Local-In policies for FortiManager limits the IPs or IP ranges that can access the FortiManager. However, Local-In policies for FortiManager are rather rudimentary compared to Local-In policies for other device types like FortiGate. Local-In only affects inbound connections. It is therefore recommended to use other means to limit access to FortiManager. By default, all connections…
Category: Networking
Setting Up Remote Access VPN in FortiGate: Step-By-Step Guide
This guide will outline the steps to set up VPN Remote Access in FortiGate. Although you do not need FortiClient EMS, VPN with Fortinet is best used with it. Create a loopback interface and Virtual IP Although you can always just use the default outside interface, setting up a loopback and virtual IP (VIP) allows…
FortiGate / ArubaOS-Switch Reference Guide
This is a work in progress. Command ArubaOS-Switch FortiGate Show LLDP Neighbors # show lldp info remote-device # diagnose lldprx neighbor summary Set global remote auth timeout # config system global# set remoteauthtimeout <seconds> Show route table # show ip route # get router info routing-table all
Essential Linux/Mac/WSL Terminal Apps
I usually forget what apps I regularly use on a Linux terminal until I get a command not found error. This will act as my reference to remember to install these apps when using a new terminal. This is a work in progress and apps may be added or removed. Most of these apps are…
Useful Tools
Link Compilation Linux Useful Commands Linux Tool Alternatives
Allow SSH connections only from certain addresses using hosts.deny/hosts.allow
This is the method that can be used to allow SSH connections from certain IP networks. An example use for this is allowing SSH from certain public IP networks, as well as from my Tailscale network. If possible, it is probably better to use iptables/nftables/ufw or the firewall feature of your hosting provider if they…
Rate limit connections in Linux
Use the following iptables command to rate limit connections per IP. This is useful for preventing a DDoS attack on DNS servers. However, for DDoS protection for your DNS servers, you should be hosting DNS with the big cloud providers like Cloudflare, or running dnsdist in front of your authoritive servers.
Create a .pfx/.p12 Certificate File Using OpenSSL
Source: https://www.ssl.com/how-to/create-a-pfx-p12-certificate-file-using-openssl/ The PKCS#12 or PFX format is a binary format for storing the server certificate, any intermediatecertificates, and the private key into a single encryptable file. PFX files are usually found with theextensions .pfx and .p12. PFX files are typically used on Windows and macOS machines to import andexport certificates and private keys. Requirements…
Convert Aruba AP-325 from Campus mode to Instant mode
There are two versions of the Aruba AP-325. One version is the Campus AP that has 256MB of RAM. The other version is the Instant-AP with 512MB of RAM. Campus APs that are converted to Instant APs are limited to ArubaOS 6 and cannot be upgraded further even if Aruba Central or the AP themselves…
Enable Melanox Connect X support in OPNsense
Support for Mellanox Connect-X NICs aren’t enabled on OPNsense by default. The following line has to be added to /boot/loader.conf.local. However this did not work for me and I had to add this from the web interface, System → Settings→ Tunables.