Backtrack:  
 
showing posts tagged with 'firewall'
 
by lunarg on November 27th 2015, at 12:39
On a fresh install of Windows Server 2012R2, not joined to a domain, the first network connection (obtained through DHCP) is always treated as a Public network. Normally, when joining a domain, the network connection then becomes a Domain network, but if the server will not be joined to a domain, you probably will want to set it to Private. Unfortunately, the Public Network link in Network Center is not clickable, and thus, cannot be changed. But you can make the change anyway through the Local Security Policy.

Open Local Security Policy (Start → Run → secpol.msc

Under Security Settings, click Network List Manager Policies.

Look for the entry corresponding with your network (usu  ...
by lunarg on November 9th 2015, at 10:54
You can quickly and easily enable SNMP on a Sonicwall for monitoring purposes. The instructions below are for SonicOS Enhanced, and has been tested on a NSA 2600 (although configuration should be similar on other models).

Log on to the Sonicwall through the web interface.

In the menu on the left, navigate to System → SNMP.

Check the Enable SNMP check box and click Accept.



Click the Configure button and verify/change the Get Community Name. By default, it is set to public. If you made changes, click OK.

By default, SNMP does not listen on any interface, so what's left is to enable it on one or more interfaces, depending on which interfaces, SNMP is required. Navigate to Network &r  ...
by lunarg on June 24th 2015, at 11:10
The logging on a FortiGate firewall is very scarse, making it difficult to troubleshoot issues. This can especially be a problem when setting up a site-to-site IPSEC VPN tunnel. Although the web interface doesn't provide much information for troubleshooting and debugging, the console does when debugging is enabled.

On most (if not, all) FortiGate appliances, you can access the console through the web interface. It usually can be found on the Dashboard (> Status).



As it says, click on the console to activate it.

Enabling debugging for all IPSEC VPNs means we enable debug mode on "IKE". This is done by the following series of commands.

If any debugging is already in progress  ...
by lunarg on June 5th 2015, at 14:53

A note of caution: when installing the Fortinet SSO Agent on a server, the option to secure connections from a FortiGate with a password is enabled by default, and a random password is assigned.

You have to turn off or change the password before you add the SSO agent in your Fortigate.

There's no mention of this in the manuals, so now you know...

by lunarg on April 28th 2015, at 15:24
This article is a quick reminder (for myself) on how to properly configure port forwarding on a Dell Sonicwall firewall.

First, create the address and services objects you need for the port forwarding. In case of multiple addresses or services, create a group and add all objects in that group.

Address object for a local server



Service group with multiple services



Predefined objects, such as the WAN IP are already present and do not have to be created again. Also, the advantage of using these predefined objects is that they are dynamic: e.g. if the WAN IP changes, the policies and rules that use this object will not have to be changed.

Once the objects are in place, they can be refer  ...
by lunarg on April 21st 2015, at 09:30

To block traffic from/to a specific IPv4 address using iptables, you can use these commands:

iptables -A INPUT -s 1.2.3.4 -j DROP
iptables -A OUTPUT -d 1.2.3.4 -j DROP
Warning!
Do not use these commands when you are already running an iptables-based firewall as this may result in unexpected results.
by lunarg on February 3rd 2015, at 10:24

Last year, around May, DynDNS.com has changed their root certificates, causing Dynamic DNS using DynDNS.com no longer to work properly. The error (Network Error) is displayed immediately after adding the account to your Sonicwall.

The easiest solution is to upgrade to the latest firmware:

  • For 5.8, this is at least 5.8.4.0;
  • For 5.9, this is anything after June 2014.

Dell Support also offers an alternative, although this only works with more recent 5.9 versions:

https://support.software.dell.com/kb/sw11246

by lunarg on May 29th 2013, at 12:36

Important for PPPoE connections on a Dell Sonicwall: with the current firmwares, the MTU is not automatically lowered to 1492 when using PPPoE as your WAN interface type. By default, it remains on 1500, so you need to manually adjust it to 1492.

This can be done by going in to the interface properties → Advanced, where you'll find a field to set the MTU.

by lunarg on February 8th 2013, at 14:03

Restarting OpenVPN on the CLI of a pfSense can be done using the following command:

echo "<?php include('openvpn.inc'); openvpn_resync_all();?>" | php -q

This issues a restart command as if you would via the web-interface.

 
showing posts tagged with 'firewall'