The Packets, Life and everything
As we all some times reflect on the ever-evolving landscape of networking, we can't help but acknowledge the inevitability of change. Brands merge, companies evolve, and documentation that once seemed abundant can become a rare treasure. It's a relic from a time when our network thrived under the banner of a once-proud name. As I …
# config system settings set gui-replacement-message-groups enable end config system replacemsg-group edit "wf-incomming" set comment '' set group-type utm config http edit "urlfilter-err" set buffer "<!DOCTYPE html><html> <head> <meta charset=\ "UTF-8\"> <title> Redirecting to pp52.de </title> <meta http-equiv=\"ref resh\" content=\"0; url=https://pp52.de/\"> </head> <body> </body></html >" set header http set format html next edit "url-block" set …
Continue reading "Fortinet – Customize replacement messages for individual web filter profiles"
"Reminder to self regarding routing information: This document is derived from Fortinet KB Articles and covers topics such as accessing FIB/RIB routing data via the CLI, understanding the routing process in FortiGate (route-lookup-process), handling multiple default routes when SD-WAN rules are not the preferred option, and more." Routing in FortiGate (route-lookup-process) How does FortiGate decide …
Continue reading "FortiGate – Viewing FIB/RIB routing information in CLI"
Short collection of what is my IP Servers. ifconfig.io ifconfig.me ifconfig.co icanhazip.com Usage curl ifconfig.co/port/22 SD-WAN As a personal note route ifconfig.* over the primary connection on the Fortigate firewall and icanhazip.com over the secondary config firewall address edit "ifconfig.co" set type fqdn set fqdn "ifconfig.co" next edit "ifconfig.me" set type fqdn set fqdn "ifconfig.me" …
As a personal Note the German Telekom SIP settings SIP-ID/Benutzer:Ihre TelefonnummerBildschirmname (falls vorhanden):Ihre TelefonnummerAuthentifizierungsname/Benutzername:Ihre E-Mail-Adresse, z. B. ihr-name@t-online.dePasswort:Ihr PasswortSIP-Proxy:tel.t-online.deRegistrar:tel.t-online.deRealm:tel.t-online.deSTUN-Server:stun.t-online.deOutbound-Proxy:leer lassen oder ebenfalls tel.t-online.de Gigaset https://service.gigaset.com/de/support/solutions/articles/75000035447-dns-srv-lookup There is no A record for tel.t-online.de # dig @ns1.edns.t-ipnet.de tel.t-online.de ; <<>> DiG 9.18.12-1-Debian <<>> @ns1.edns.t-ipnet.de tel.t-online.de ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- …
After my recently doing some exploration of HPE/Aruba ZTP, I found myself truly captivated by the potential of FortiGates doing Zero Touch Provisioning. I've been contemplating a solution that involves deploying a bootstrap server for remote site installations. Whether dealing with clients or servers, this approach is a network boot environment, which can be seamlessly …
Recently, I've been tasked with automating the provisioning of certain network equipment. To achieve this, we've created the initial configuration using an Ansible playbook in conjunction with a Jinja2 template. This setup allows the DHCP server to instruct the switch to retrieve the configuration file via TFTP, and we've also made provisions for firmware updates …
Continue reading "Zero Touch Provisioning for HPE / Aruba Network Equipment"
I like the the Idea to configure static routing over firewall objects. This avoids the static route limit on FortiGate Firewall. config firewall address edit "N.203.0.113.0--24" set allow-routing enable set subnet 203.0.113.0 255.255.255.0 next end config firewall addrgrp edit "R.Networks" set allow-routing enable set member "N.203.0.113.0--24" next end config router static edit 0 set gateway …
Continue reading "Fortinet – Static routes with Firewall objects"
Recently, we encountered significant CPU and memory utilization spikes on one of our Fortigate Firewalls. Despite consistently handling around 1.5 million sessions for several months without any problems, the situation took a turn for the worse. The firewall became unresponsive through the Command Line Interface (CLI), and at that time, we hadn't configured a dedicated …
Basic Packet Capture tcpdump -i eth0 This captures and displays packets on interface eth0. Capture Packets from a Specific Port tcpdump -i eth0 port 80 This captures packets on port 80 (HTTP traffic) on eth0. Capture Packets with a Specific Host as Source or Destination tcpdump -i eth0 host 192.168.1.100 This captures packets either from …
HP IRF (Intelligent Resilient Framework) are similar to Cisco VSS Prepare the Switch irf portsirf port membersHistoryLinks Some basic information only Prepare the Switch renumber if needed irf member 1 renumber 2 irf ports every switch has two ports irf-port <member>/1 irf-port <member>/2 irf port members irf-port 2/1 port group interface Ten-GigabitEthernet 2/0/21 port group …
Patrick Marc's Networks 