Came across the need to allow SSL VPN clients access to remote networks beyond the SPOKE Firewall. In this instance, we have an IPSEC LAN-2-LAN VPN Tunnel between two points, we’ll use the name HQ & Sister-Company. A remote user accessing the HQ Firewall needs access to the Sister-Company file server. Instead of configuring another instance of a user on the Sister-Company firewall or another instance in the SSL VPN Client, we can allow access from the HQ Firewall.
HQ Fortigate LAN2LAN VPN MUST be configured in interface/route mode. SSL_VPN clients connect to the HUB FGATE ie. HQ
FW-Policy(s):
* ssl.root:(source subnet) -> VPN_Interface:(destination subnet)
* WAN:(source subnet) -> VPN_Interface:(destination subnet) (ACTION) SSL-VPN (identify “interesting traffic” on the SSL Client. Make sure to set the group access under this policy.
Route(s):
* Destination_Network:VPN_Interface
Connect using the SSL_Client and ping a host on the far side and see if your COUNT SEND/Receive increment with each ping on the SSL VPN Client.
Upgraded a test system to review the features/fixes, but it’s been getting some complaints from other admins that the IPSengine is consuming mass amounts of memory again. I’d recommend waiting for 4.3.5.
The search is over, as the band Survivor sang – For me, it’s the correct and easy way to root my Droid X.
DISCLAIMER:
The process of rooting is highly frowned upon by carriers & I am simply providing this information for individuals curious about how the process works. I do not encourage that ANYONE root their device. It has potential to void your warranty, and as it is unsupported, can render your device unusable.
My website is for informational purposes only. I do not endorse any tool / software / app. You are acting at your own risk and curiosity if you apply the tutorials / procedures I state on my website. Please exercise caution and always use your best judgment before proceeding. It is always best to back up your data before doing anything with your device.
Here is what I did simple and sweet.
- Locate the file on Google or wherever “z4root.1.3.0.apk”
- Copy it to your Droid X either direct download or USB tether
- On the DroidX, Download ASTRO File Manager from Android Market Place
- On the DroidX, Open Settings > Applications
- Check the option “Unknown Sources” Allow installation of non-Market applications
- Decide whether you agree to expose your phone or not
- Locate the z4root.1.3.0 package using ASTRO & Click it
- Open App Manager
- Select Launch
At this point, it will ask you if you want a temporary root or permanent. Your decision.
Once it kicks off, it takes just about 30 seconds and the phone reboots. After boot up, you should see a couple apps called “Superuser” & “z4mod”. The z4mod allows you to return your phone to pre-root status. You’re done! Now go download Barnacle!
I recently upgraded my ESXi host to 4.1u1 and forgot to enable SSH. In the past, from what I know, you can only enable SSH on a vmware host by the hidden feature or via menu on the console requiring you to be there or depend on a IP-KVM device.
Apparently, you can enable it remote!
- Fire up vSphere Client
- Go to Configuration Tab (vmhost must be highlighted not a vm)
- Select Security Profile (You should see a few services listed ie Remote Tech Support (SSH)
- Click Properties to the top right of the list
- Another box will appear – Select Remote Tech Support (SSH)
- Click Options
- Select your preference (Start Automatically)
- Click Start
- Click OK – That’s it!
You should be able to log in now via SSH
Read this yesterday and have heard “things”, but it’s been confirmed apparently. There’s a technique (TCP Split Handshake attack) to fool common firewalls into “treating” an attacker as if it’s on the inside of the network. Appears to affect many of the big names in firewalls, Cisco, Juniper, Fortinet, SonicWall.
Read more about that here….