Booches.nl - Part 6

FortiMail – Howto enable DLP

René Jorissen on October 25, 2016 • 1 Comment • Tags: #data #datalossprevention #dlp #enable #fortimail #fortinet #howto #loss #prevention #set

FortiMail has the option to use Data Loss Prevention as enhanced security mechanism. This feature is introduced in firmware 5.3, according to the release notes. By default the DLP option is not visible on the GUI. DLP can be enabled via the CLI, but it is a well hidden feature. The option can be enabled … Read More

Mail relaying

SMTP Auth testing via CLI

René Jorissen on June 30, 2016 • 0 Comments • Tags: #auth #cli #commandline #smtp

Just a quick note to describe the procedure for SMTP auth testing via the command-line. At first you need to encode username and password in Base64. This can be done in several ways. The easiest way would be via https://www.base64encode.org/. Next you can use the following commando’s via telnet to test SMTP AUTH. I always use … Read More

Aruba Networks

ArubaOS 6.5.0.0

René Jorissen on June 21, 2016 • 0 Comments • Tags: #arubaos

The Early Deployment release software from ArubaOS 6.5.0.0 has been released. I looked into the release notes and found some interesting new features. Cellular Handoff Assist is Configurable Per Virtual AP: The cellular handoff assist feature can help a dual-mode, 3G/4G-capable Wi-Fi device such as an iPhone, iPad, or Android client at the edge of … Read More

Aruba Networks, ClearPass, Configuration Example, Wireless

ClearPass – concurrent session limit

René Jorissen on April 21, 2016 • 0 Comments • Tags: #clearpass #concurrent #govroam #insight #limit #pgadmin #session

I tried to configure a restriction to the concurrent number of active sessions a user can have on the wireless network. I found a great article on AirHeads Community “How to deny access for authentication requests based on session limit?” In short the article tells you to: Edit the Insight Repository Add more Filiters on … Read More

Configuration Example, Fortinet

FortiGate – IPSec with dynamic IP

René Jorissen on April 13, 2016 • 5 Comments • Tags: #address #ddns #dynamic #fortigate #fortinet #ip #ipsec #vpn

Site-to-site VPN connections are a common way to connect a branch office to the corporate network. In the Netherlands it is still common to have a internet connection at a branch office with a dynamic IP address. The usage of dynamic IP address is not ideal when configuring a site-to-site VPN connection, because the configuration almost always … Read More

Cisco, Management

Cisco ASA: multiple context and capture

René Jorissen on April 4, 2016 • 1 Comment • Tags: #asa #capture #cisco #context #multiple #pcap #wireshark

Packet captures are very useful for troubleshooting purposes. The Cisco ASA supports packet captures even in multiple context mode. I normally configure packet captures on CLI level. This can be done by configuring an access-list to match the specific traffic you would like to capture. Add the access-list and the specific interface in a capture command. … Read More