FortiGate: SSL Inspection (HTTPS Inspection)
KB ID 0001729 Problem Do you inspect the traffic on your network? You have a firewall? Maybe an IDS appliance? That’s good news, do you inspect HTTPS traffic? In most cases the answer is no. Because either you do not have the capability, or enabling SSL Inspection will degrade the firewall’s performance so much that you accept the risk. At time of writing (Early 2021) it’s estimated that 85% of all web traffic is now...
The Web Site for the CA Must be Configured to use HTTPS
KB ID 0000838 Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...
EVE-NG: Create Windows Server 2019 VM
KB ID Article Problem I’ve had a Windows 2012R2 server image that I’ve ben using in EVE-NG for ever. This week it bit the dust so I thought, can I deploy a shiny new 2019 server? EVE-NG Windows Virtual Machines Yes! In fact the deployment procedure is the same for 2019 as it was for earlier versions of Windows server. First log onto your EVE-NG host and create the folder; mkdir /opt/unetlab/addons/qemu/winserver-2019/...
Software is Preventing Firefox From Safely Connecting to this Site
KB ID 0001727 Problem I was setting up some HTTPS/SSL inspection this week and while testing it, I ran into this problem; Firefox Certificate Settings So the machine I’m using DOES trust the CA that issued that certificate, (it’s a FortiGate firewall) But the BROWSER does not. (Firefox maintains its own list of certificates, and more importantly which CA certificates it will trust). Essentially the browser is trying to...
FortiGate: SSL-VPN With FortiClient (AD Authenticated)
KB ID 0001725 Problem FortiGate Remote Access (SSL-VPN ) is a solution that is a lot easier to setup than on other firewall competitors. Here’s how to setup remote access to a FortiGate firewall device, using the FortiClient software, and Active Directory authentication. This is what my topology looks like; Note: I’ve changed the FortiGates default management HTTPS port from 443 to 4433 (before I started). This was to let...
GIMP: Post Upgrade Tools Missing?
KB ID 0001726 Problem I’ve been running an older version of GIMP for a while, it’s been a bit ‘flaky’ since the Big Sur upgrade, so yesterday I took the plunge and updated it. As expected I had to recreate my custom arrow brushes and things. But the problem that hit me the most was ‘Where have all the tools gone!’ Solution I know it’s open source software and I’ve no right to complain,...
Download Veeam
KB ID 0001724 Download Veeam At PNL we have always championed Veeam, below are our links to download Veeam, Theres no surprise it’s the market leader in backup and recovery, it came onto the market when backups were a major IT headache. I can remember having to change nearly 30 different server tapes (a day) and from 09:00 to probably lunch time every day I was fixing backup issues. (Simply Download Veeam and give it a trial!)...
Setup FTP Server with Windows Server
KB ID 0000342 Problem You want to Setup FTP on your Windows Server, (and more importantly make it work without disabling the firewall.) Below are the procedure you will need to carry out. Note: For older Windows Operating systems like Server 2012, click here, or for Server 2008, click here. Setup FTP Server (Windows Server) Setup FTP on Windows Server 2012 (Including firewall setup) Setup FTP on Windows Server 2008 R2 (Including...
FortiGate: Change the HTTPS Fortigate Management Port
KB ID 0001723 Problem Like all firewalls that have ‘web management’ the default ports are 80 and 443 for insecure and secure management. IF you have secure (https) management on the outside interface of your firewall on the normal TCP port of 443. Then you can’t use the same interface to terminal SSL-VPNs. So you will need to change the FortiGate Management Port. You can set SSL-VPN to use a different port of course,...
Microsoft Teams: Suppress Annoying Message Pop-ups
KB ID 0001722 Problem Wow! Who at Microsoft Teams thought that enabling that by default was a good idea? I was on a large conference call this morning, (about 150 people). Every message to the message feed was spewing onto my screen and making a noise during the meeting! Thought: Why do ALL developers think it’s a good idea to have pop-up banner massages appear top right of the screen, (where your windows control buttons and...