Reset SD-WAN rules counters
The value 0x7f000003 is the hexadecimal ID of the SD-WAN rule. Or to reset all counters on all rules
Read moreFortigate STIG Hardning – Firewall STIG V1R3
Introduction Firewall security is a cornerstone of any robust network defense strategy. To ensure compliance with Department of Defense (DoD) standards, organizations must implement configurations that meet the Firewall Security…
Read moreFortigate STIG Hardning – NDM STIG V1R4
Introduction Securing network infrastructure is critical for maintaining compliance and protecting sensitive data. This post provides a detailed overview of the Security Technical Implementation Guide (STIG) requirements for Fortinet FortiGate…
Read moreFortigate Best practices – CLI Examples (7.6)
Below is a hardened, modular baseline that merges your management/HA/monitoring/logging snippets with additional controls for loopback-VPN, strict local-in rules, and geo-fencing. Each block stands alone and can be applied independently.…
Read moreLets Encrypt / Certbot – Request strong certificate
The credential file should have the CHMOD of 600 Explanation of Each Option Option Description sudo Runs the command with root privileges. Required for Certbot to modify system files and…
Read moreInstall Certbot in Ubuntu with package manager
Install Python Install Certbot If you want to use certbot automatic for cloudfare install the following If you want to use it for either nginx og apache with automation of…
Read moreConfiguring SAML SSO for FortiGate Administrator Login with Microsoft Entra ID
This guide outlines the steps to set up SAML-based Single Sign-On (SSO) for FortiGate administrator access, leveraging Microsoft Entra ID as the Identity Provider (IdP). Overview Terminology Mapping FortiGate Term…
Read moreUbuntu – Hot to Change a SSH host key?
Follow these steps to regenerate OpenSSH Host Keys
Read moreHow to Upgrade TimeScaleDB Docker
To upgrade TimescaleDB within Docker, you need to download the upgraded image, stop the old container, and launch the new container pointing to your existing data. Connect to the upgraded…
Read moreHow to Upgrade a PostgreSQL Database in a Docker Environment
Upgrading a PostgreSQL database within a Docker environment requires careful planning to ensure data integrity and system stability. Here’s a structured approach to performing a major version upgrade: Prerequisites Step…
Read moreRsset EVE-NG Configuration to first login
Log into eve with console or ssh as root Write the following to remove network config and to start the config UI on first login Log out and back in…
Read moreDebugging FortiGuard Web Filter Issues After Firewall Reboot
When working with FortiGate firewalls, you might encounter a situation where FortiGuard Web Filtering services become unreachable after a reboot. This can prevent users from accessing web-filtered resources, leading to…
Read moreAuto Expand Disk size via cron
First prep the system for the auto expand script Add the Script to crontab to run every 15 minutes Save the script in /etc/expand-disk/auto-expand-disk.sh (Full copy-paste command is present below…
Read moreRestore a configuration backup on a FortiGate HA cluster
When restoring a configuration backup on a High Availability (HA) cluster, the process should be performed only on the primary unit. The configuration will then automatically synchronize with the secondary…
Read moreInstalling and Logging In to Windows 11 Without an Online Microsoft Account
By default, Windows 11 requires you to log in with a Microsoft account during the initial setup process, also known as the Out-of-Box Experience (OOBE). This requirement is part of…
Read morePowerhslel: Renew Certificate with Specific Template
If it should be executed by a GPO and only once, use the following
Read moreCreate DHCP Scope via CLI in Microsoft Server
Create scope through powershell Set options like, DNS Server, DNS Suffix and Default Gateway
Read moreWhat is ITSM and Why Does It Matter?
Understanding IT Service Management (ITSM) IT Service Management (ITSM) is a structured approach to designing, delivering, managing, and improving IT services within an organization. It ensures that IT services are…
Read moreInstall docker on Ubuntu ( Without SNAP )
If you do not want to run sudo before docker commands add your user to the docker group.This is not recommended
Read moreExtend standard disk ( Non lvm)
After the disk has been extended, then rescan for changes. This guide is based on the SDA disk and the 3 partition. Change the device and partition to match your…
Read moreRequired Domain Controller Ports through Firewall
Domain controllers play a crucial role in your network. To protect them, ensure that the firewall is enabled and that only the necessary ports for your Domain Controller are open.…
Read moreHow to upgrade Windows 2022 from EVAL to Full Version
If you attempt to convert or upgrade Windows Server Evaluation to a fully licensed edition using the standard command line or the CHANGE KEY GUI, you may encounter errors such…
Read moreExtend LVM with extra disk
Find the LVM details of the volume group that you want to add a disk to: Example output, The two with bold are the needed information in this example Find…
Read moreTrust Certificates in Ubuntu/Debian system
Debian as an example. Install the ca-certificates package: You then copy the public half of your untrusted CA certificate (the one you use to sign your CSR) into the CA…
Read moreSubmit CSR to Microsoft CA using CertReq
1: Generate CSR. It will be required in step 3. 2: Right-click Start | select Windows PowerShell (Admin) to launch PowerShell as administrator.3: Execute the following certreq command: CertificateTemplateName Substitute…
Read moreIPMI Cli Commands
1. Man and help info for IPMItool ipmitool help man ipmitool 2. To check firmware version ipmitool mc info 3. To reset the management controller ipmitool mc reset [ warm…
Read moreUnlocking the Mysteries of IS-IS Protocol neighboring
In the intricate world of Internet Service Provider (ISP) environments, the IS-IS protocol stands as a stalwart Interior Gateway Protocol (IGP). Its nuanced configuration, troubleshooting intricacies, and dynamic functionality make…
Read moreUnderstanding Decimal system and convert from DEC to HEX
Understanding Decimal and Hexadecimal Systems Before we delve into conversions, let’s refresh our understanding of decimal and hexadecimal systems: Decimal (DEC): This is the number system we use daily, based…
Read moreUnderstanding Hexadecimal and convert from HEX to DEC
Understanding Hexadecimal and Decimal Systems Before diving into conversions, let’s quickly review hexadecimal and decimal systems. Decimal (DEC): This is the number system we use in our everyday lives. It’s…
Read moreNavigating the Transition: Understanding IPv6 Transition Mechanisms
In the ever-evolving landscape of networking, the transition from IPv4 to IPv6 has become an essential journey for organizations worldwide. With the depletion of IPv4 addresses and the exponential growth…
Read moreOvercoming Enterprise WAN Challenges: Building for Agility and Scalability
Next related post can be found here -> Building an Agile Enterprise WAN: Key Design Considerations In today’s digital landscape, the enterprise network serves as a crucial foundation for connectivity…
Read moreBuilding an Agile Enterprise WAN: Key Design Considerations
Previous related post can be found here -> Overcoming Enterprise WAN Challenges: Building for Agility and Scalability In the realm of enterprise networking, the design of Wide Area Networks (WANs)…
Read moreUnderstanding Route-Maps in Networking: Enhancing Flexibility and Control
n the realm of network engineering, the ability to control and manipulate the flow of data is paramount. Route-maps are a powerful tool in network configuration, particularly useful in complex…
Read moreMastering Prefix Lists: Enhancing Network Filtering with LE and GE
In the realm of network administration, maintaining precise control over traffic flow is crucial for security, performance optimization, and resource management. Among the arsenal of tools available to network engineers,…
Read moreEVE-NG Node Credentials List
Instance Name Username Password Console type Cisco ASA 802 no passwd, hit enter telnet Cisco ASA 8.4.2, 9.1.5 no passwd, hit enter telnet Cisco ASAv no passwd, hit enter telnet Cisco…
Read moreExtend default LVM Volume
After the disk has been extended, then rescan for changes. This guide is based on the SDA disk and the 3 partition. Change the device and partition to match your…
Read moreActive Directory Environment: Understanding the Tiering Model
In today’s interconnected digital landscape, safeguarding sensitive data and maintaining robust security measures is paramount for businesses of all sizes. For organizations utilizing Microsoft Active Directory, implementing a tiering model…
Read moreThe Essential Guide to DSCP Values for QoS: Who, Why, and Where to Use Them
Quality of Service (QoS) is a fundamental technology in networks that require reliable and predictable data delivery. It allows for traffic prioritization and management, ensuring that critical applications and services…
Read moreUnraveling the Mysteries of BGP Path Selection
In the grand tapestry of the internet, Border Gateway Protocol (BGP) plays the pivotal role of the postal service, ensuring data packets are delivered through the most efficient routes across…
Read moreRsyslog Troubleshooting Guide
Initiating Debug Mode To kick off debug logging from the get-go, prepend your rsyslog.conf file with these lines. This ensures debug logging activates immediately upon the rsyslog service launching: After…
Read moreLimit Windows RPC Ports
When using domain services through a firewall the RPC ports must be limited from the range 1025-65535 to specific ports. Windows registry settings, must be implemented at least on domain…
Read moreUnderstanding SLA Times and the Quest for Nines: A Deep Dive into 3 Nines, 4 Nines, and 5 Nines
As businesses increasingly rely on digital services and technologies, the need for reliable and available systems has never been more critical. Service Level Agreements (SLAs) play a pivotal role in…
Read moreRepairing FortiAnalyzer when disk are in Read-Only mode
Maintenance Mode indicates that the system is unable to detect the hard drives, the hard drives cannot be correctly mounted, or the disk is experiencing corruption. If the hard drives…
Read moreHAProxy – Set Backend Server in maintenance mode
First install socat Execute the following command where <backend> and <Server> are replaced Example We can verify the servers with socat with the following command We get the following output…
Read moreWindows – Add NTP Server
Execute the following command, change the timesource to a FQDN or an IP Address Stop time Service unregister and register time service Start time Service Open a Command Prompt. Type…
Read moreUnifi – Set Option 43 for controller IP
Unifi uses option 43 so the switches and AccessPoints can find its controller if it is not present on the same L2 network. Option 43 should be filled out with…
Read moreRsyslog – Forward logs to another server
Create a new config file under the rsyslog config directory Use single @ for udp forwardingUse double @ for tcp forwarding Example of udp forwarding Example of tcp forwarding
Read moreRsyslog – Save login to a seperate file
Create a new rsyslog config file Add the following text
Read more