featured articles
Upgrading My 2FA Foo
Today I updated any account I could find that uses 2FA. I chose Authy since it...
Negate Source, Destinat...
I started working on Firewalls back in the early 90’s. I started on Checkpoint...
SIP Application Layer G...
SIP ALG is a feature where the firewall will inspect the SIP packets as they...
Fortigate CLI Tips and ...
I am a CLI guy. Make no mistake, I like the GUI but at the end of the day, I...
popular articles
random articles

Upgrading My 2FA Foo

Today I updated any account I could find that uses 2FA. I chose Authy since it allows me to backup my keys. The backup is locally encrypted on my device and once in the Authy cloud is salted and encrypted again. Not 100% where I can back up locally, but much better than most of the authetication methods used by some of these providers I enabled 2FA on. TwitterAmazon.comAWSARINGoDaddyIFTTTTeam Viewer...

Negate Source, Destination...

I started working on Firewalls back in the early 90’s. I started on Checkpoint Firewall-1 running on AIX. I soon moved over to Windows where we had to disable so many services, it would take longer to prepare for the install than the actual install of the firewall itself. There used to be a local.arp file you needed to edit and add the external interface where the proxy ARP needed to come from’s MAC...

SIP Application Layer Gate...

SIP ALG is a feature where the firewall will inspect the SIP packets as they egreesses the firewall Purpose of SIP ALG Fortinet/Cisco1) Modification of IP addresses in the application payload when NAT is used.2) Dynamic opening of data ports (“pinholes”) as required to allow audio traffic. Otherwise, firewall policies need to statically open a wide range of ports.3) Inspection and logging of...

Fortigate CLI Tips and Tri...

I am a CLI guy. Make no mistake, I like the GUI but at the end of the day, I am a CLI Jockey and love the “ugly black screen”. To that end, I wanted to throw some short cuts together and post them on this blog. GREPGrep is a Unix command introduced years ago by Ken Thompson, in Unix 4. It is extremley useful from a BASH perspective to search for keyword(s) in multiple files or standard output. FortiOS is...

Syslog Server running ‘rsy...

Although I run FortiSIEM on my home lab, I wanted to have a quick & dirty, low cost, simple solution to just collect logs. I am not a big Windows guy so wanted to keep the bloat off of my lab ESX environment. I deployed my standard CentOS 7 minimal installation (5 min install). Once installed, I suggest backing up the original rsyslog configuration file located in /etc. The file name is rsyslog.conf...

Forticloud 3.2 for APs

Fortinet’s FortiCloud was introduced to provide customers the ability to manage their device entirely from the cloud. This post will cover the APs specifically and I will follow it up with a Fortigate one and others (e.g. switches) as they become available. What you need:1. FortiCloud Key2. PoE Switch / Power Injector3. DHCP Server handing out IPs for the AP (since it needs to get out to the Internet)...

IKEv1 & IKEv2

I have been dealing with VPNs for the past 20 Years. Primarily I have used IKEv1 as it was the most used. In this post, I will go over what IKEv1 is and the differences between it and IKEv2. There are RFCs you can read, however if you decide to, you probably don’t like yourself that much. I will try to make this as simple as I can so I myself can understand it. Like a wise man once said “If you...

« Older Entries