Author: René Jorissen
Cisco ASA: multiple context and capture
Packet captures are very useful for troubleshooting purposes. The Cisco ASA supports packet captures even in multiple context mode. I normally configure packet captures on CLI level. This can be done by configuring an access-list to match the specific traffic you would like to capture. Add the access-list and the specific interface in a capture command. … Read More
Cisco IOS-XE 16.x
Cisco has release new IOS-XE software, called IOS-XE Denali 16.x. This software is available for Cisco ASR routers and Cisco Catalyst 3850/3650 switches. In the end IOS-XE Denali should be available for all switches. A good overview of Cisco Catalyst IOS XE Denali is explained in this Youtube video from Tech Field Day. Below you … Read More
FortiClient SSLVPN – export profiles
I am using the FortiClient SSLVPN lightweight application for SSL VPN access to client networks. In the GUI you don’t have options to export the configured profiles as you have with the full-featured FortiClient SSLVPN. The profiles for the lightweight version are stored in the registry, so you can export and import from there. The registry … Read More
FortiAuthenticator – HA Clustering
FortiAuthenticator can be used when adding strong authentication to a network. FortiAuthenticator has more options, like FSSO (FortiNet Single Sign-On) in conjuction with a FortiGate firewall. You can create a FortiAuthenticator cluster very easily. I normally configure a active/passive cluster and not a load-balancing cluster. When creating an active/passive cluster you should follow these guidelines: … Read More
Flash clean-up
Lately I upgraded a Aruba Networks wireless controller or at least I tried…… The upload of a new image to the controller has two steps. First the copy process from a TFTP server to the controller and second the actual writing of the new firmware image to flash (system partition). The second step kept showing … Read More
FortiGate – Outbound OSPF filtering
Just a quick post on filtering outbound OSPF advertisements. I had some struggle with this config today. config router prefix-list edit “filter-outbound” config rule edit 1 set prefix 10.10.0.0 255.255.0.0 unset ge unset le next edit 2 set prefix 10.20.0.0 255.255.0.0 unset ge unset le next edit 3 set action deny set prefix any … Read More