Two Rules For Fortigate Beginners

After managing a small number of Fortigates for a handful of years I have came up with two rules that I wished I would have known when I started. There are numerous best practices but these two have caused me the most pain recently. Never install a dot zero release of the Fortigate firmware and …

Azure Application Insights On-Prem Web Farm

On each of the nodes of the web farm with a shared config run the following commands. Download: https://www.powershellgallery.com/packages/Az.ApplicationMonitor/ After the commands have been run go into IIS on one of the machines in the web farm and add a module with name ManagedHttpModuleHelper pointing to Microsoft.AppInsights.IIS.ManagedHttpModuleHelper.ManagedHttpModuleHelper in the dropdown box. https://docs.microsoft.com/en-us/azure/azure-monitor/app/status-monitor-v2-overview

Vmware workstation error code 0xc00000005

Kept getting error code 0xc00000005 when trying to install windows 2019 as a guest on VMware workstation. I uninstalled and tried VirtualBox and got a different error. Searching the log files lead me to the following post about hyper-v interference. I had uninstalled Hyper-v but there must have been some hyper-v feature left. The following …

Finally passing the CISSP certification

After multiple starts and stops I finally was forced to take the CISSP November 23rd as I was not able to postpone the cert further. I have been working as a sysadmin/security analyst in a single location for over 20 years. When working at the same job for so long, there is a risk of …

Fortigate to Fortigate VXLAN – Disaster Recovery

Been working on a solution for a disaster recovery one of the goals was a stretched layer 2 network. Since we would need a similar firewall with similar rules at the DR location I have been investigating vxlan over and IPSEC tunnel. This is the current test config I will update it when more testing …

Packet Capture without Wireshark

I needed to capture packets off a production web server but did not want to add additional unnecessary software to production like wireshark or similar. I came across some dated articles on Netsh that looked promising. But the tool used to convert to packet capture seemed to be deprecated. Luckily the following tool allows you …

Fortigate with Fortilink enabled switches that won’t upgrade

We had a number of Fortigate firewalls managing Fortiswitches via Fortilink, and no matter what version of Fortiswitch firmware we tried the switches would reboot but not upgrade. After some troubleshooting we found that using the following commands allowed the switches to be upgraded. config switch-controller global set https-image-push enable end

Fortigate traffic sourced from wrong interface

Installed new Fortigate 61E’s, everything seemed to work as planned until I wanted to added Fortianalyzer for traffic analysis. Testing seemed to indicate that Fortianalyzer traffic was being sent out the WAN interface instead of the IPSEC tunnel. After searching around I found that a source ip needed to be set for traffic originating from …