Tag: policy
Configuration Example, Firewalling
FortiGate – debug flow
You can use the diagnose debug flow commands to do a policy simulation. An example of the output: fw01 (root) # diagnose debug enable fw01 (root) # diagnose debug flow show console enable show trace messages on console fw01 (root) # diagnose debug flow filter addr 10.10.1.25 fw01 (root) # diagnose debug flow trace start … Read More
Configuration Example, Routing
Policy-based routing in a nutshell
Lately I received some questions about routing decisions and how to influence the routing decisions via access control lists. The following example shows a simple configuration for policy-based routing. The example uses the following logical setup: I configured two routers and connected each router to two PVC’s on the same ATM interface. I configured one … Read More
Problem running ISA en IAS on the same server
Today I had some problems running ISA 2004 en IAS on the same server. At the beginning the customer was running ISA 2000 and IAS on the same server without any problems. By incident, the customer was forced to upgrade his ISA. They had a 2004 license, so ISA 2004 it was. I noticed that … Read More
RSA 7.1 with On-Demand
RSA token security provides a way to strengthen the security on public services. Token authentication is most often implemented with hardware tokens. RSA 7.1 has additional methods of token authentication besides the hardware tokens: Token delivery by SMS; Token delivery by e-mail; To enable the above features you have to install at least RSA 7.1 … Read More
Configuration Example, Routing
Policy NAT on Cisco router
A colleague of mine had to implement an IPSec VPN tunnel from a customer to a supplier. The customer has a Cisco router for connecting to the Internet, so nothing special. The router is already setup and in production. Configuring an extra IPSec VPN tunnel isn’t very hard, the most important part is the negotiation … Read More
VPN Filtering through Group Policy
When configuring a Remote Access VPN or a Site to Site VPN connection you have the ability to filter traffic entering and leaving the VPN connection. You have the ability to enable inbound IPsec sessions to bypass interface access lists. Group policy and per-user authorization access lists still apply to the traffic. The sysopt connection … Read More