본문 바로가기
반응형

분류 전체보기1332

FortiGate 점검 CLI 1.     get system performance status-       현재 CPU & Memory, Traffic 사용량, Session수 및 Uptime 확인2.     get system status-       OS Version 및 Serial 정보 확인3.     diag debug crashlog read-       프로세서 Crash 내역 및 FortiGate의 주요 이슈 사항 확인4.     diag log alertconsole list-       관리자 계정 Login 실패 기록, 장비 재시작, 전원 off, FortiGuard 업데이트 내역 확인5.     diag hardware device nic port1-       해당 Port의 Speed/Duplex 및 Err.. 2018. 5. 8.
[MicroSoft] Windwos Powershell ISE 시작>powershell ISE 실행. # User 추가 $a=1DO{  dsadd user "cn=user$a,ou=test,dc=sbbaek,dc=com"  $a++  } while ($a -le 1000)  # Group 추가 $a=1DO{  dsadd group "cn=group$a,ou=test,dc=sbbaek,dc=com"  $a++   } while ($a -le 1000) 2018. 5. 8.
How-to: Automate FortiGate configuration backups How-to: Automate FortiGate configuration backups The FortiGates don't have any backup automation abilities out of the box. Generally you'd use a FortiManager for the config, backup and control of multiple FortiGates.I've recently setup a lab with several FortiGates for testing and wanted a simple way of backing up the configs every day so I could always revert back to a previous day quickly.You .. 2018. 5. 8.
[MicroSoft] AD GPO AD GPO http://www.unixwiz.net/techtips/deploy-webcert-gp.html Several customers are deploying the latest version of the excellent Evolution payroll service-bureau software from iSystems, and the new management interface is web based via SSL. This is a major improvement over the previous version that required interaction with the server via a logged-in user.But the web certificate used by the ven.. 2018. 5. 8.
Scheduled Daily Reboot of FortiGate config system globalset daily-restart enableset restart time 04:00 end 2018. 5. 8.
FortiGate DNS Translation FortiGate DNS TranslationMain # show firewall dnstranslationconfig firewall dnstranslationedit 1set dst 192.168.132.142set netmask 255.255.255.255set src 1.233.82.142nextend 2018. 5. 8.
[FortiGate의 자주 쓰는 debug 명령] [FortiGate의 자주 쓰는 debug 명령] 1. diagnose debug flow diag debug flow 명령은 FortiGate 의 inbound->outbound 트래픽의 flow를 확인할 수 있습니다. filter, show, trace 3가지로 구성 FGT82C3109600076 # diagnose debug flow filter addr 122.49.65.221 FGT82C3109600076 # diagnose debug flow show console enableshow trace messages on console FGT82C3109600076 # diagnose debug flow trace start 10 FGT82C3109600076 # id=36870 trace_id=2.. 2018. 5. 8.
Fortigate IPv6 over IPv4 VPN Tunnel Configure FortiGate A interfaces config system interfaceedit port2set 10.0.0.1/24nextedit port3config ipv6set ip6-address fec0::0001:209:0fff:fe83:25f3/64end Configure FortiGate A IPsec settingsconfig vpn ipsec phase1-interfaceedit toBset interface port2set remote-gw 10.0.1.1set dpd enableset psksecret maryhadalittlelambset proposal 3des-md5 3des-sha1end config vpn ipsec phase2-interfaceedit toB.. 2018. 5. 8.
[MicroSoft] Windows Server 2008 R2에서 비활성화된 암호 복잡성 변경 http://ksyjkh24.tistory.com/230 Windows Server 2008 R2에서 기본 적용되어 있는 암호에 조건은 다음과 같습니다.[그림 1. "암호는 복잡성을 만족해야 함" 속성] 이 화면을 확인 하기 위해서는"실행 > gpedit.msc >로컬 컴퓨터 정책 > 컴퓨터 구성 > Windows 설정 > 보안 설정 > 계정 정책 > 암호 정책"이라는 긴 과정을 거쳐서 확인할 수 있습니다. [그림 2. 로컬 그룹 정책 편집기] 여기서 로컬 보안 설정 탭에 설정된 "사용"을 "사용 안 함"으로 선택하면 위 4가지의 암호 복잡성 조건을 사용하지 않게 됩니다.일반적인 사용자 OS급(Windows 7같은)에 경우 이런 문제가 발생하지 않고, 이 설정을 편집할 일도 없습니다.즉, Server급 .. 2018. 5. 8.
FortiGate Service Objects Category별 우선 순위 tcp-52000-Uncategorizedtcp-52000-web Accesstcp-52000-File Accesstcp-52000-Emailtcp-52000-Network Servicestcp-52000-Authenticationtcp-52000-Remote Accesstcp-49152-65535-Authenticationtcp-49152-65535-Remote Accesstcp-52000-Tunneling / tcp-49152-52000-Tunnelingtcp-49152-65535-Tunneling / tcp-52000-tunnelingtcp-52000-VOIP, Messaging & Other Applications / tcp-49152-52000-VOIP, Messaging & Other Appl.. 2018. 5. 8.
FortiSandbox Cluster Example configurationThis example shows the steps for setting up an HA cluster using three FortiSandbox 3000D units.Step 1 - Prepare the hardwareThe following hardware will be required:l Nine cables for network connectionsl Three 1/10 Gbps switchesl Three FortiSandbox 3000D units with proper power connections (units A, B, and C).The master and primary slaves should be on different power circuits.. 2018. 5. 8.
FortiAuthenticator FSSO 설정 Authentication > Remote Auth. Servers > LDAP Fortinet SSO Methods > SSO > General Fortinet SSO Methods > SSO > Domain Controllers Fortinet SSO Methods > SSSO > Syslog Sources Syslog WLC ParseTrigger: enterprise=1.3.6.1.4.1.9.9.599.0.4Logon: enterprise=1.3.6.1.4.1.9.9.599.0.4Logoff: Username field: 1.3.6.1.4.1.9.9.599.1.3.1.1.27.0={{:username}},     /     1.3.6.1.4.1.9.9.599.1.2.1.0={{:username}}.. 2018. 5. 8.
FortiSandbox VM package 1. Install Microsoft Windows VM package  If the unit is not does not have Microsoft Windows VM package installed, they can be installed manually. To manually download the package: 1. FSA-1000D, FSA-3000D, and FSA-VM models: Download the package from ftp://fsavm.fortinet.net/general/image/2.0.0/2015022118_vm.pkg.7z Users can also try or purchase, download and install extra Android, Windows 8.1 an.. 2018. 5. 8.
[MicroSoft] SSL Certificate SHA256 관련 http://www.slproweb.com/products/Win32OpenSSL.html C:\Program Files (x86)\OpenSSL-Win64\bin>openssl genrsa -des3 -out nicscaprivatekey.key 2048C:\Program Files (x86)\OpenSSL-Win64\bin>openssl req -new -x509 -days 3650 -extensions v3_ca -keyout nicscaprivatekey.key -out nicssslca.crt 인증서와 Key 생성 완료 화면(2개의 File 생성)nicscaprivatekey.keynicssslca.crt FortiGate > System > Certificates > Import > Local.. 2018. 5. 8.
Fortigate Custom Application Control 1. Afreeca TV F-SBID( --protocol tcp; --service http; --flow from_client; --pattern ".afreeca."; --context host; --no_case; --app_cat 5; ) 2. Naver Café F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe.naver.com"; --context host; --no_case; --app_cat 23; ) F-SBID( --protocol tcp; --service http; --flow from_client; --pattern "cafe"; --context host; --no_case; --within .. 2018. 5. 8.
Fortigate SSLVPN Host Check *제약사항 :  (1) SSLVPN는,  forticlient v5.2만 가능(v5.4이상 연결안됨) (2) Endpoint Control는 5.4이상(v5.6 포함)에서 지원*테스트결과[외부접속 : SSLVPN - Host Check Software]1-0. 환경 : FortiClient v5.2.6.0664 1-1. 단일설정 (3rd party체크프로그램으로 KakaoTalk.exe로 테스트)config vpn ssl web host-check-software    edit "KakaoTalk-2.5.6.1543"        set type fw        set version "2.5.6.1543"        config check-item-list            edit 1       .. 2018. 5. 8.
FortiAnalyzer SQL database delete and rebuild Technical Note: FortiAnalyzer SQL database delete and rebuildProductsFortiAnalyzer v5.0 FortiAnalyzer v5.2 DescriptionOccasionally an upgrade does not correctly update the SQL database and reporting will cease to function properly due to missing/misnamed columns and/or indexes. “exec sql-local rebuild-db” is the first option, but if that does not resolve the issue then deleting and rebuilding of.. 2018. 5. 8.
Fortigate IP Macbindging Macbinding Table 생성config firewall ipmacbinding table    edit 1        set mac 사용자맥주소1        set name "사용자명1"        set status enable    next    edit 2        set mac 사용자맥주소2        set name "사용자명2"        set status enable    next    …endMacbinding 옵션 설정 및 적용config firewall ipmacbinding setting    set bindthroughfw enable    set bindtofw enable    set undefinedhost blockendconfig system inter.. 2018. 5. 8.
[Linux] Centos root passewd for parallels desktop $sudo passd[sudo] Changing password for rootNew password : Retype password :passed : all authentication tokens updated successfully$su -passed : # 2018. 5. 8.
Fortinet Open Ports Diagram 2018. 5. 8.
Firemon SIQL # SRC+ DST Anydomain { id = 1 }  AND rule { (source.any = true) and (destination.any=true) }# SRC + SVC Anydomain { id = 1 }  AND rule { (source.any= true) and (service.any=true) }# DST + SVC Anydomain { id = 1 }  AND rule { (destination.any= true) and (service.any=true) }# SRC + DST + SVC Anydomain { id = 1 }  AND rule { (source.any=true) and  (destination.any= true) and (service.any=true) }# L.. 2018. 5. 8.
반응형

티스토리툴바