: (00000000 48) 0
CPU Core: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
CPU Memory Size: 8192 MB
Alternate Bootrom Version: unsupported
Default Bootrom Version: unsupported
Slot 1 Version Information:
Branch : 22.4.1.4-patch1-2
Version: 22.4.1.4
Card type: X690-48x-2q-4c rev 1
MAC--1: BCM56768_B0
Saved Chip Data: (00000000 48) 0
CPU Core: Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
CPU Memory Size: 8192 MB
Alternate Bootrom Version: unsupported
Default Bootrom Version: unsupported
суббота, 23 июня 2018 г.
Fortigate IP-in-IP over IPSec Tunnel
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40290&languageId=
четверг, 7 июня 2018 г.
Technical Note: IPSec and default route
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD36184
суббота, 17 марта 2018 г.
понедельник, 12 марта 2018 г.
среда, 21 февраля 2018 г.
Extreme Networks XOS VRRP Host Mobility Technology
https://documentation.extremenetworks.com/exos/EXOS_21_1/VRRP/c_vrrp-host-mobility.shtml?_ga=2.267477966.1989213406.1519211819-2053840118.1499241466
понедельник, 19 февраля 2018 г.
FortiOS VPN - GRE over IPSec
http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD40312&languageId=
среда, 14 февраля 2018 г.
Default Encryption Settings for the Microsoft L2TP/IPSec Virtual Private Network Client
Default Encryption Settings for the Microsoft L2TP/IPSec Virtual Private Network Client
Summary
The following list contains the default encryption settings for the Microsoft L2TP/IPSec virtual private network (VPN) client for earlier version clients:
- Data Encryption Standard
- Secure Hash Algorithm
- Diffie-hellman Medium
- Transport Mode
- Encapsulating Security Payload
- Tunnel mode
- AH (Authentication Header)
More Information
Data Encryption Standard
Data Encryption Standard (3DES) provides confidentiality. 3DES is the most secure of the DES combinations, and has a bit slower performance. 3DES processes each block three times, using a unique key each time.Secure Hash Algorithm
Secure Hash Algorithm 1(SHA1), with a 160-bit key, provides data integrity.Diffie-Hellman Medium
Diffie-Hellman groups determine the length of the base prime numbers that are used during the key exchange. The strength of any key derived depends in part on the strength of the Diffie-Hellman group on which the prime numbers are based.Group 2 (medium) is stronger than Group 1 (low). Group 1 provides 768 bits of keying material, and Group 2 provides 1,024 bits. If mismatched groups are specified on each peer, negotiation does not succeed. You cannot switch the group during the negotiation.
A larger group results in more entropy and therefore a key that is harder to break.
Transport Mode
There are two modes of operation for IPSec:- Transport mode - In transport mode, only the payload of the message is encrypted.
- Tunnel mode (not supported) - In tunnel mode, the payload, the header, and the routing information are all encrypted.
IPSec Security Protocols
Encapsulating Security Payload
Encapsulating Security Payload (ESP) provides confidentiality, authentication, integrity, and anti-replay. ESP does not ordinarily sign the whole packet unless the packet is being tunneled. Ordinarily, only the data is protected, not the IP header. ESP does not provide integrity for the IP header (addressing).Authentication Header (Not Supported)
Authentication Header (AH) provides authentication, integrity, and anti-replay for the whole packet (both the IP header and the data carried in the packet). AH signs the whole packet. It does not encrypt the data, so it does not provide confidentiality. You can read the data, but you cannot modify it. AH uses HMAC algorithms to sign the packet.References
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
325035 Limitations and Compatibility Issues of Microsoft L2TP/IPSec VPN
325032 Using the Microsoft L2TP/IPSec VPN Client with Windows 98, Windows Millennium Edition, and Windows NT 4.0
325033 Configuring Microsoft L2TP/IPSec VPN for Earlier Clients
325034 Troubleshooting Microsoft L2TP/IPSec VPN Client Connection
пятница, 2 февраля 2018 г.
перезапуск процессов на Fortigate
FGT80C # diagnose test application
smtp SMTP proxy.
ftpd FTP proxy.
pop3 POP3 proxy.
imap IMAP proxy.
nntp NNTP proxy.
scanunit Scanning unit.
harelay HA relay daemon.
hasync HA sync daemon.
hatalk HA talk daemon.
sessionsync session sync daemon.
forticldd FortiCloud daemon.
miglogd Miglog logging daemon.
urlfilter URL filter daemon.
ovrd Override daemon.
ipsmonitor ips monitor
ipsengine ips sensor
ipldbd IP load balancing daemon.
ddnscd DDNS client daemon.
snmpd SNMP daemon.
dnsproxy DNS proxy.
sflowd sFlow daemon.
init init process.
l2tpcd L2TP client daemon.
dhcprelay DHCP relay daemon.
pptpcd PPTP client.
wccpd WCCP daemon.
wad WAD related processes.
radiusd RADIUS daemon.
wpad WPA daemon.
fsd FortiExplorer daemon.
ipsufd IPS urlfilter daemon.
lted USB LTE daemon.
forticron Forticron daemon.
uploadd Upload daemon.
quarantined Quarantine daemon.
dhcp6c DHCP6 client daemon.
info-sslvpnd SSL-VPN info daemon.
dsd DLP Statistics daemon.
lnkmtd Link monitor daemon.
dhcp6r DHCP6 relay daemon.
netxd VMWare NetX service manager daemon.
fnbamd Fortigate non-blocking auth daemon.
mrd Mobile router daemon.
zebos_launcher ZEBOS Launcher daemon
radius-das Radius-das daemon.
csfd Security Fabric daemon.
fsvrd FortiService daemon.
radvd radvd daemon.
fcnacd FortiClient NAC daemon.
sdncd SDN Connector daemon.
smtp SMTP proxy.
ftpd FTP proxy.
pop3 POP3 proxy.
imap IMAP proxy.
nntp NNTP proxy.
scanunit Scanning unit.
harelay HA relay daemon.
hasync HA sync daemon.
hatalk HA talk daemon.
sessionsync session sync daemon.
forticldd FortiCloud daemon.
miglogd Miglog logging daemon.
urlfilter URL filter daemon.
ovrd Override daemon.
ipsmonitor ips monitor
ipsengine ips sensor
ipldbd IP load balancing daemon.
ddnscd DDNS client daemon.
snmpd SNMP daemon.
dnsproxy DNS proxy.
sflowd sFlow daemon.
init init process.
l2tpcd L2TP client daemon.
dhcprelay DHCP relay daemon.
pptpcd PPTP client.
wccpd WCCP daemon.
wad WAD related processes.
radiusd RADIUS daemon.
wpad WPA daemon.
fsd FortiExplorer daemon.
ipsufd IPS urlfilter daemon.
lted USB LTE daemon.
forticron Forticron daemon.
uploadd Upload daemon.
quarantined Quarantine daemon.
dhcp6c DHCP6 client daemon.
info-sslvpnd SSL-VPN info daemon.
dsd DLP Statistics daemon.
lnkmtd Link monitor daemon.
dhcp6r DHCP6 relay daemon.
netxd VMWare NetX service manager daemon.
fnbamd Fortigate non-blocking auth daemon.
mrd Mobile router daemon.
zebos_launcher ZEBOS Launcher daemon
radius-das Radius-das daemon.
csfd Security Fabric daemon.
fsvrd FortiService daemon.
radvd radvd daemon.
fcnacd FortiClient NAC daemon.
sdncd SDN Connector daemon.
FGT80C # diagnose test application ipsmonitor
IPS Engine Test Usage:
1: Display IPS engine information
2: Toggle IPS engine enable/disable status
3: Display restart log
4: Clear restart log
5: Toggle bypass status
6: Submit attack characteristics now
10: IPS queue length
11: Clear IPS queue length
12: IPS L7 socket statistics
13: IPS session list
14: IPS NTurbo statistics
15: IPSA statistics
16: Display device identification cache
17: Clear device identification cache
18: Display session info cache
19: Clear session info cache
21: Reload FSA malicious URL database
22: Reload whitelist URL database
24: Display Flow AV statistics
25: Reset Flow AV statistics
96: Toggle IPS engines watchdog timer
97: Start all IPS engines
98: Stop all IPS engines
99: Restart all IPS engines and monitor
вторник, 30 января 2018 г.
UniFi - Device Adoption Methods for Remote UniFi Controllers
https://help.ubnt.com/hc/en-us/articles/204909754-UniFi-Layer-3-methods-for-UAP-adoption-and-management
понедельник, 29 января 2018 г.
First steps to troubleshoot connectivity problems to or through a FortiGate with sniffer, debug flow, session list, routing table
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30038&sliceId=2&docTypeID=DT_KCARTICLE_1_1&dialogID=25408103&stateId=1%200%2025406686
суббота, 27 января 2018 г.
Скрытые команды в сетевом оборудовании HP/H3C
Procurve (E-Line):
http://networkgeekstuff.com/networking/procurve-and-hidden-command-line/
H3C (A-Line):
http://networkgeekstuff.com/networking/h3c-and-hp-a-series-hidden-commands/
http://networkgeekstuff.com/networking/procurve-and-hidden-command-line/
H3C (A-Line):
http://networkgeekstuff.com/networking/h3c-and-hp-a-series-hidden-commands/
HP/H3C VRRP Load Balancing
http://networkgeekstuff.com/networking/h3c-proprietary-vrrp-load-balancing/
аналогичная проприетарная технология у Extreme называется VRRP Fabric Routing:
на XOS:
https://gtacknowledge.extremenetworks.com/articles/How_To/An-example-of-VRRP-fabric-routing-configuration-to-achieve-active-active-forwarding-routing-on-all-VRRP-routers
на EOS:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Load-Share-with-Two-EOS-routers-Using-VRRP-Fabric-mode/?l=en_US&fs=RelatedArticle
https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-the-VRRP-Fabric-Routing-Helper-Router-option/?l=en_US&fs=RelatedArticle
аналогичная проприетарная технология у Extreme называется VRRP Fabric Routing:
на XOS:
https://gtacknowledge.extremenetworks.com/articles/How_To/An-example-of-VRRP-fabric-routing-configuration-to-achieve-active-active-forwarding-routing-on-all-VRRP-routers
на EOS:
https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Load-Share-with-Two-EOS-routers-Using-VRRP-Fabric-mode/?l=en_US&fs=RelatedArticle
https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-the-VRRP-Fabric-Routing-Helper-Router-option/?l=en_US&fs=RelatedArticle
воскресенье, 21 января 2018 г.
EOS: Basic Switch Layer 2 Configuration Best Practices and minimum feature recommendations
https://gtacknowledge.extremenetworks.com/articles/How_To/EOS-Basic-Switch-Layer-2-Configuration-Best-Practices/?l=en_US&fs=RelatedArticle
среда, 17 января 2018 г.
Extreme XOS Software Matrices Recommendation
https://www.extremenetworks.com/extreme-hardwaresoftware-compatibility-recommendation-matrices/software-release-recommendations/
понедельник, 15 января 2018 г.
Fortinet Auto Discovery VPN (ADVPN)
http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD39360
http://cookbook.fortinet.com/configuring-advpn-in-fortios-5-4-dynamic-hub-and-spoke-vpns/#comment-3708628335
http://cookbook.fortinet.com/configuring-advpn-fortios-5-4-redundant-hubs-expert/
http://cookbook.fortinet.com/configuring-advpn-in-fortios-5-4-dynamic-hub-and-spoke-vpns/#comment-3708628335
http://cookbook.fortinet.com/configuring-advpn-fortios-5-4-redundant-hubs-expert/
How to mix ADVPN-aware and non-ADVPN-aware spokes within the same ADVPN Hub-and-Spoke architecture
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD40359
вторник, 9 января 2018 г.
Check Point Gaia - Policy Based Routing (PBR)
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100500
Fortigate & Conserve mode
FGT80C # diagnose hardware sysinfo conserve |
memory conserve mode: off |
total RAM: 499 MB |
memory used: 430 MB 86% of total RAM |
memory used threshold extreme: 473 MB 95% of total RAM |
memory used threshold red: 438 MB 88% of total RAM |
memory used threshold green: 409 MB 82% of total RAM |
Подписаться на:
Сообщения (Atom)