Blog

Fortigate Multiple Interface Policy

“Welcome to my channel! In this video, I will describe how to configure firewall policies with multiple source and destination interfaces in FortiGate. We’ll be looking at how to allow traffic between multiple interfaces on your FortiGate firewall, which is particularly useful when you have different subnets that you want to control traffic between or when you have multiple VLANs that need to communicate with each other. By the end of this video, you’ll have a better understanding of how to configure these policies in FortiGate and how they can help secure your network.

  1. Network Interfaces:
    • In a FortiGate device, you typically have multiple network interfaces, each connected to a different network segment or zone. These interfaces can be physical (Ethernet ports) or virtual (VLANs, subinterfaces, loopback interfaces, etc.).
  2. Traffic Flow:
    • Traffic flows between these interfaces as data packets are transmitted through the FortiGate device. Each interface represents a different security zone, and traffic between these zones must be controlled and inspected for security purposes.
  3. Security Policies:
    • FortiGate uses security policies to determine how traffic is treated as it passes between these interfaces. Security policies are rules that define the permitted actions for specific types of traffic. They include criteria like source and destination IP addresses, ports, protocols, and more.
  4. Multiple Interface Policy:
    • The “Multiple Interface Policy” feature in FortiGate allows you to create a single security policy that applies to traffic flowing between multiple interfaces or zones. This is especially useful when you want to define a consistent policy for a specific category of traffic across multiple interfaces.
  5. Use Cases:
    • There are several use cases for Multiple Interface Policies:
      • DMZ Configuration: If you have a DMZ zone with multiple servers that need different levels of access, you can create a single policy to control traffic from different internal zones to the DMZ.
      • Guest Network Isolation: You can use this feature to control traffic from the guest network to multiple internal networks with a single policy.
      • VPN Traffic: When you have multiple VPN tunnels terminating on different interfaces, you can create a policy that applies to traffic from all those tunnels.
  6. Policy Configuration:
    • When configuring a Multiple Interface Policy, you define the policy’s source and destination interfaces (security zones), specify the criteria for matching traffic (source/destination addresses, services, users, etc.), and define the action to take (allow, deny, NAT, etc.).
  7. Policy Order:
    • Policy order is important. FortiGate processes policies from top to bottom, and the first matching policy is applied. So, you should order your Multiple Interface Policies appropriately to ensure that more specific policies are evaluated before broader ones.
  8. Logging and Monitoring:
    • FortiGate provides extensive logging and monitoring capabilities, allowing you to track traffic as it traverses the different interfaces and the policies applied to it.
  9. Traffic Inspection:
    • Depending on your policy settings, FortiGate can perform various security functions like antivirus scanning, intrusion detection and prevention, content filtering, and more on the traffic as it flows between interfaces.

In summary, FortiGate Multiple Interface Policies are a crucial part of network security configuration. They enable you to manage and secure traffic between multiple network interfaces by defining specific security policies that dictate how traffic should be handled. This feature is particularly useful in complex network environments with diverse security requirements.

FortiGate Two Factor Authentication with Email

Hello everyone, in this video, I will introduce how you can set up 2-step verification for SSL VPN users by sending a token through email. By default, there is no way to enable this option via the graphical user interface. We must enable this feature from the CLI.

1. User Login Request:

  • When a user attempts to log in to a FortiGate-protected resource, such as a VPN, web portal, or firewall management interface, they provide their username and password as the first authentication factor.

2. Verification of Username and Password:

  • FortiGate first verifies the provided username and password against its user database or an external authentication source, such as LDAP, RADIUS, or Active Directory. If the credentials are valid, the user passes the first authentication factor.

3. Request for Second Authentication Factor:

  • Once the user successfully completes the first factor (username and password), FortiGate prompts the user for the second authentication factor. In this case, it’s an email-based authentication.

4. Email-Based Authentication:

  • FortiGate sends an email containing a one-time passcode (OTP) or a link to the user’s registered email address. This email typically includes instructions on what the user should do next.

5. Retrieving and Entering the OTP:

  • The user checks their email and retrieves the OTP or clicks on the provided link. The OTP is typically time-limited and can only be used once for security purposes.

6. Entering the OTP or Confirming Access:

  • The user enters the OTP from the email into the FortiGate login prompt or clicks on the link, which confirms their identity as the second authentication factor.

7. Verification of Second Factor:

  • FortiGate verifies the entered OTP or link against its records to ensure it matches the one it sent to the user’s email. If the OTP or link is valid and within the time window, the user passes the second authentication factor.

8. Access Granted:

  • Once both factors are successfully authenticated (username/password and email-based OTP/link), FortiGate grants the user access to the requested resource or system.

9. Continuous Monitoring:

  • FortiGate may also implement continuous monitoring and session management to ensure that user sessions remain secure throughout their usage.

It’s worth noting that while email-based 2FA is a common method, FortiGate also supports various other second-factor authentication methods, including SMS-based codes, hardware tokens, software tokens, and push notifications through mobile apps. The choice of the second-factor method can depend on the organization’s security policies and user preferences.

Implementing 2FA with email in FortiGate enhances security by adding an extra layer of authentication, making it more challenging for unauthorized users to gain access to critical resources and helping protect against unauthorized access and data breaches.

Install and Config Cisco ASA on GNS3

Hello, today we will install GNS3 with you and then we will install CISCO ASA on it. I will also explain how we can connect to Cisco ASA with ASDM.

Let’s start.

Step 1: Obtain Cisco ASA Image

You’ll need a Cisco ASA image file to run it in GNS3. You can acquire this image from legal and legitimate sources, such as Cisco’s official website, or if you have a Cisco ASA device, you may be able to extract it. Make sure you have the proper licensing to use the image.

Step 2: Install GNS3

If you haven’t already, download and install GNS3 on your computer from the official website (https://www.gns3.com/). Follow the installation instructions for your specific operating system.

Step 3: GNS3 Initial Setup

  1. Launch GNS3 and complete the initial setup wizard. This typically includes configuring preferences like where to store your projects and images.
  2. Make sure you have the GNS3 VM (Virtual Machine) configured and running. You can download the GNS3 VM from the GNS3 website and follow the installation instructions provided there.

Step 4: Add Cisco ASA to GNS3

  1. In GNS3, go to “Edit” > “Preferences.”
  2. In the Preferences window, click on “QEMU VMs” on the left sidebar.
  3. Click the “New” button to add a new virtual machine.
  4. Provide a name for the virtual machine (e.g., “Cisco ASA”).
  5. In the “Type” dropdown menu, select “ASA” for Cisco ASA.
  6. In the “QEMU binary” section, browse and select the QEMU binary executable. This binary should be located in your GNS3 VM.
  7. Set the RAM and CPU settings based on your system resources and requirements.
  8. Click “Next” and follow the on-screen instructions to complete the virtual machine setup.

Step 5: Add ASA Image to GNS3

  1. In GNS3, go to “Edit” > “Preferences” again.
  2. In the Preferences window, click on “QEMU” on the left sidebar.
  3. Click the “QEMU VMs” tab.
  4. Select the “Cisco ASA” virtual machine you created earlier.
  5. In the “QEMU Options” section, click the “Browse” button next to “QEMU image” and select the Cisco ASA image file you obtained.

Step 6: Configure Cisco ASA in GNS3

  1. Drag and drop the Cisco ASA device from the GNS3 device list onto your GNS3 workspace.
  2. Right-click on the ASA device and choose “Start.”
  3. Right-click again and select “Console” to open the console window for the ASA.
  4. Configure the ASA as needed using the command-line interface (CLI). This includes setting up interfaces, IP addresses, access control policies, and any other configurations you require.
  5. Save your configurations to ensure they persist across sessions.

With these steps, you should have a Cisco ASA running in GNS3, ready for configuration and testing in your simulated network environment. Remember to follow proper licensing and usage guidelines when using Cisco ASA images.

How to Configure VXLAN on Fortigate

Hello everyone, in this video I will show how can you extend VLANs over IP. In FortiGate by using vxlan you can do this.

How to Configure VXLAN on Fortigate

1. Access the FortiGate GUI:

  • Open a web browser and enter the IP address of your FortiGate firewall to access the graphical user interface (GUI).
  • Log in with administrator credentials.

2. Create VXLAN Interface:

  • Navigate to Network > Interfaces.
  • Click Create New and select VXLAN.
  • Fill in the following details for the VXLAN interface:
    • Name: A descriptive name for the VXLAN interface (e.g., VXLAN1).
    • Alias: An optional alias for identification purposes.
    • VLAN ID (Optional): If you want to associate the VXLAN interface with a specific VLAN, provide the VLAN ID.
    • VXLAN ID (VNI): Specify a unique VXLAN ID. This is critical, as it is used to identify the VXLAN segment. Ensure that VNIs match across devices in your VXLAN network.
    • VXLAN Port: Specify the UDP port for VXLAN traffic (default is 4789).
  • Click OK to create the VXLAN interface.

3. Configure VXLAN Settings:

  • Under Network > VXLAN, select the VXLAN interface you just created.
  • Configure the following VXLAN settings:
    • Local IP Address: Enter the IP address associated with the FortiGate’s VXLAN interface. This IP should be on the same subnet as the VXLAN endpoints.
    • Multicast Address (Optional): If you intend to use multicast for VXLAN traffic, specify a multicast IP address. Ensure that both ends of the VXLAN have the same multicast settings.
    • Remote IP Address (Peer): Enter the IP address of the remote FortiGate firewall or VXLAN endpoint that you want to connect to.
  • Click OK to save the VXLAN settings.

4. Create VXLAN Overlay Network:

  • Go to Policy & Objects > Objects.
  • Click Create New and select Virtual Network.
  • Fill in the VXLAN overlay network details:
    • Name: A descriptive name for the VXLAN overlay network.
    • Interface: Select the VXLAN interface you created in step 2.
    • VXLAN ID (VNI): Set the same VNI as you did in the VXLAN interface configuration.
  • Click OK to create the VXLAN overlay network object.

5. Create Firewall Policies:

  • Under Policy & Objects > IPv4 Policy, create firewall policies to allow traffic between VXLAN overlay networks or between VXLAN networks and the physical network.
  • In the policy settings:
    • Define the source and destination addresses using the VXLAN overlay network objects you created.
    • Specify the desired action (e.g., allow).
    • Set any required security profiles, such as antivirus or intrusion prevention.
  • Click OK to create the firewall policy.

6. Routing (if needed):

  • If routing between VXLAN overlay networks or between VXLAN and physical networks is necessary, configure routing on the FortiGate firewall.

7. Security Profiles (if needed):

  • Apply security profiles to the firewall policies to enhance security for VXLAN traffic. These profiles can include antivirus scanning, intrusion prevention, and application control.

8. Monitor and Troubleshoot:

  • Use the FortiGate GUI or CLI to monitor the VXLAN interface’s status and traffic.
  • Check logs for any issues or errors related to VXLAN.
  • Verify that routes are correctly configured, especially if you have multiple VXLAN segments.

9. Repeat on Remote FortiGate (if applicable):

  • If you have multiple FortiGate firewalls participating in the VXLAN network, repeat the configuration steps on the remote FortiGate(s), ensuring that VXLAN settings match on both ends.

10. Test and Verify:

  • Test connectivity between devices on the VXLAN overlay networks to ensure that traffic is correctly routed and policies are applied.

Always consult the Fortinet documentation for your specific FortiGate model and firmware version, as there may be slight variations in the user interface and configuration options.

Reset Password for HP storage

Hello everyone. In this video I will show how you can reset your HP storage password. With this method, you can reset any type of HP storage password.

Reset Password for HP storage

Note: Before proceeding, ensure you have the necessary permissions and authority to reset passwords, as this action can have security implications.

  1. Access the Management Interface:
    • Connect a computer to the same network as the HP storage system.
    • Open a web browser and enter the IP address of the storage system. This IP address can usually be found on a label on the front or back of the storage device.
    • Log in to the management interface using the current administrator username and password. If you’ve forgotten the password, proceed with the password reset.
  2. Locate the Password Reset Option:
    • Explore the management interface menus and navigation options to find the password reset feature. Common locations include:
      • System Settings: Look for options related to “User Management,” “Security,” or “Authentication.”
      • User Management: Navigate to the user management section where you can edit user profiles.
  3. Select User Account:
    • In the user management section, locate your user account or the account for which you want to reset the password.
  4. Initiate Password Reset:
    • Click on the user account, and you should see an option to reset the password. This might be labeled as “Change Password,” “Reset Password,” or something similar.
  5. Identity Verification:
    • You may be prompted to verify your identity. This can be done by providing information such as your username, email address, or answering security questions.
  6. Reset Password:
    • Once your identity is verified, you can reset the password. You’ll typically need to enter a new password and confirm it. Make sure to create a strong and secure password following any password policy requirements.
  7. Confirmation:
    • After successfully resetting the password, you should receive a confirmation message. It may include information about the updated password and any changes made to your account.
  8. Log In with New Password:
    • Use the newly reset password to log in to the management interface. Ensure that the new credentials work as expected.
  9. Update Password Policy (if necessary):
    • It’s advisable to review and update the password policy settings to align them with your organization’s security requirements. This might include setting password expiration periods and complexity requirements.
  10. Test Access:
    • Confirm that you can access and manage the HP storage system using the new password.
  11. Document the Changes:
    • It’s important to maintain a record of password changes for audit and security purposes. Document the date and reason for the password reset.
  12. Securely Store the New Password:
    • Store the new password securely, and ensure that only authorized personnel have access to it.

If you encounter any difficulties during the password reset process or have concerns about security, consider contacting HP support or your IT department for assistance. Always prioritize security when managing passwords for your storage systems.

vSphere ESXi 8.0 Installation and Configuration

Hello everyone, today I am going to show you how can install and configure ESXi 8 , as you know this version was released some days ago. you can watch the video or continue to read this document.

vSphere ESXi 8.0 Installation and Configuration

Installation:

  1. Prepare Installation Media:
    • Download the ESXi 8.0 ISO image from the VMware website.
    • Create a bootable installation media, typically a USB flash drive, using a tool like Rufus (Windows) or dd (Linux).
  2. Boot and Start Installation:
    • Insert the bootable USB drive into the server.
    • Power on the server and access the BIOS/UEFI settings to boot from the USB drive.
    • When prompted, select the boot device (usually your USB drive) to start the ESXi installation.
  3. Welcome and EULA:
    • You’ll see a welcome screen. Press “Enter” to continue.
    • Accept the End User License Agreement (EULA) by pressing “F11.”
  4. Select Installation Disk:
    • Choose the storage device where ESXi will be installed.
    • If the disk contains existing data, you can choose to overwrite it or select another disk.
  5. Keyboard Layout:
    • Select the keyboard layout that matches your preferences.
  6. Set Root Password:
    • Create a strong root password for the ESXi host and confirm it.
  7. Installation Options:
    • ESXi offers various installation options. The default option is recommended for most installations. Press “Enter” to proceed.
  8. Begin Installation:
    • Press “F11” to start the installation. ESXi will copy files to the selected storage device.
  9. Installation Complete:
    • Once the installation is finished, remove the installation media (USB drive) and press “Enter” to reboot the server.

Configuration:

  1. Initial Configuration:
    • After rebooting, you’ll see the ESXi welcome screen.
    • Press “F2” to customize system settings.
    • Log in using the root username and password you set during installation.
  2. Configure Management Network:
    • In the configuration menu, navigate to “Configure Management Network.”
    • Set the network configuration, including IP address, subnet mask, gateway, and DNS servers.
  3. Time and Date Settings:
    • Configure time and date settings under “Configure Time and Date.”
  4. Security Configuration:
    • Review and adjust security settings, such as the root password policy, under “Security Profile.”
  5. Access Management Interface:
    • Press “ESC” to exit the configuration menu.
    • Save your changes by pressing “F12,” which will also reboot the server.

Accessing vSphere Client:

  1. Open a web browser on a computer connected to the same network as the ESXi server.
  2. Enter the IP address or hostname of your ESXi server in the browser’s address bar.
  3. Download and install the vSphere Client (or use the web-based vSphere HTML5 client if available).
  4. Log in to the vSphere Client using the root username and password.

Additional Configuration:

  1. Within the vSphere Client, you can perform various tasks, including:
    • Creating virtual machines (VMs).
    • Managing storage resources.
    • Configuring networking settings.
    • Setting up virtual switches and port groups.
    • Installing and managing ESXi updates and patches.
  2. Consider configuring advanced features like High Availability (HA), Distributed Resource Scheduler (DRS), and vMotion for improved virtual infrastructure management.

Remember that this is a general guide, and specific steps may vary depending on your environment and the exact version of VMware vSphere ESXi 8.0. Always refer to the official VMware documentation and release notes for the most accurate and up-to-date instructions. Additionally, ensure your hardware is on the VMware Hardware Compatibility List (HCL) for ESXi 8.0.

Create Red Hat Account and Activate the Subscription

Hello everyone, in this video, I am going to show you how you can create an account on redhat.com and activate your subscription, that’s free

Create Red Hat Account and Activate Subscription

Step 1: Access the Red Hat website

  • Open your web browser and navigate to the official Red Hat website, which is https://www.redhat.com/. Ensure that you are visiting the legitimate website to prevent any security risks.

Step 2: Sign Up for a Red Hat Account

  • Click on the “Sign In” or “Log In” button in the upper right-hand corner of the website. This will take you to the login page.
  • If you don’t have a Red Hat account, look for an option that allows you to create one. This is typically labeled as “Create Account” or “Sign Up.” Click on it to start the registration process.

Step 3: Fill in Your Information

  • The registration form will ask for various pieces of information:
    • Personal Information: This includes your full name, job title, and company or organization name. Ensure accuracy, as this information may be used for verification purposes.
    • Contact Information: Provide a valid email address, phone number, and physical address. Red Hat may use this information for communication and to send important notifications.
    • Username and Password: Create a unique username that you will use to log in to your Red Hat account. The password should be strong, containing a mix of upper and lower-case letters, numbers, and special characters. Red Hat often has specific password requirements.
  • Pay careful attention to password requirements. They may vary based on Red Hat’s security policies.

Step 4: Agree to Terms and Conditions

  • Before proceeding, it’s crucial to review and accept Red Hat’s terms and conditions, privacy policy, and any other relevant agreements. These documents outline the rules and guidelines for using Red Hat’s services and products.

Step 5: Verify Your Email

  • After submitting your registration information, check your email inbox for a verification message from Red Hat. This email is sent to the address you provided during registration.
  • Open the verification email and click on the verification link inside to confirm your email address and activate your Red Hat account.

Step 6: Log In to Your Red Hat Account

  • Return to the Red Hat website after confirming your email address.
  • Click on “Sign In” or “Log In” again.
  • Enter the username and password you created during the registration process to log in to your newly created Red Hat account.

Step 7: Access Subscription Management

  • Once logged in, you will have access to the Red Hat Customer Portal, which provides various resources and tools for managing your Red Hat products and services.
  • Navigate to the “Subscription Management” section. This is where you can manage your subscriptions and access other resources related to Red Hat products.

Step 8: Activate Your Subscription

  • In the Subscription Management section, you’ll find options for managing your subscriptions.
  • To activate a subscription, you will need to enter a subscription or activation key. This key is typically provided by Red Hat when you purchase a subscription or may be given to you by your organization’s system administrator.
  • Enter the key in the appropriate field and follow the prompts provided on the screen. This process may include verifying your subscription details and confirming the activation.

Step 9: Confirm Activation

  • After successfully entering the activation key and completing any required steps, you should receive a confirmation message that your subscription has been activated.
  • This confirmation indicates that your Red Hat subscription is now active and ready for use.

By following these detailed steps, you should have created a Red Hat account and successfully activated your subscription. This will grant you access to Red Hat’s products and services, including Red Hat Enterprise Linux, along with support and updates for the duration of your subscription period. Remember to keep your subscription up to date and renew it when necessary to maintain access to Red Hat’s resources and support.

Install Oracle Database 19c on linux

Hello everyone today I am going to install oracle 19c on Linux RedHat 8.6. also in this video, I will talk about x11 forwarding and its problem, and install oracle 19c on the new version of RedHat

How to install Oracle 19c On Linux , X11 Forwarding problem

Prerequisites:

  1. Hardware and Software Requirements: Verify that your system meets the hardware and software requirements specified in Oracle’s documentation.
  2. Linux User and Groups:
  • Create a dba group:

bash

sudo groupadd dba

  • Create the oracle user and add them to the dba group:

bash

sudo useradd -g dba oracle

  • Set a password for the oracle user:

bash

sudo passwd oracle

3. Kernel Parameters and Resource Limits: Modify the kernel parameters and resource limits as recommended by Oracle. Edit the /etc/sysctl.conf file and add or update these lines:

fs.file-max = 6815744

kernel.sem = 250 32000 100 128

kernel.shmmni = 4096

kernel.shmall = 1073741824

kernel.shmmax = 4398046511104

kernel.panic_on_oops = 1

net.core.rmem_default = 262144

net.core.rmem_max = 4194304

net.core.wmem_default = 262144

net.core.wmem_max = 1048576

net.ipv4.conf.all.rp_filter = 2

net.ipv4.conf.default.rp_filter = 2

Then, apply the changes:

sudo sysctl -p

Edit the /etc/security/limits.conf file and add the following lines at the end of the file:

oracle soft nproc 2047

oracle hard nproc 16384

oracle soft nofile 1024

oracle hard nofile 65536

Installation:

  1. Download Oracle Database 19c: Visit Oracle’s website to download the Oracle Database 19c installation files for Linux.
  2. Extract Installation Files:
    • Unzip the downloaded files:

unzip oracle-database-19c-*.zip

Installation:

  1. Download Oracle Database 19c: Visit Oracle’s website to download the Oracle Database 19c installation files for Linux.
  2. Extract Installation Files:
    • Unzip the downloaded files:

codeunzip oracle-database-19c-*.zip

3. Run Oracle Universal Installer (OUI):

  • Navigate to the database directory where you extracted the files.
  • Run the Oracle Universal Installer as the oracle user:

bash

./runInstaller

4. Oracle Installation Steps:

  • Follow the graphical prompts in the Oracle Universal Installer:
    • Choose “Install database software only.”
    • Specify the Oracle Base and Software Location.
    • Select the edition and options you want to install.
    • Provide the Oracle Inventory Directory (usually /u01/app/oraInventory).
    • Follow the rest of the installation wizard, including setting the Oracle Home user password.

5. Execute Root Scripts:

  • After the installation is complete, the installer will prompt you to run root scripts. Open a new terminal as the root user and execute the scripts as instructed.

6. Create and Configure a Database:

  • You can use the Database Configuration Assistant (DBCA) or command-line tools like SQL*Plus to create and configure an Oracle Database instance.

7. Start and Stop the Database:

  • Start the Oracle Database with SQL*Plus or by using the provided scripts like dbstart:

sqlplus / as sysdba
SQL> startup

  • Stop the database with SQL*Plus or dbshut.

8. Testing:

  • Verify that the Oracle Database is running correctly by connecting to it, creating tables, and executing queries.

Remember that this is a simplified overview, and you should always refer to Oracle’s official documentation and installation guides for the most accurate and up-to-date instructions. Oracle installations can be complex, and it’s important to ensure that your system meets all prerequisites and requirements. Consider involving an experienced Oracle DBA if you are unfamiliar with the process.