NOPE LinkedIn

Articles dans Tips&Tricks...

Catégories:
Tips&Tricks
Firewall
Security

Comprendre les logs IPSEC sur Fortigate

Comprendre les logs IPSEC sur un Firewall Fortigate IPsec phase1 IPsec phase1 negotiating logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11.101.1.1 locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="e41eeecb2c92b337/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="to_HQ" status="success" init="local" mode="aggressive" dir="outbound" stage=1 role="initiator" result="OK" IPsec phase1 negotiated logid="0101037127" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132571 logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=11.101.1.1 locip=173.1.1.1 remport=500 locport=500 outintf="port13" cookies="e41eeecb2c92b337/1230131a28eb4e73" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="to_HQ" status="success" init="local" mode="aggressive" dir="outbound" stage=2 role="initiator" result="DONE" IPsec phase1 tunnel up logid="0101037138" type="event" subtype="vpn" level="notice" vd="root" eventtime=1544132604 logdesc="IPsec connection status changed" msg="IPsec connection status change" action="tunnel-up" remip=11. Read More...

Tagged Fortigate, Firewall

Catégories:
Tips&Tricks
Security
Crowdsec

Installation de crowdsec sur Debian

Introduction Crowdsec est une jeune solution de cybersécurité libre, gratuite, massivement collaborative et d’origine française. Il permet de détecter des comportements anormaux (à partir de l’analyse des logs provenant par exemple de syslog mais pas que) et de bloquer les attaques. Il collabore également au niveau mondial avec son réseau d’utilisateurs en partageant les adresses IP détectées. Ceci permet alors à chacun de les bloquer de manière préventive. L’objectif est de bâtir une immense base de données de réputation IP et d’en garantir un usage gratuit à ceux participant à son enrichissement. Read More...

Tagged Linux, Debian

Catégories:
Tips&Tricks
Firewall
Security

Debugger un tunnel IPSEC sur Fortigate

Troubleshooting Fortigate firewall: Use the following steps to assist with resolving a VPN tunnel that is not active or passing traffic. Solution Step 1: What type of tunnel have issues? FortiOS supports: Site-to-Site VPN. Dial-Up VPN . Step 2: Is Phase-2 Status ‘UP’? No (SA=0) - Continue to Step 3. Yes (SA=1) - If traffic is not passing, - Jump to Step 6. Flapping - SA is flapping between ‘UP’ and ‘Down’ state - Jump to Step 7. Read More...

Tagged Fortigate, Firewall

Catégories:
Tips&Tricks
Firewall

ASA PAcket capture

Configure Packet Capture with the CLI Complete these steps in order to configure the packet capture feature on the ASA with the CLI: Configure the inside and outside interfaces as illustrated in the network diagram with the correct IP address and security levels. Start the packet capture process with the capture command in privileged EXEC mode. In this configuration example, the capture named capin is defined. Bind it to the inside interface, and specify with the match keyword that only the packets that match the traffic of interest are captured: Read More...

Tagged Cisco, ASA, Firewall

Catégories:
Tips&Tricks
Firewall

ASA: Using Packet Capture to troubleshoot ASA Firewall

What are Packet Captures - A Brief Introduction to Packet Captures Packet capture is a activity of capturing data packets crossing networking devices There are 2 types - Partial packet capture and Deep packet capture Partial packet capture just record headers without recording content of datagrams, used for basic troubleshooting upto L4 Deep packet capture will give us everything that a packet can tell, doing a deep packet analysis is like investigating in a forensic lab, it is used in advanced troubleshooting like troubleshooting at L7, troubleshooting for performance related issues, traffic patterns etc There are 2 ways of looking at traffic coming to any device, either collect captures on the ingress of the device or collect captures on the egress interface of the device behind the device in question. Read More...

Tagged Cisco, ASA, Firewall

Catégories:
Tips&Tricks
Firewall

Troubleshooting Fortigate firewalls

Troubleshooting Fortigate firewall: To view the date and time in the CLI: To view the date FortiGate-VM64-HV # execute date current date is: 2022-08-01 To view time FortiGate-VM64-HV # execute time current time is: 09:54:57 last ntp sync:Mon Aug 1 09:20:07 2022 To view system resources in the CLI: FortiGate-VM64-HV # get system performance status CPU states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq CPU0 states: 0% user 0% system 0% nice 100% idle 0% iowait 0% irq 0% softirq Memory: 2058672k total, 880400k used (42. Read More...

Tagged Fortigate, Firewall

Catégories:
Tips&Tricks
Network

Make a macro to create etherchannel

You should be connected in privileged user in enabled mode The followind command list all the macro present on the equipment. #sh parser macro brief default global : cisco-global default interface: cisco-desktop default interface: cisco-phone default interface: cisco-switch default interface: cisco-router default interface: cisco-wireless customizable : Make_Range_UNUSED customizable : Make_UNUSED customizable : make_Firewall_Links The default ones are Cisco pre-defined and the other ‘customizable’ are user defined. These one have been made to admnister the equipement. Read More...

Tagged Cisco, IOS

Catégories:
Tips&Tricks
Network

Créer des macros sur Cisco

Créer des macros permet de s’affranchir de longue séances de saisies de commandes identiques. You should be connected in privileged user in enabled mode The followind command list all the macro present on the equipment. #sh parser macro brief default global : cisco-global default interface: cisco-desktop default interface: cisco-phone default interface: cisco-switch default interface: cisco-router default interface: cisco-wireless customizable : Make_Range_UNUSED customizable : Make_UNUSED customizable : make_Firewall_Links The default ones are Cisco pre-defined and the other ‘customizable’ are user defined. Read More...

Tagged Cisco, Firewall

Catégories:
Tips&Tricks
Firewall

Tips and Tricks on Fortigate firewalls

Tips and Tricks on Fortigate firewalls Check configuration informations: How to get ip address: FortiGate-VM64-HV # diagnose ip address list IP=10.152.8.141->10.222.333.444/255.255.255.0 index=3 devname=port1 IP=127.0.0.1->127.0.0.1/255.0.0.0 index=5 devname=root IP=10.255.1.1->10.255.1.1/255.255.255.0 index=9 devname=fortilink IP=127.0.0.1->127.0.0.1/255.0.0.0 index=10 devname=vsys_ha IP=127.0.0.1->127.0.0.1/255.0.0.0 index=12 devname=vsys_fgfm To view the ARP cache in the CLI: FortiGate-VM64-HV # get system arp Address Age(min) Hardware Addr Interface 10.222.333.444 0 7c:21:4a:24:16:c0 port1 10.152.8.1 0 f4:bd:9e:6d:67:75 port1 To view the ARP cache in the system in the CLI: FortiGate-VM64-HV # diagnose ip arp list index=3 ifname=port1 10. Read More...

Tagged Fortigate, Firewall