Below is a hardened, modular baseline that merges your management/HA/monitoring/logging snippets with additional controls for loopback-VPN, strict local-in rules, and geo-fencing. Each block stands alone and can be applied independently.…
Read moreThe credential file should have the CHMOD of 600 Explanation of Each Option Option Description sudo Runs the command with root privileges. Required for Certbot to modify system files and…
Read moreInstall Python Install Certbot If you want to use certbot automatic for cloudfare install the following If you want to use it for either nginx og apache with automation of…
Read moreThis guide outlines the steps to set up SAML-based Single Sign-On (SSO) for FortiGate administrator access, leveraging Microsoft Entra ID as the Identity Provider (IdP). Overview Terminology Mapping FortiGate Term…
Read moreFollow these steps to regenerate OpenSSH Host Keys
Read moreTo upgrade TimescaleDB within Docker, you need to download the upgraded image, stop the old container, and launch the new container pointing to your existing data. Connect to the upgraded…
Read moreUpgrading a PostgreSQL database within a Docker environment requires careful planning to ensure data integrity and system stability. Here’s a structured approach to performing a major version upgrade: Prerequisites Step…
Read moreWhen working with FortiGate firewalls, you might encounter a situation where FortiGuard Web Filtering services become unreachable after a reboot. This can prevent users from accessing web-filtered resources, leading to…
Read moreFirst prep the system for the auto expand script Add the Script to crontab to run every 15 minutes Save the script in /etc/expand-disk/auto-expand-disk.sh (Full copy-paste command is present below…
Read moreWhen restoring a configuration backup on a High Availability (HA) cluster, the process should be performed only on the primary unit. The configuration will then automatically synchronize with the secondary…
Read moreBy default, Windows 11 requires you to log in with a Microsoft account during the initial setup process, also known as the Out-of-Box Experience (OOBE). This requirement is part of…
Read moreIf it should be executed by a GPO and only once, use the following
Read moreCreate scope through powershell Set options like, DNS Server, DNS Suffix and Default Gateway
Read moreIf you do not want to run sudo before docker commands add your user to the docker group.This is not recommended
Read moreAfter the disk has been extended, then rescan for changes. This guide is based on the SDA disk and the 3 partition. Change the device and partition to match your…
Read moreDomain controllers play a crucial role in your network. To protect them, ensure that the firewall is enabled and that only the necessary ports for your Domain Controller are open.…
Read moreIf you attempt to convert or upgrade Windows Server Evaluation to a fully licensed edition using the standard command line or the CHANGE KEY GUI, you may encounter errors such…
Read moreFind the LVM details of the volume group that you want to add a disk to: Example output, The two with bold are the needed information in this example Find…
Read moreDebian as an example. Install the ca-certificates package: You then copy the public half of your untrusted CA certificate (the one you use to sign your CSR) into the CA…
Read more1: Generate CSR. It will be required in step 3. 2: Right-click Start | select Windows PowerShell (Admin) to launch PowerShell as administrator.3: Execute the following certreq command: CertificateTemplateName Substitute…
Read more1. Man and help info for IPMItool ipmitool help man ipmitool 2. To check firmware version ipmitool mc info 3. To reset the management controller ipmitool mc reset [ warm…
Read moreInstance Name Username Password Console type Cisco ASA 802 no passwd, hit enter telnet Cisco ASA 8.4.2, 9.1.5 no passwd, hit enter telnet Cisco ASAv no passwd, hit enter telnet Cisco…
Read moreAfter the disk has been extended, then rescan for changes. This guide is based on the SDA disk and the 3 partition. Change the device and partition to match your…
Read moreInitiating Debug Mode To kick off debug logging from the get-go, prepend your rsyslog.conf file with these lines. This ensures debug logging activates immediately upon the rsyslog service launching: After…
Read moreWhen using domain services through a firewall the RPC ports must be limited from the range 1025-65535 to specific ports. Windows registry settings, must be implemented at least on domain…
Read moreMaintenance Mode indicates that the system is unable to detect the hard drives, the hard drives cannot be correctly mounted, or the disk is experiencing corruption. If the hard drives…
Read moreFirst install socat Execute the following command where <backend> and <Server> are replaced Example We can verify the servers with socat with the following command We get the following output…
Read moreExecute the following command, change the timesource to a FQDN or an IP Address Stop time Service unregister and register time service Start time Service Open a Command Prompt. Type…
Read moreUnifi uses option 43 so the switches and AccessPoints can find its controller if it is not present on the same L2 network. Option 43 should be filled out with…
Read moreCreate a new config file under the rsyslog config directory Use single @ for udp forwardingUse double @ for tcp forwarding Example of udp forwarding Example of tcp forwarding
Read moreCreate a new rsyslog config file Add the following text
Read moreCreate a folder to contain the .cfg files Change the systemd file used for the HAProxy Service Find the line that starts with Environment Edit the line so it contains…
Read morePrerequisites IIS must be installed and working from the clients that will need the RootCA or certs signed by the RootCA server. See more for a simple IIS install guide…
Read morePrerequisites IIS must be installed and working from the clients that will need the RootCA or certs signed by the RootCA server. See more for a simple IIS install guide…
Read moreOpen powershell and install the iis windwos feature Open the IIS manager Expand the Sites and expand the Default Web site. Right click and create new virtual directory Create the…
Read moreView the Fortigate best practices for 7.6 –> HERE Management *Missing from this guide. Management users from central user database ( LDAP, SAML etc ) Configure the web management portsHostname…
Read moreManagement Network Should be independent from production or business traffic, it does not have to compete for resources and management access can be maintained when reconfiguring the production network. Policies…
Read moreThere are consistency check in the Lenovo swtiches when they are participating in a MCLAG cluster. Therefor the switche will shutdown the ports if there are an inconsistency between the…
Read moreInstall the Windows feature. Open powershell as admin and execute the following command I strongly reccomend to not use the server name as the CA Common Name, since this will…
Read moreThe username you use must be defined explicitly with “privilege 15” as part of the definition, so it will look like this perhaps: That puts your user in privileged mode…
Read more1) Enable Multicast forwarding: 2) Interface configuration:Two different interface having two different IP addresses assigned. 3) Configuring Multicast Policies: 4) Check if multicast routing is enabled or not:
Read moreThe new FortiConverter is designed as a web application. The application (FortiConverter.py) should be run with Administrator privileges because it reads and writes data from/to high privilege directories. For security…
Read moreFactory reset when forgot admin password Reboot the fortigate When the login prompt appears you have max 14 seconds to login with the maintainer account Username: maintainer Password: bcpb<FORTIGATE…
Read morehttps://kb.fortinet.com/kb/documentLink.do?externalID=FD33882
Read more