Came across the need to allow SSL VPN clients access to remote networks beyond the SPOKE Firewall. In this instance, we have an IPSEC LAN-2-LAN VPN Tunnel between two points, we’ll use the name HQ & Sister-Company. A remote user accessing the HQ Firewall needs access to the Sister-Company file server. Instead of configuring another instance of a user on the Sister-Company firewall or another instance in the SSL VPN Client, we can allow access from the HQ Firewall.
HQ Fortigate LAN2LAN VPN MUST be configured in interface/route mode. SSL_VPN clients connect to the HUB FGATE ie. HQ
FW-Policy(s):
* ssl.root:(source subnet) -> VPN_Interface:(destination subnet)
* WAN:(source subnet) -> VPN_Interface:(destination subnet) (ACTION) SSL-VPN (identify “interesting traffic” on the SSL Client. Make sure to set the group access under this policy.
Route(s):
* Destination_Network:VPN_Interface
Connect using the SSL_Client and ping a host on the far side and see if your COUNT SEND/Receive increment with each ping on the SSL VPN Client.
While I carry heavy conviction on politics, one area I do not like our US Gov involved in is the Internet. Stop Online Piracy Act is yet another intrusion into it’s citizens lives. You may hear this only affects non-citizens, think again. You give an inch, they, the US GOV will take more than a mile.
Upgraded a test system to review the features/fixes, but it’s been getting some complaints from other admins that the IPSengine is consuming mass amounts of memory again. I’d recommend waiting for 4.3.5.
Ever wanted to RDP (Remote Desktop Protocol) into a Windows system and utilize your dual monitors for more real estate? Well, I guess many do not know this, but it’s possible.
* Assuming you’re RDP Client is 6+ (Introduced in Vista)
Click>Start>Run and type “mstsc /v:IP OR NAME OF SERVER /span
In later version, the function MULTIMON mode is available. For more information, click MSDN
I was one of those who downloaded OSX Lion the day it was publicly available. Little did I know how many of the APP’s i depend on daily would fail to work. Here’s a small list..
- MacKeeper
- ZTerm – For my USB to SERIAL console connections ie Cisco, HP, Fortinet
- USB to Serial Adaper – For the above
- GPG – Mail Key encryption
Luckily, many of the developers were working to resolve these “breakages”. I found this site to resolve item 2 & 3 for me. Just make sure you SUDO those commands.
For some time now, we were looking for a quality dependable name brand “server”. The sole purpose of this server is for backup/DR storage. We use ShadowProtect for our customers and hanging 2TB USB drives off each server was becoming a hassle and a limitation. After a bunch of reading on the HP Proliant Microserver, I’m pretty impressed. For us, it hits a sweet spot. Not too big, not too small – smaller than a sheet of typical printer paper (height and width) but capable of housing 4 hotswap drives & possibly two more without much modification in the CDROM bay.
The server came with 1GB Ram and a 250GB harddrive. After burning FreeNAS 8.x ISO to CD, I plugged in a USB CDROM and 16GB USB memory stick. Booting off the CDROM and installing FreeNAS onto the USB stick took 15 minutes. Upon booting and initial configuration, FreeNAS could not detect the stock 250GB HD. Not sure why, but I read the same elsewhere. Also, integrating into ActiveDirectory did not seem to work so after much reading I decided to try FreeNAS 7.2.
FreeNAS 7.2 proved fruitful. ActiveDirectory integration was sound, the stock 250GB HD was detected; perfect. I decided to pull the 250GB and install (4) 1TB WesternDigital RE3 Drives. I prefer enterprise drives vs desktop for the MTBF. FreeNAS picked up the new drives after performing a RESCAN. Formatted each drive as “software-raid”. Plan is to use RAID5 yielding a 2.7TB volume. Initializing took about 2 hours.
Simple CIFS copy tests with its current configuration yielded 40MB/sec. After changing the “Send and Receive buffer sizes” from default 16MB (16384) to 128MB (131072) my performance improved by 20%.
A crazy idea I had was to boot from a USB VMware Stick, install FreeNAS as a VM and format 80% of space for storage. If for any reason a physical server melted, the ability to P2V on this server would be ideal; for temporary purposes obviously. A must, however, would be to upgrade the memory from 1GB to it’s maximum, which is 8GB.
But that’s not all that crazy is it?
Have you noticed that some Auto lock features such as “never” is missing? I’m willing to bet you have an “Exchange” Account configured thus complying to certain security settings, you cannot have your iPad stay unlocked. Simple solution? Remove your Exchange account, but who’s going to do that?
Well, I have been been a buying “FIEND” with so many apps having a Memorial Day sale. Let’s see, I’d recommend the Splashtop Remote Desktop App, NBA Jam, Battlefield Bad Company 2, all just $0.99 – I’m still searching for more deals…enjoy!
The search is over, as the band Survivor sang – For me, it’s the correct and easy way to root my Droid X.
DISCLAIMER:
The process of rooting is highly frowned upon by carriers & I am simply providing this information for individuals curious about how the process works. I do not encourage that ANYONE root their device. It has potential to void your warranty, and as it is unsupported, can render your device unusable.
My website is for informational purposes only. I do not endorse any tool / software / app. You are acting at your own risk and curiosity if you apply the tutorials / procedures I state on my website. Please exercise caution and always use your best judgment before proceeding. It is always best to back up your data before doing anything with your device.
Here is what I did simple and sweet.
- Locate the file on Google or wherever “z4root.1.3.0.apk”
- Copy it to your Droid X either direct download or USB tether
- On the DroidX, Download ASTRO File Manager from Android Market Place
- On the DroidX, Open Settings > Applications
- Check the option “Unknown Sources” Allow installation of non-Market applications
- Decide whether you agree to expose your phone or not
- Locate the z4root.1.3.0 package using ASTRO & Click it
- Open App Manager
- Select Launch
At this point, it will ask you if you want a temporary root or permanent. Your decision.
Once it kicks off, it takes just about 30 seconds and the phone reboots. After boot up, you should see a couple apps called “Superuser” & “z4mod”. The z4mod allows you to return your phone to pre-root status. You’re done! Now go download Barnacle!
I recently upgraded my ESXi host to 4.1u1 and forgot to enable SSH. In the past, from what I know, you can only enable SSH on a vmware host by the hidden feature or via menu on the console requiring you to be there or depend on a IP-KVM device.
Apparently, you can enable it remote!
- Fire up vSphere Client
- Go to Configuration Tab (vmhost must be highlighted not a vm)
- Select Security Profile (You should see a few services listed ie Remote Tech Support (SSH)
- Click Properties to the top right of the list
- Another box will appear – Select Remote Tech Support (SSH)
- Click Options
- Select your preference (Start Automatically)
- Click Start
- Click OK – That’s it!
You should be able to log in now via SSH