FortiGate: SSL Inspection (HTTPS Inspection)
KB ID 0001729 Problem Do you inspect the traffic on your network? You have a firewall? Maybe an IDS appliance? That’s good news, do you inspect HTTPS traffic? In most cases the answer is no. Because either you do not have the capability, or enabling SSL Inspection will degrade the firewall’s performance so much that you accept the risk. At time of writing (Early 2021) it’s estimated that 85% of all web traffic is now...
The Web Site for the CA Must be Configured to use HTTPS
KB ID 0000838 Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...
EVE-NG: Create Windows Server 2019 VM
KB ID Article Problem I’ve had a Windows 2012R2 server image that I’ve ben using in EVE-NG for ever. This week it bit the dust so I thought, can I deploy a shiny new 2019 server? EVE-NG Windows Virtual Machines Yes! In fact the deployment procedure is the same for 2019 as it was for earlier versions of Windows server. First log onto your EVE-NG host and create the folder; mkdir /opt/unetlab/addons/qemu/winserver-2019/...
Software is Preventing Firefox From Safely Connecting to this Site
KB ID 0001727 Problem I was setting up some HTTPS/SSL inspection this week and while testing it, I ran into this problem; Firefox Certificate Settings So the machine I’m using DOES trust the CA that issued that certificate, (it’s a FortiGate firewall) But the BROWSER does not. (Firefox maintains its own list of certificates, and more importantly which CA certificates it will trust). Essentially the browser is trying to...
FortiGate: SSL-VPN With FortiClient (AD Authenticated)
KB ID 0001725 Problem FortiGate Remote Access (SSL-VPN ) is a solution that is a lot easier to setup than on other firewall competitors. Here’s how to setup remote access to a FortiGate firewall device, using the FortiClient software, and Active Directory authentication. This is what my topology looks like; Note: I’ve changed the FortiGates default management HTTPS port from 443 to 4433 (before I started). This was to let...