Configuration Example, Firewalling
FortiGate – debug flow
You can use the diagnose debug flow commands to do a policy simulation. An example of the output: fw01 (root) # diagnose debug enable fw01 (root) # diagnose debug flow show console enable show trace messages on console fw01 (root) # diagnose debug flow filter addr 10.10.1.25 fw01 (root) # diagnose debug flow trace start … Read More
Cisco WLC and pre-download software to AP
A simple post, because I always forget the CLI commands to TFTP the software to the controller. I also added the command to predownload the new firmware to all access-points. This dramatically speeds up the upgrade process of the access-points. You need to set the TFTP parameters first. (Cisco Controller) >transfer download datatype code (Cisco … Read More
ClearPass – mail validation
If you would like to restrict or validate mail addresses during guest registration, you can use simply restrict domains. An example of a mail validation for the provided user and sponsor mail address is. user mail validation (the mail address should not be a company mail address) array ( ‘deny’ => array ( 0 => … Read More
Cisco cable-diagnostics with TDR
Some Cisco switches have a way to check the condition of copper cables. This can be done via de command test cable-diagnostics tdr. TDR stands for Time Domain Reflector. More information about Time Domain Reflector can be found at the Cisco Support Community. The command can be very useful for basic layer 1 troubleshooting. core01#test … Read More
Sophos UTM – An unsupported mechanism
I got some strange issues / problems while testing a Sophos UTM appliance with 9.004-34 software. The Web Security feature is filtering requests and using client authentication. The proxy is using Standard Mode with Active Directory SSO authentication. I testing the proxy by changing the proxy settings on a Citrix server. Everything was working without … Read More
Citrix Secure Gateway via https-only
Configuring a Citrix Secure Gateway (CSG) server is simple, but provides a powerful solution to access resource from remote locations. CSG is an application installed on a DMZ server. Mostly I also configure the Citrix WebInterface on the same server. The CSG instance listens on TCP/443 and the WI instance listens on TCP/80. To improve … Read More