what need be changed is to change the action from warning to monitoring or accept.
Tuesday, July 24, 2018
Fortigate ssl vpn possible issue
when you use web filtering, for the unrated category the default setting is warning, it might cause the access to ssl vpn stuck at stage 98% and then failed.
what need be changed is to change the action from warning to monitoring or accept.
what need be changed is to change the action from warning to monitoring or accept.
Thursday, April 12, 2018
Fortigate sslvpn issue 5.6.3
when you updated your
firmware of fortigate or setup new sslvpn, if you are using certificate other than
factory default you might have issue to connect to sslvpn
from fortigate
debug:
Inovfw10 #
[18907:root:fc]allocSSLConn:280 sconn 0x7f820714c000 (0:root)
[18907:root:fc]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fc]SSL
state:before SSL initialization:DH lib(208.98.207.34)
[18907:root:fc]SSL_accept
failed, 5:(null)
[18907:root:fc]Destroy
sconn 0x7f820714c000, connSize=0. (root)
[18907:root:fd]allocSSLConn:280
sconn 0x7f820714c000 (0:root)
[18907:root:fd]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fd]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fd]SSL
state:fatal handshake failure (208.98.207.34)
[18907:root:fd]SSL
state:error:(null)(208.98.207.34)
[18907:root:fd]SSL_accept
failed, 1:no shared cipher
[18907:root:fd]Destroy
sconn 0x7f820714c000, connSize=0. (root)
[18907:root:fe]allocSSLConn:280
sconn 0x7f820714c000 (0:root)
[18907:root:fe]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fe]SSL
state:before SSL initialization (208.98.207.34)
[18907:root:fe]SSL
state:fatal handshake failure (208.98.207.34)
[18907:root:fe]SSL
state:error:(null)(208.98.207.34)
[18907:root:fe]SSL_accept
failed, 1:no shared cipher
[18907:root:fe]Destroy
sconn 0x7f820714c000, connSize=0. (root)
The server you want
to connect to requests identification, please choose a certificate and try
again. (-5)
from Fortigate GUI:
gui vpn events:
Log
Description SSL VPN exit error
Action
|
ssl-exit-error
|
Reason
|
N/A
|
solution:
conf vpn ssl
settings
set algorithm medium
Friday, April 6, 2018
Sonicwall IPsec VPN issues
when you use sonicwall as IPsec vpn devices, there is some thing you need pay attention:
1. when you or your peer firewall behind NAT, ip address for Peer ID always can not match, even you configure the remote firewall use the public ip, and the the peer ID, firewall identifier not working either, does not matter how you configure, but Domain name is working if it match the configuration of remote setting
2. if you want to access the firewall itself, permit any zone of subnet won't work, you need additional firewall rule to permit the interface as well
3. if you want to monitoring the firewall use SNMP, you also need check snmp in advanced setting of VPN
1. when you or your peer firewall behind NAT, ip address for Peer ID always can not match, even you configure the remote firewall use the public ip, and the the peer ID, firewall identifier not working either, does not matter how you configure, but Domain name is working if it match the configuration of remote setting
2. if you want to access the firewall itself, permit any zone of subnet won't work, you need additional firewall rule to permit the interface as well
3. if you want to monitoring the firewall use SNMP, you also need check snmp in advanced setting of VPN
Tuesday, April 3, 2018
Linux box in Azure partitions issue
when you create a Linux box in Azure, such as Centos, even you select the hard drive of 64G, the partition tools not fully use the disk, it might like this
#fdisk -l
Disk /dev/sda: 68.7 GB, 68719476736 bytes, 134217728 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: dos
Disk identifier: 0x000cd8ad
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 62914559 30944256 83 Linux
Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: dos
Disk identifier: 0x9075e55c
Device Boot Start End Blocks Id System
/dev/sdb1 128 33552383 16776128 83 Linux
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 30G 3.0G 27G 10% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 65M 3.9G 2% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 497M 105M 392M 22% /boot
/dev/sdb1 16G 45M 15G 1% /mnt/resource
tmpfs 797M 0 797M 0% /run/user/1000
#fdisk -l
Disk /dev/sda: 68.7 GB, 68719476736 bytes, 134217728 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: dos
Disk identifier: 0x000cd8ad
Device Boot Start End Blocks Id System
/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 62914559 30944256 83 Linux
Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: dos
Disk identifier: 0x9075e55c
Device Boot Start End Blocks Id System
/dev/sdb1 128 33552383 16776128 83 Linux
# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda2 30G 3.0G 27G 10% /
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 0 3.9G 0% /dev/shm
tmpfs 3.9G 65M 3.9G 2% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/sda1 497M 105M 392M 22% /boot
/dev/sdb1 16G 45M 15G 1% /mnt/resource
tmpfs 797M 0 797M 0% /run/user/1000
then you need to resize the partition
here are the steps
for Centos 7:
1. sudo fdisk /dev/sda
type: p
this will show both partitions /dev/sda1 and /dev/sda2 which are basically partitions 1 and 2
type: d then 2 (to delete partition 2)
type: n then p , 2 (to recreate partition 2) you can accept the default values
type: w (to save the new partition)
type: q (to exit fdisk)
sudo reboot (to reboot the VM so the partition is updated)
2. To finalize the resize, after the reboot, execute the command:
sudo xfs_growfs /dev/sda2
Subscribe to:
Posts (Atom)
-
when you updated your firmware of fortigate or setup new sslvpn, if you are using certificate other than factory default you might have is...
-
Installing or Upgrading HostScan Use this procedure to upload, or upgrade, and enable a new HostScan image on the ASA. Use the image to ...
-
Reboot the switch. You will see a prompt during boot right after the cisco logo made out of #s that says "Autoboot in 2 seconds - p...
