요즘 회사에서 추진중인 솔루션이다.

네트워크 가시성 솔루션 + SSL Inspection 전용 솔루션

APCON&BlueCoat_DM_20170823.pdf


저작자 표시 비영리 변경 금지
신고

'업무이야기 > APCON' 카테고리의 다른 글

SSL 복호화 및 네트워크 가시성을 위한 솔루션  (0) 2017.08.28

Mac LaunchPad 사이즈 조절


defaults write com.apple.dock springboard-columns -int 10
defaults write com.apple.dock springboard-rows -int 6
killall Dock


저작자 표시 비영리 변경 금지
신고

'업무이야기 > Mac' 카테고리의 다른 글

Mac LaunchPad 사이즈 조절  (0) 2017.08.08
Mac 자체 tftp, FTP 서버 이용 방법  (0) 2017.08.08
Centos root passes for parallels desktop  (0) 2017.08.08

Mac 자체 tftp 서버 이용 방법

외부tftp프로그램 사용하는 방법 이외에, 자체TFTP서버 이용방법입니다

1.아래와 같이 서비스를 기동하고,
sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist
sudo launchctl start com.apple.tftpd

2.다운로드받은 펌웨어를 이동합니다
cp /Users/jhkim/Downloads/FGT_600C-v5-build0292-FORTINET.out   /private/tftpboot


FTP 서버 사용
활성화
sudo -s launchctl load -w /System/Library/LaunchDaemons/ftp.plist

비활성화

sudo -s launchctl unload -w /System/Library/LaunchDaemons/ftp.plist


저작자 표시 비영리 변경 금지
신고

'업무이야기 > Mac' 카테고리의 다른 글

Mac LaunchPad 사이즈 조절  (0) 2017.08.08
Mac 자체 tftp, FTP 서버 이용 방법  (0) 2017.08.08
Centos root passes for parallels desktop  (0) 2017.08.08

Centos root passes for parallels desktop


$sudo passd
[sudo] Changing password for root
New password : 
Retype password :
passed : all authentication tokens updated successfully
$su -
passed :
#


저작자 표시 비영리 변경 금지
신고

'업무이야기 > Mac' 카테고리의 다른 글

Mac LaunchPad 사이즈 조절  (0) 2017.08.08
Mac 자체 tftp, FTP 서버 이용 방법  (0) 2017.08.08
Centos root passes for parallels desktop  (0) 2017.08.08

Firemon SIQL


l domain{}
l devicegroup{}
l device{}
l policy{}
l rule{}
l natrule{}
l control{}
l assessment{}
l networkObj{}
l serviceObj{}
l userObj{}
l applicationObj{} 
l ticket{}
l review{}

# SRC+ DST Any
domain { id = 1 }  AND rule { (source.any = true) and (destination.any=true) }
# SRC + SVC Any
domain { id = 1 }  AND rule { (source.any= true) and (service.any=true) }
# DST + SVC Any
domain { id = 1 }  AND rule { (destination.any= true) and (service.any=true) }
# SRC + DST + SVC Any
domain { id = 1 }  AND rule { (source.any=true) and  (destination.any= true) and (service.any=true) }
# Last 30days Hit.Count=0
domain { id = 1 }  AND rule { usage(date('last 30 days')).count = 0 }
# 전체 정책
domain { id = 1 } and device {name=DIT_FG}
domain { id = 1 } and device {id=2}
# 사용 정책
domain { id = 1 } and device {id=1} and rule {usage(date('last 60 days')).count >0}
# 미사용 정책
domain { id = 1 } and device {id=1} and rule {usage(date('last 60 days')).count =0}
# Log Disable
domain { id = 1 }  AND rule { (disabled = true) }
# No Logging
domain { id = 1 }  AND rule { (log = false) }
# Disable or No Logging
domain { id = 1 }  AND rule { (disabled = true OR log = false) }
# No Comment
domain { id = 1 }  AND rule { comment is null } 
# Create rule last 30 days
domain { id = 1 } and rule{created ~ date('last 30 days')}
# Management IP로 검색
device{managementIp='192.168.222.222’}
# Action Filter
domain { id = 1 } and device{id=1} AND rule { action='ACCEPT' or action='AUTHENTICATE' or action='DROP' or action='ENCRYPT' or action='REJECT'  } 
# Action & Service.any
rule {action = 'ACCEPT' and service.any=true}
# Source Filter
rule { source is subset of ('7.7.7.4','7.7.7.5’)}
rule { source is subset of ('7.7.7.4','7.7.7.5') and usage (date('last 30 
days')).count >100}
domain { id = 1 } and  device{id=2} and rule {source EQUALS  '7.7.7.5' and source.zone='internal'}
# SRC + 정책 활성화/비활성화 + Action
rule{source is subset of ('7.7.7.4','7.7.7.5','7.7.7.6') and disabled=true and action='ACCEPT’}
# 기간 + Count
rule {usage(date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00)).count =0 }
rule {usage(date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00)).count >1 }
# 기간 + Created Policy
domain {id=1} and device{id=2} and  rule {created ~ date(2017-08-01T00:00:00+09:00,2017-08-02T23:59:59+09:00) }
# 기간 + last Changed Policy
rule {date('2017-08-01T00:00:00+09:00','2017-08-02T23:59:59+09:00') ~ lastchanged}

자주 사용하는 쿼리

전체 방화벽 중 비활성화 정책을 제외, 2 28일 부터 3 29일안에 신규 생성된 정책을 제외특정기간동안(30) Hitcount 0인 정책을 출력

and rule{ disabled= false or log= false and created !~ date(2017-02-28T00:00:00, 2017-03-29T23:59:59) and usage(date(2017-02-28T00:00:00, 2017-03-29T23:59:59)).count = 0 }

특정기간 동안(30, 90, 180일 등사용률이 없는 정책 조회

특정기간 동안(30, 90, 180일 등사용률이 있는 정책 조회

and rule {usage(date('last 30 days')).count=0}

 

and rule {usage(date('last 30 days')).count!=0}

특정기간 동안(30, 90, 180일 등생성된 정책 중 7일 이내 생성된 정책을 제외한 정책 사용률 조회

and rule{usage(date('last 30 days')).count>=1 and date('last 7 days') !~ 'Created'}

특정기간 동안(30, 90, 180일 등) Any허용 정책 중 미사용 된 정책을 제외하고 조회

and rule {source.any=true and destination.any=true and service.any=true and action='ACCEPT' and disabled='FALSE' and usage(date('last 30 days')).count!=0}

특정기간 동안(30, 90, 180일 등) Hit Count(사용률) 1개 이상인 정책 조회

and rule{usage(date('last 30 days')).count>=1}

2017 02 01 ~ 현재(혹은 2017 04 30)까지 미사용 된 정책

and rule{ disabled= false and created !~ date(2017-02-01T00:00:00, 2017-04-30T23:59:59) and usage(date(2017-02-01T00:00:00, 2017-04-30T23:59:59)).count = 0}

Last used 2017 02 01일 이전인 정책

and rule {  disabled= false and lastuseddate <= 2017-02-01T23:59:59+09:00 }

Policy Pri to DB 정책 중 한번도 사용되지 않은

and policy { name = 'From: PRI To: DB' }  AND rule { usage().count = 0 }

ANY 검색 쿼리

1. 출발지 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 

2. 목적지 허용정책 Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  } 

3. 서비스 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) )  } 

4. 출발지 + 목적지 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 

5. 출발지 + 서비스 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) ) AND (source.any = true OR (( source intersects '0.0.0.0' )) )  }

6. 목적지 + 서비스 허용정책, Disable 제외

and rule { action='ACCEPT' AND disabled='FALSE' AND (destination.any = true OR (( destination intersects '0.0.0.0' )) )  AND (service.any = true OR (( service intersects 'ANY' )) )  } 

7. 출발지 + 목적지 + 서비스 허용정책, Disable 제외

and rule { (destination.any = true OR (( destination intersects '0.0.0.0' )) ) AND action='ACCEPT' AND disabled='FALSE' AND (service.any = true OR (( service intersects 'ANY' )) ) AND (source.any = true OR (( source intersects '0.0.0.0' )) )  } 

특정 포트 검색

1. ANY 포함

and rule { action='ACCEPT' AND (service.any = true OR (( service intersects 'udp/137' )) )  } 

2. ANY제외

and rule { action='ACCEPT' AND (service.any = false AND (( service intersects 'udp/137' )) }

호스트로 검색 - 그룹 포함 오브젝트 검색 / 대역 renge 제외

RULE { SOURCE IS SUPERSET OF '192.0.0.5' AND SOURCE.ANY = FALSE AND ( SOURCE.TYPE != 'NETWORK' OR SOURCE.TYPE != 'ADDRESS_RANGE') }

또는

RULE {SOURCE  IS SUPERSET OF '30.30.0.10' or SOURCE  IS SUPERSET OF '40.40.0.10' AND SOURCE.ANY = FALSE AND (SOURCE.TYPE !=  'NETWORK' OR SOURRCE.TYPE != 'ADDRESS_RANGE') }

특정 DEVICE를 여러 개 선택하여   검색

DEVICE { ID = 152 OR ID = 7 } AND RULE{ DESTINATION IS SUPERSET OF '192.168.10.55' AND DESTINATION.ANY = FALSE }

IP대역에 ANY를 제외하고 허용정책이면서 Disable이 안된 정책 검색

RULE {  action='ACCEPT' AND disabled='FALSE' AND (SOURCE IS SUPERSET OF '121.125.26.0/24' ) AND source.any = false }

특정 오브젝트/그룹을 사용하는 정책 검색

Rule { SOURCE.name ~ 'SOFT' }

양방향 정책 검색 기능 제공

Rule { SOURCE.ANY =FALSE and  DESTINATION.ANY=FALSE AND  SOURCE equals  DESTINATION }

하나의 정책에 IP가 10개 들어 있는 정책 검색 기능 또는 하나의 정책에 IP가 10개 이하가 들어 있는 정책 검색 기능

Rule { SOURCE.EXPANDEDOBJECTCOUNT = 10 } 또는 Rule { SOURCE.EXPANDEDOBJECTCOUNT != 10 }

출발지에 특정 IP가 있거나 목적지에 특정 IP가 있고 ANY를 제외한 허용 정책 검색

RULE { SOURCE IS SUPERSET OF '218.232.186.219' OR DESTINATION IS SUPERSET OF '114.202.129.73' AND source.any = false AND destination.any = false AND ACTION ='ACCEPT' }

 


저작자 표시 비영리 변경 금지
신고

'업무이야기 > Firemon' 카테고리의 다른 글

Firemon SIQL  (0) 2017.08.08
FortiSandbox Flow

Static Scan:
- Rule matched : Suspicious(High/Medium/Low) -> End
- Rule did not match : Clean -> Goto AV Scan

AV Scan:
- Signature matched : Malicious -> End
- Signature did not match : Clean -> Goto Cloud Query

Cloud Query:
- Hash matched with Suspicious : Suspicious(High/Medium/Low) -> End
- Hash matched with Clean : Clean -> End
- Hash did not match : Clean -> End(if not supporting VM Scan for the file) or Goto VM Scan(if supporting VM Scan for the file)

VM Scan:
- Suspicous behavior was detected  : Suspicious(High/Medium/Low) -> End
- Suspicous behavior was not detected : Clean -> End
- Other : Unknown -> End


저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
FortiSandbox Clustering Setting

Step 1 - Configure the master
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.99/24
set port2-ip 192.168.2.99/24
set port3-ip 192.168.3.99/24
set default-gw 192.168.1.1

2. Configure the device as the master node and its cluster fail-over IP for Port1 with the following commands:
hc-settings -sc -tM -nMasterA -cTestHCsystem -ppassw0rd -iport2
hc-settings -si -iport1 -a192.168.1.98/24
See Appendix A - CLI Reference on page 1 for more information about the CLI commands.

3. Review the cluster status with the following command:
hc-status -l
Other ports on the device can be used for file inputs.

Step 2 - Configure the primary slave
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.100/24
set port2-ip 192.168.2.100/24
set port3-ip 192.168.3.100/24
set default-gw 192.168.1.1

2. Configure the device as the primary slave node with the following commands:
hc-settings -s -tP -nPslaveB -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd

3. Review the cluster status with the following command:
hc-status -l

Step 3 - Configure the normal slave
1. Configure the port IP addresses and gateway address with the following commands:
set port1-ip 192.168.1.101/24
set port2-ip 192.168.2.101/24
set port3-ip 192.168.3.101/24
set default-gw 192.168.1.1

2. Configure the device as a slave node with the following commands:
hc-settings -s -tR -nSlaveC -iport2
hc-settings -l
hc-slave -a -s192.168.2.99 -ppassw0rd

3. Review the cluster status with the following command:
hc-status -l

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
FortiSandbox Custom VM

아래한글 지원 custom VM 입니다.

http://fsavm.fortinet.net/WIN7X86VM_HWP.pkg.7z 
파일을받아서 FTP 서버에올려놓고아래처럼 fw-upgrade 로올려야합니다.
>fw-upgrade -l -v -tftp -s192.168.200.100 -uadmin -padmin -f/VM/WIN7X86VM_HWP.pkg.7z

기본 패키지 업로드
>fw-upgrade -l -v -tftp -sfsavm.fortinet.net -uanonymous -f/general/image/2.0.0/2015022118_vm.pkg.7z

ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z


커스텀 패키지 업로드
> vm-customized -cn -tftp -s10.10.11.111 -uadmin -padmin1 -f/V5Win7EntSP1x64.vdi -oWindows7_64 -vCustHWP7

> vm-customized -cn -tftp -s192.168.234.223 -unicstech -pnics00 -f/V5Win7ProSP1x86/V5Win7ProSP1x86.vdi -k344ADE788168B08581349D71C8299AFA -voWindows7 -vnCustHWP

메타 파일 업로드
> vm-customized -cf -tftp -s10.10.11.111 -uadmin -padmin1 -f/metafile.txt -vCustWin7-32
--2016-09-29 17:33:09--  ftp://10.10.11.111/metafile.txt
=> '/drive0/tmp/customizedvm.meta.tmp'
Connecting to 10.10.11.111:21... connected.
Logging in as admin ... Logged in!
==> SYST ... done. ==> PWD ... done.
==> TYPE I ... done. ==> CWD not needed.
==> SIZE metafile.txt ... 108
==> PASV ... done. ==> RETR metafile.txt ... done.
Length: 108 (unauthoritative)

metafile.txt 100%[=============================================================================>] 108 --.-KB/s in 0.002s  

2016-09-29 17:33:09 (43.7 KB/s) - '/drive0/tmp/customizedvm.meta.tmp' saved [108]



메타파일
파일명 : metafile.txt
HWP NEO Viewer
Visual C++ Redistributor 2013
.NET Framework 4.0
Adobe Flash Player 22.0
Alzip 10.5

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Flow  (0) 2017.08.08
FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28


Fortinet euc-kr 한글 지원 설정

CLI>
config system appearance
set fallback-charset EUC-KR
end

Spam Score 96 설정

CLI>
config antispam deepheader-analysis
set confiddence 96.000000
set greyscale-level 7
end

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Clustering Setting  (0) 2017.08.08
FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28

## Dynamic source NAT without changing the source port (one-to-one source NAT)

# Problem


Some protocols or services will only function if they use a specific source port, or a source port that does not change. Normally source NAT changes the source port to allow multiple simultaneous sessions. 

# Solution

You can select the fixed port option to restrict the FortiGate unit to not translate the source port. This results in a one-to-one NAT configuration. One-to-one NAT limits the number of simultaneous sessions that are supported because one variable for tracking sessions (the source port number) is no longer available. To allow more sessions, one-to-one NAT is normally used with multiple external IPs added to an IP pool. 

In this example, you enable one-to-one NAT by enabling the fixed port option in a security policy and adding an IP pool containing three IP addresses: 172.20.120.[13-15]. The fixed port option is enabled from the CLI so this entire example is configured from the CLI.

1 Enter the following command to add the IP pool:

config firewall ippool

edit Dynamic-Source

set startip 172.20.120.13

set endip 172.20.120.15

end

2 Enter the following command to add a security policy that allows users on the private network to access the Internet.

config firewall policy

edit 0

set srcintf internal

set srcaddr all

set dstintf wan1

set dstaddr all

set schedule always

set service ANY

set action accept

set nat enable

set fixedport enable

set ippool enable

set poolname Dynamic-Source

end

If you edit this policy from the web‑based manager, you will notice that the Fixed Port option is visible and is selected.

저작자 표시 비영리 변경 금지
신고

'업무이야기 > Fortinet' 카테고리의 다른 글

FortiSandbox Custom VM  (0) 2017.08.08
Fortinet euc-kr 한글 지원 설정  (0) 2015.12.28
Fortigate Port Restricted  (0) 2015.12.28
Spam test  (0) 2015.12.28
Fortigate SIP ALG / Fortinet SIP ALG  (0) 2015.12.28
FortiAP Configuration  (0) 2015.12.28