Mass Deployment of Fortigates

As with all mass deployment of products, make sure that there is no RMA equipment or DOA equipment from the vendor. Surprisingly enough it can happen but once that is confirmed use a simple checklist to provide standardization for your deployment.

One would simply think why not use a common deployment script or copy the configuration but when deploying Fortigate's en-masse you cannot properly copy the full configuration as they are unique to the hardware, software version And also have unique identifiers within the codes. It is recommended if you are going to do this that you just use specific chunks.

*Rant* I recently had an odd issue where Debit Machine would not function after a DNS change where 3 DNS options was provided through DHCP scope, come to find out that the Debit Machine's network stack does not support 3 DNS Servers which was causing it not to pick up the DHCP options at all. */rant*

Comments

How to setup a Host-Check for Fortigate SSL VPN

This document outlines how to setup a host-check for a Fortigate SSL VPN (Web only): config vpn ssl web portal edit "portalname" set web-mode enable set host-check custom set host-check-policy "Microsoft-Windows-Firewall" set os-check-enable set ip-pools "PoolName" set split-tunneling disable set page-layout double-column set theme orange config os-check-list "windows-7" set action check-up-to-date set latest-patch-level 1 end config vpn ssl web host-check-software edit "Microsoft-Windows-Firewall" config check-item-list edit 1 set target "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile:EnableFirewall==1" set type registry next edit 2 set target "HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile:EnableFirewall==1" set type registry next edit 3 set target "HKLM\\SYSTEM\\CurrentControlSet\\S...

Implementing 802.1X - Windows 2012R2 + Cisco 4500 Switches

Implementing 802.1X Using Windows Server 2012R2 & Cisco 4500 Series Switches Overview: This document is to outline how the configuration between Windows Server 2012 R2’s NPS Services and Cisco 4500 Series switches has been implemented. High Level Diagram: Requirements: Windows Server 2012 R2 with NPS Server installed Windows Server 2012 R2 with CA Services Windows AD Environment Cisco 4500 Series Switches Windows 7-10 Clients to connect NPS Configuration: 1. This assumes the above requirement that the NPS Service has already been installed on Windows Server 2012 R2 2. Disable all existing Policies under Connection Request Policies and Network Policies as you will be making your own, except one that states “Catch All” with the below parameters: 3. You will then need to add in a new Radius Client to have Policies built around. Friendly Name will be used going forward for the Policies for referencing the document. 4. Once completed...

OVA/OVF Templates and Older Versions of VMware ESXI

Recently ran into this issue which I feel is something that I should document, as it provides some additional details onto how to configure or modify an existing .ova or .ovf file which is the standard deployment template for ESXI/VMware. Here was the issue: - ESXI 5.5 - OVA required hardware type 8. Gave an error of " Unsupported hardware version - vmx-8" when testing. Based on everything I was reading, it isn't supported. So using the ovftool which can be found on VMware's Website ( here ) you can basically extract out the ova/ovf file into a directory, and then use it to modify the VMX file and then put it all back together. Steps: 1. Download the application and install it. 2. Go to the directory where the ovftool is stored via cmd line (Typically C:\Programs Files\Vmware\ect..) 3. Issue the following command: ovftool 4. Then modify the .vmx file so that it contains now the hardware ID of 7 (or whatever you need set for your release). 5. Then issu...

ElderUsr's Blog

Search This Blog