FortiGate Port Forwarding
KB ID 0001742 Problem I was back on the tools again today setting up FortiGate Port Forwarding! This was for one of our partners that I have to do some remote work for, so I temporarily needed to get onto their servers. Normally I’d just SSL VPN in, (but that’s what I’m setting up!) So to get onto their servers I had to setup a port forward for RDP. WARNING: Port forwarding RDP from ALL / Any is a BAD IDEA...
Replacing Cisco Firewalls with Fortinet Firewalls
KB ID 0001741 Replacing Cisco If you’ve been following articles on the site you will know that the focus of the firewall related output is shifting from Cisco ASA / Cisco FirePOWER to Fortinet (FortiGate) firewalls. This article is so you can make an informed choice about what you want to replace your Cisco firewall with. Note: I’m starting with SOHO and Small Business sized firewalls, but I will extend this to...
VMware ESX – Sockets and Cores (Logical Processors)
KB ID 0001124 Problem While explaining to a client the difference between Sockets, Cores, Logical processors, I had to revisit this post today, so I updated it for vSphere7 Calculating Sockets and Cores Essentially; A: Processor Sockets: The Physical amount of CPUs on the motherboard. B: Cores Per Socket: For a dual core processor this would be 2, triple core=3, quad core = 4, hex core = 6, octa core=8, deca core=12, etc. C: Logical...
Azure Traffic Manager (DNS Failover)
KB ID 0001740 Problem Why Azure Traffic Manager? I had to price up a hardware load balancer (ADC) a couple of weeks ago for a client. I wont mention the vendor, (though I’m sure you can guess). Over 3 years it was going to cost (for a pair) about £100k, (so about 33k a year). That included the global DNS failover, this was so they, (the client) could fail over their services between multiple data centres. OK there are other ADC...
Free Exchange Certificate
KB ID 0001739 Problem A couple of weeks ago I wrote an article about getting free certificates for IIS with ‘Let’s Encrypt’. Last week the renewal for my ‘test’ Exchange server’s certificate came though. So I thought “Why don’t I try and get a ‘Free Exchange Certificate’?” Free Exchange Certificate Before we start let’s take a moment to take a look at our existing...
Leave Domain: “A general network error occurred’
KB ID 0001738 Problem After a recent lab on the test bench, I ended up with a 2008 x32 standard server. It took me a while to get this setup and running, so I wanted to keep it (or turn it into a VMware template should I ever need another). But first I needed to ‘remove it’ from the domain it was in. However, when attempting to do so this happened; Computer Name /Domain Changes The following error occurred validating...
O365 with Duo MFA (Without a P1 License?)
KB ID 0001737 Problem Working for a cloud service provider, (and a Duo partner). I get a lot of queries about Duo MFA for Office 365. Typically (I think) the best solution is to enable Azure Conditional Access and couple that with Trusted sites, so clients get challenged when out on the road, but not in the office. The drawback of this is Azure Conditional Access requires a P1 License, at time of writing that’s about $6 a month...
Free Certificate for IIS with Let’s Encrypt
KB ID 0001736 Problem I’ve been aware of Let’s Encrypt for a while, they are a non profit Certification Authority, who will provide you with a free certificate, and you can use them for most things you want to secure with a digital certificate. The only reason I’ve never used them in the past is, their certificates have a short (3 month) lifespan, and I see enough things breaking when people forget to renew 12 month...
Outlook URL Shortening?
KB ID 0001735 Problem Outlook URL: I first noticed this a few weeks ago, When copying and pasting a URL into an email it shortens the URL and gives it the pages title. At first i thought my firms Devs had changed the way our CRM works, but then I noticed it happening with SharePoint URLs as well, this is what I mean; I don’t have a problem with it, in fact I much prefer it! However I got an email this morning from someone...
FortiGate Securing Remote Administration
KB ID 0001734 Problem When considering Securing FortiGate remote administration, I’ve written about changing the https management port to something other than TCP 443 before, I suppose that’s security by obfuscation (though even a script kiddy with one hours experience, will be able to spot an html responses). Typically with other vendors you limit remote administration access, to specific IP addresses (or ranges). So...