This morning I woke up still sick from a cold the last couple days thinking it can’t get any worse. Well around 9:30am, I received a call from the property managers that my apartment In Nashville, TN was completely destroyed in a fire just hours prior. Now thank God no one was killed, but I lost more than just monetary items. I live part time down there when not in Ohio.
I’m still trying to figure out how (3) buildings can completely burn down (36 units) with a large ladder fire station 1000 feet down the street.
Per an email blast
Today Fortinet announced the acquisition of Ottawa, Canada-based TalkSwitch®, the developer of owner-friendly® phone systems for remote offices and distributed enterprises. With tens of thousands of customers and a network of 1,500 resellers and distributors, TalkSwitch delivers owner friendly phone systems to companies, home-based businesses, institutions and franchises.
Looks like Fortinet is diversifying their product line by adding a more stable “voice” solution. Hmm, this appears as if they’re positioning to take on Cisco directly.
I’m starting to hear some rumblings about CentOS releases and updates taking longer and longer thus stalling. You can applaud Larry Ellison of Oracle for that because of Unbreakable Linux. To summarize real quick; my opinion and my others, Unbreakable Linux is nothing more than RedHat with some language changed. RedHat releases source to comply with GPL and other licenses. Oracle grabs the source, makes changes and compiles it as “Unbreakable Linux” – TADA!
Here’s a conversation that inspired this article
Connect to console via serial cable (typical 9600,8n1) using a terminal type program (HyperTerm, PuTTY, ZTERM, TerraTerm)
Username: maintainer
Password: bcpb + serial number of the firewall
Note: Some devices after booting, may only give you a window of 14 seconds to type in the username & password.
#config system admin
#edit admin
#set password
#end
All credit to Soni Hacker for this information.
Read this yesterday and have heard “things”, but it’s been confirmed apparently. There’s a technique (TCP Split Handshake attack) to fool common firewalls into “treating” an attacker as if it’s on the inside of the network. Appears to affect many of the big names in firewalls, Cisco, Juniper, Fortinet, SonicWall.
Read more about that here….
For the last 5-6 months I have procrastinated about upgrading a ESXi box to 4.1. I finally bit the bullet and started researching. Well, of course, a quick search engine query resulted in about a dozen or two “How-To’s”. Many of them look credible and tried a couple resulting in the bitter taste of fail. I came across this “SIMPLE” How-To and I’ll link it because it deserves much credit for my success….
Here it is…and thank you for the easy guide!
I started playing with the latest FortiAP220b device. Plugging in my trusty ultra-cool USB Bluetooth Serial adapter powered by the USB port on the FortiAP I noticed the following:
FAP22B3U1XXXX314 login: admin
Mar 1 12:12:03 login[606]: root login on `ttyS0′
BusyBox v1.01 (2010.08.28-00:38+0000) Built-in shell (ash)
Enter ‘help’ for a list of built-in commands.
FAP22B3U1XXXX314 # help
Built-in commands:
——————-
. : alias bg break cd chdir continue eval exec exit export false
fg hash help jobs kill let local pwd read readonly return set
shift times trap true type ulimit umask unalias unset wait
FAP22B3U1XXXX314 # .
Ok, so we know it’s running an embedded type of Linux called Busy-Box. At this point the AP is NOT administrated by the Fortigate. Not sure how much I can do with it until I tick manage – more to follow…
Little did I know Fortinet released FortiOS 4.2.5 on April 1. I guess it’s real? Bunch of fixes many people were complaining about that were not addressed in 4.2.4.
I’m always looking for ways to lighten the load I carry on my back every day. That load being my backpack. I carry enough equipment to perform daily and semi-annual duties. Beside the absolute essential (MacBook Pro 15″ 2010), power supply & wireless mouse, I carry cables such as (funny I have to list it!)
- 7 ft Ethernet patch cable
- 7 ft Ethernet cross-over patch cable
- 25 ft Ethernet patch cable
- Ethernet couplers
- serial cables (2 types)
- gender changers (25 to 9 & male/female)
- null modems
- Cisco adapters
- Numerous USB cables (mini to normal)
So the other day, out of the blue I found out there’s blue-tooth serial adapters! I was like sliced-bread. I immediately ordered one:
The adapter defaults at 19200 baud so I had to connect my Serial-2-USB and set baud rate. If you are from the MODEM days 70′s-early 90′s), it’s very similar to the HAYES AT command set. Once I paired the adapter on my MAC, I loaded ZTERM and connected – voila! I have console on my Cisco from 40 ft away! Awesome I say and this will eliminate about 80 feet of cable I used to carry around!
Ever work on a Fortigate and need to show the IP addresses quickly – especially if the interfaces are DHCP? Try this via CLI
#show system interface ?
name name
IPSEC-VIFace static 0.0.0.0 0.0.0.0 up disable tunnel
dmz static 0.0.0.0 0.0.0.0 up disable physical
internal static 10.100.10.1 255.255.255.0 up disable physical
modem static 0.0.0.0 0.0.0.0 down disable physical
ssl.root static 0.0.0.0 0.0.0.0 up disable tunnel
wan1 static xxx.xxx.xxx.222 255.255.255.224 up disable physical
wan2 static 0.0.0.0 0.0.0.0 up disable physical
Using VDOM’s? You’ll need to enter the following per VDOM:
#config vdom
#edit VDOMNAME
#show system interface ?
Done!