Cisco ASA: Add New Subnet in an Existing Site-to-Site VPN using ASDM

Edit the Existing VPN Configuration The existing connection profile cannot be edited for the new peer information because it is bound to a specific peer. In order to edit the existing configuration, you need to perform these steps: Create a New Tunnel Group Edit the Existing Crypto Map Create a New Tunnel Group Go to Configuration … Continue reading Cisco ASA: Add New Subnet in an Existing Site-to-Site VPN using ASDM

Fortigate 5.2 Vulnerability: SSH/SSL – Weak Encryptions

Known issue to: FortiOS 5.2.x (can also apply to higher versions). But 5.4.x and later has already disabled weaker ciphers DES, RC4 and SSLv3, so Firewalls running on later version are less-prone to vulnerabilities.     Recommendations/Mitigations:  What does strong encryption do? Enabling the use of strong encryption will only allow strong ciphers such as: AES … Continue reading Fortigate 5.2 Vulnerability: SSH/SSL – Weak Encryptions

Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users

blah blah Solution 1 You can recreate the VPN and on Step 3, Unselect Allow Endpoint Registration Solution 2 Disable Endpoint Security Enable the feature first so the option will show up on the firewall. Under System -> Feature Select -> Security Features -> select Endpoint Control. Once Feature is enabled, Forticlient Profile will be … Continue reading Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users

Fortigate: New FortiOS Upgrade Path Tool

Early this week, Fortigate has removed the Upgrade Path table on the Fortigate Cookbook website gaining reaction from many of us. I spend a good number of minutes trying to look around where I can find the table I used to find in just a couple of google searches and clicks. The Upgrade Path tool … Continue reading Fortigate: New FortiOS Upgrade Path Tool