Clik here to view.
IPv6 VPN Routing with Dynamic Prefixes
How to route traffic inside an IPv6 site-to-site VPN tunnel if one side offers only dynamic IPv6 prefixes? With IPv4, the private network segments were statically routed through the tunnel. But with a...
View ArticleClik here to view.
IPv6 Dyn Prefix Problems
I am lucky to have a full dual-stack ISP connection at home. However, the ISP only offers a dynamic IPv6 prefix with all of its disadvantages (while no single advantage). In this post, I am summarizing...
View ArticleClik here to view.
Palo Alto Remote Access VPN for Android
For a basic remote access VPN connection to a Palo Alto Networks firewall (called “GlobalProtect”), the built-in VPN feature from Android can be used instead of the GlobalProtect app from Palo Alto...
View ArticleClik here to view.
Cisco ASA Remote Access VPN for Android
The native Android IPsec VPN client supports connections to the Cisco ASA firewall. This even works without the “AnyConnect for Mobile” license on the ASA. If only a basic remote access VPN connection...
View ArticleClik here to view.
Handstaubsauger Akkupack erneuert
Hier mal ein kleiner Do-it-Yourself Beitrag. Einfache Aufgabenstellung: Der Akkupack in unserem überlebensnotwendigem Handstaubsauger (AEG Junior 2.0) ist nach einigen Jahren faktisch nicht mehr zu...
View ArticleClik here to view.
Bessere Antennen für den ADS-B Flugzeugempfang
Seit mittlerweile mehr als einem Jahr betreibe ich aus Spaß einen eigenen Flightradar Server. Außerdem hatte ich einen weiteren ADS-B Empfänger am Raspberry Pi in Betrieb genommen. Was also noch...
View ArticleClik here to view.
FortiGate 2-Factor Authentication via SMS
Two-factor authentication is quite common these days. That’s good. Many service providers offer a second authentication before entering their systems. Beside hardware tokens or code generator apps, the...
View ArticleClik here to view.
Basic IPv6 Configuration on a FortiGate Firewall
It’s really great that the FortiGate firewalls have a DHCPv6 server implemented. With this mandatory service, IPv6-only networks can be deployed directly behind a FortiGate because the stateless DHCPv6...
View ArticleClik here to view.
CLI Commands for Troubleshooting FortiGate Firewalls
This blog post is a list of common troubleshooting commands I am using on the FortiGate CLI. It is not complete nor very detailled, but provides the basic commands for troubleshooting network related...
View ArticleClik here to view.
MRTG/Routers2: Template FortiGate
A few weeks ago I constructed an MRTG/Routers2 template for the Fortinet FortiGate firewalls. I am using it for monitoring the FortiGate from my MRTG/Routers2 server. With the basic MRTG tool...
View ArticleClik here to view.
Tufin SecureTrack: Adding Devices
Since a few weeks I am using Tufin SecureTrack in my lab. A product which analyzes firewall policies about their usage and their changes by administrators (and much more). Therefore, the first step is...
View ArticleClik here to view.
Where to terminate Site-to-Site VPN Tunnels?
When using a multilayer firewall design it is not directly clear on which of these firewalls remote site-to-site VPNs should terminate. What must be considered in such scenarios? Differentiate between...
View ArticleClik here to view.
ntopng Installation
Some time ago I published a post introducing ntopng as an out-of-the-box network monitoring tool. I am running it on a Knoppix live Linux notebook with two network cards. However, I have a few...
View ArticleClik here to view.
FortiGate: Software-/ Hardware-/ VLAN-Switch
I am still a bit confused about the different switch types a FortiGate firewall is able to handle. While there are a lot of information on the Internet about the “internal-switch-mode” of...
View ArticleClik here to view.
FortiGate HA Cluster
This is a step-by-step tutorial for configuring a high availability cluster (active-standby) with two FortiGate firewalls. Since almost all firewall vendors have different principles for their HA...
View ArticleClik here to view.
Network Transfer: 1 Big vs. 100 Small Files
A common mistake when analyzing network speed/bandwidth between different applications and servers is to fully rely on the mere size of the files being transferred. In fact, one big file will transfer...
View ArticleClik here to view.
FortiGate VPN Speedtests
Triggered by a customer who had problems getting enough speed through an IPsec site-to-site VPN tunnel between FortiGate firewalls I decided to test different encryption/hashing algorithms to verify...
View ArticleClik here to view.
FRITZ!Box VPN Speedtests
Ähnlich zum dem Site-to-Site VPN Throughput Test der FortiGate Firewalls wollte ich mal den FRITZ!Boxen auf den Zahn fühlen und herausfinden, in wie fern sich der VPN-Durchsatz bei den Modellen...
View ArticleClik here to view.
FortiGate IPv4 vs. IPv6 Performance Speedtests
I was interested in the performance of my FortiGate firewall when comparing IPv4 and IPv6 traffic. Therefore I built a small lab consisting a FortiWiFi 90D firewall and two Linux clients running Iperf....
View ArticleClik here to view.
RTTs with different ISPs
Just a short post this time, but an interesting fact concerning different Internet Service Providers (ISPs) and their routing to/from other countries. I have a customer in Germany that has a remote...
View Article