Archive for the ‘Quick Notes’ Category

Posted by keith.wirch at December 18, 2017

Category: Quick Notes

The default gnome panel is Ubuntu 17.10 does not include the date.  It only shows the day of the week.  Strange default if you ask me.  See the image below.

I mush prefer it have the date on it.  Like you see below.

To do that, use command below in any terminal window of your choice.

gsettings set org.gnome.desktop.interface clock-show-date true

If you regret your decision, you can set the clock-show-date boolean variable to false and ti will remove the date.

Posted by keith.wirch at August 18, 2017

Category: Fortigate, Quick Notes

There isn’t really a way to create a GRE Tunnel in the Fortigate GUI but you can through a CLI.  I find this process to be FortiOS version agnostic.  Take the image below as reference.

Here is the CLI for Site 1:

config system global
edit "GRE-to-Site2"
set interface "wan"
set remote-gw    # Remote Firewall WAN IP
set local-gw    # Local Firewall IP

Once the GRE Tunnel is configured, you need to setup the actual interface as shown.

config system interface
edit "GRE-to-Site2"
set vdom "root"
set ip    # Local GRE Tunnel IP
set allowaccess ping    # Might just need ping for troubleshooting.
set type tunnel
set remote-ip    # GRE Tunnel IP for the Remote side
set interface "wan"

I will not cover it in the guide but you do need to create a route for via the GRE tunnel.  Refer to Fortigate Documentation for creating a Static Route.  Do not forget to create a Firewall Policy to allow the traffic to traverse the tunnel.  Been there…  *shakes head*

Here is the CLI for Site 2:

The CLI here is very similar to Site 1.  Just flipped a little.

config system gre-tunnel
edit "GRE-to-Site1"
set interface "wan"
set remote-gw    # Remote Firewall WAN IP
set local-gw    # Local Firewall WAN IP

Now configure the actual interface since the GRE tunnel config is made.

config system interface
edit "GRE-to-Site1"
set vdom "root"
set ip    # Local GRE Tunnel IP
set allowaccess ping    # Ping can be helpful for troubleshooting
set type tunnel
set remote-ip    # Remote Firewall GRE Tunnel IP
set interface "wan"

Again, do not forget to create your routs and firewall policies to allow the traffic to flow.

NOTE:  I find GRE tunnels to be the PERFECT opportunity to use addresses.  Use them on the actual tunnel IPs since they are not routeable and link-local according to RFC 5735.

Posted by keith.wirch at December 9, 2016

Category: Networking, Quick Notes

ip flow-cache timeout active 5  # Five Minute Timeout
ip flow-export source FastEthernet0/0  # Source Address of the UDP Flow Datagrams
ip flow-export destination <IP Address> 9996

#interface config#
  ip route-cache flow  # Turns on Netflow for that interface

Posted by keith.wirch at November 6, 2016

Category: Fortigate, Networking, Quick Notes

Here is some quick notes about working with DHCP in a Fortigate firewall.  It is pretty common to have to work with them when you have a small office firewall.  I would not recommend using the DHCP Sever service on these firewalls in a large production environment.  Microsoft makes a pretty good one as a role in their server.

Showing/Clearing a DHCP Lease List

exec dhcp lease-list  #show current list on DHCP lease
execute dhcp lease-clear <ip address> #clear the DHCP lease of a specific ip
execute dhcp lease-clear all  #clear all the DHCP leases

Setting DHCP reservation on FortiOS 5.x

config system dhcp server  #Brings you into config mode of DHCP
edit 1 #This number will depend on what scope you are add the res too.  Use "show" to display them all.
config reserved-address
edit 1  #Increment this number for each reservation you need
set ip <ip address>
set mac <MAC Formatted 99:99:99:33:33:33>

Setting DHCP reservation on Pre-FortiOS5.x

config system dhcp reserved-address
edit "My_Reservation"
set ip <ip address>
set mac <MAC Formatted 99:99:99:33:33:33>

Posted by keith.wirch at November 3, 2016

Category: Batch, Quick Notes, Windows

Quick notes on working with Windows Services.  Windows Update will be our Guinea Pig.  Windows update service name is “wuauserv”.  You can get the service name of any service by getting the output of:

powershell get-service

Or if you prefer the GUI.  You can open the properties of a service via the services console.

Windows Update Service

Stopping and Disabling a Service at Startup

sc config wuauserv start= disabled

Starting, Stopping, Checking Status of a Service

sc start wuauserv    #Start a Service
sc stop wuauserv     #Stop a Service
sc query wuauserv    #Check Status of a Service