Skip to main content

Net Worker World

Search This Blog

FortiManager

on October 09, 2023

Get link
Facebook
X
Pinterest
Email
Other Apps

Reset:

exe reset all-settings

exe reset all-except-ip !! keep interface and routing configuration

exe format{disk} deep-erase

Get link
Facebook
X
Pinterest
Email
Other Apps

Comments

Post a Comment

Popular Posts

Firepower FMC and FTD troubleshooting

1. Display real time log on FMC or FTD: pigtail for example: pigtail | grep 192.168.2.20 pigtail | grep sftunnel pigtail --help pigtail deploy pigtail gui 2. Restart communication channel manage_procs.pl run it from the sensor only, run it from FMC will reset all sensors' channel. This scripts are nice to be used when the FMC and FTD have communication problems like heartbeats are not received, policy deployment is failing or events are not received > expert ************************************************************** NOTICE - Shell access will be deprecated in future releases and will be replaced with a separate expert mode CLI. ************************************************************** admin@FTD:~$ sudo su Password: root@FTD:/home/admin# manage_procs.pl **************** Configuration Utility ************** 1 Reconfigure Cor...

Checkpoint S2S VPN to ASA

Summary 1. Checkpoint GW configuration for S2S VPN 2. Add Interoperable Device for ASA 3. Add VPN Community 4. Add Policy rules. ====================== 1. Checkpoint GW configuration for S2S VPN 1.1 "IPSec VPN" blade is selected. 1.2 Verify network topology 1.3 Network Management > VPN Domain Or set Specific VPN domain for Gateway Communities (R80.40) 2. Add Interoperable Device for ASA 2.1 Specify remote peer IP address 2.2 Topology>VPN Domain 3. Add VPN Community 3.1 Create a Meshed Community, add local and remote gateways to the list 3.2 Configure Phase I and Phase II parameters 3.3 Tunnel Management, select per subnet pair 3.4 Configure Shared Secret 3.5 Advanced section to set life time and disable NAT inside the VPN community 4. Verify VPN ip address by default, main address is selected, which is the IP in "General Properties" section. 5. Add rule 6. Note in case local IP is NATed before go to VPN tunnel Create NAT rule VPN domain include...

ASA IKEv1 VPN troubleshooting Steps and Tips

1. Phase I proposal mismatch Run show crypto isakmp sa Initiator: MM_WAIT_MSG2 Responder: No info Most likely this is phase1 proposal mismatch, verify IKEv1 policy, other symptoms: Initiator log: Information Exchange processing failed All configured IKE versions failed to establish the tunnel Initiator debug: Received an un-encrypted NO_PROPOSAL_CHOSEN notify message, dropping Responder log: Error processing payload: Payload ID Responder debug: All SA proposals found unacceptable 2. IKE version mismatch: Run show crypto isakmp sa no info at both initiator and responder Initiator log: Removing peer from correlator table failed, no match! Reason: User Requested All configured IKE versions failed to establish the tunnel Initiator debug: Oakley begin quick mode PHASE 1 COMPLETED IKE Initiator sending 1st QM pkt Removing peer from correlator table failed, no match! Session is being torn down. Reason: User Requested Responder log:...

Powered by Blogger