Introduction One feature that occasionally causes some confusion among ISA Administrators is the option to “Use a certificate to authenticate to the SSL Web server” which is on the Bridging tab of a Web Publishing Rule. Some people mistakenly believe that this has to be checked for ISA Server to communicate securely with the published resource. As … Continue reading Using a Client Certificate when Bridging SSL traffic from ISA Server
Tag: Firewall
Tools: Test your Firewall’s AV, Anti-Bot and Threat Emulation functions
Found this tool from CheckPoint to test your AV, Anti-Bot and Threat Emulation function. https://threatwiki.checkpoint.com/threatwiki/public.htm Test Threat Emulation Click to download a DOC with an exploit. This file will not harm your computer. To confirm the file was detected, use the Smart Log / Smart View Tracker to locate the Threat Emulation log for this … Continue reading Tools: Test your Firewall’s AV, Anti-Bot and Threat Emulation functions
Fortigate 5.2 Vulnerability: SSH/SSL – Weak Encryptions
Known issue to: FortiOS 5.2.x (can also apply to higher versions). But 5.4.x and later has already disabled weaker ciphers DES, RC4 and SSLv3, so Firewalls running on later version are less-prone to vulnerabilities. Recommendations/Mitigations: What does strong encryption do? Enabling the use of strong encryption will only allow strong ciphers such as: AES … Continue reading Fortigate 5.2 Vulnerability: SSH/SSL – Weak Encryptions
Firewall Audit Security Checklist
Found this checklist that is handy in performing securoty reviews for any firewalls. Make sure to compliment this with your firewall vendor's best-practice recommendation document in assessing your firewalls. Firewall-Audit-Checklist-WEB
Protected: MSP Network Engineer’s ISP Change Checklist
There is no excerpt because this is a protected post.
Tool: Time Budgeting Tool for Firewall Migration
Here is a spreadsheet file I use in setting time budget for Firewall Migration which takes in account he number of Policy Rules. Objects, VPNs and other factors. Feel free to contact me if you have any suggestions or anything for the tool's improvements FW_Time Planning
Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users
blah blah Solution 1 You can recreate the VPN and on Step 3, Unselect Allow Endpoint Registration Solution 2 Disable Endpoint Security Enable the feature first so the option will show up on the firewall. Under System -> Feature Select -> Security Features -> select Endpoint Control. Once Feature is enabled, Forticlient Profile will be … Continue reading Fortigate: Disable Telemetry (Endpoint Security) for Client VPN Users
Fortigate: New FortiOS Upgrade Path Tool
Early this week, Fortigate has removed the Upgrade Path table on the Fortigate Cookbook website gaining reaction from many of us. I spend a good number of minutes trying to look around where I can find the table I used to find in just a couple of google searches and clicks. The Upgrade Path tool … Continue reading Fortigate: New FortiOS Upgrade Path Tool
Sonicwall GVC VPN: Unable to connect to VPN. Error: “Packet length mismatch with interface MTU”
I had a client who was unable to connect to the Sonicwall VPN via GVC (Global VPN Client). Packet capture showed initial inbound traffic to the Sonicwall from Client is being dropped. Logs as below: 50 03/30/2016 14:16:06.912 X4*(i) -- VPN.CLIENT.IP.HERE SONICWALL.WAN.IP.HERE IP UDP 500,500 DROPPED 60[60] 51 03/30/2016 14:16:06.912 X4*(i) -- VPN.CLIENT.IP.HERE SONICWALL.WAN.IP.HERE IP … Continue reading Sonicwall GVC VPN: Unable to connect to VPN. Error: “Packet length mismatch with interface MTU”
Protected: Fortigate: How to monitor and block Torrent / P2P traffic?
There is no excerpt because this is a protected post.