FortiMail – Howto enable DLP
FortiMail has the option to use Data Loss Prevention as enhanced security mechanism. This feature is introduced in firmware 5.3, according to the release notes. By default the DLP option is not visible on the GUI. DLP can be enabled via the CLI, but it is a well hidden feature. The option can be enabled … Read More
SMTP Auth testing via CLI
Just a quick note to describe the procedure for SMTP auth testing via the command-line. At first you need to encode username and password in Base64. This can be done in several ways. The easiest way would be via https://www.base64encode.org/. Next you can use the following commando’s via telnet to test SMTP AUTH. I always use … Read More
ArubaOS 6.5.0.0
The Early Deployment release software from ArubaOS 6.5.0.0 has been released. I looked into the release notes and found some interesting new features. Cellular Handoff Assist is Configurable Per Virtual AP: The cellular handoff assist feature can help a dual-mode, 3G/4G-capable Wi-Fi device such as an iPhone, iPad, or Android client at the edge of … Read More
Aruba Networks, ClearPass, Configuration Example, Wireless
ClearPass – concurrent session limit
I tried to configure a restriction to the concurrent number of active sessions a user can have on the wireless network. I found a great article on AirHeads Community “How to deny access for authentication requests based on session limit?” In short the article tells you to: Edit the Insight Repository Add more Filiters on … Read More
Configuration Example, Fortinet
FortiGate – IPSec with dynamic IP
Site-to-site VPN connections are a common way to connect a branch office to the corporate network. In the Netherlands it is still common to have a internet connection at a branch office with a dynamic IP address. The usage of dynamic IP address is not ideal when configuring a site-to-site VPN connection, because the configuration almost always … Read More
Cisco ASA: multiple context and capture
Packet captures are very useful for troubleshooting purposes. The Cisco ASA supports packet captures even in multiple context mode. I normally configure packet captures on CLI level. This can be done by configuring an access-list to match the specific traffic you would like to capture. Add the access-list and the specific interface in a capture command. … Read More