Clik here to view.
FortiGate Virtual IPs with Interface “Any”
On the FortiGate firewall, address objects and virtual IPs (VIPs) can be set up with an interface. For address objects this has no technical relevance – the address objects simply only appear on...
View ArticleClik here to view.
FortiGate Virtual IPs without Reference
Migrating from Juniper ScreenOS firewalls to FortiGates, there are some differences to note with static NATs, i.e., Mapped IPs (MIPs) on a Netscreen and Virtual IPs (VIPs) on a FortiGate. While the...
View ArticleClik here to view.
IPv6 through IPv4 VPN Tunnel with Palo Alto
The most common transition method for IPv6 (that is: how to enable IPv6 on a network that does not have a native IPv6 connection to the Internet) is a “6in4” tunnel. Other tunneling methods such as...
View ArticleClik here to view.
Advanced Ping: httping, dnsping, smtpping
I really love ping! It is easy to use and directly reveals whether the network works or not. Refer to Why Ping is no Security Flaw! (But your Friend) and Advanced Tracerouting. At least outgoing pings...
View ArticleClik here to view.
Palo Alto Software Download Failure
I had an error on my PA-200 with PAN-OS 7.0.5 while trying to download a new firmware version. “Error: There is not enough free disk space to complete the desired operation. […]”. Even the tips to...
View ArticleClik here to view.
RIPE Atlas Measurements
I just want to share my happiness about the RIPE Atlas measurements. If you have not heard about it yet, keep on reading. Following is a very basic overview of how the Atlas tool from the RIPE NCC can...
View ArticleClik here to view.
RIPE Atlas Probe Stats
Since almost two years I am running a RIPE Atlas Probe in my server room. It resides in an own security zone on a Palo Alto firewall (which also powers the probe via its USB port :)). With this post I...
View ArticleClik here to view.
MIDI-IF for Monotron
Juchu, endlich mal wieder ein Bastelprojekt. Für den Spielzeug-Synthesizer Monotron von Korg gibt es eine kleine Platine namens MIDI-IF, die anstelle des nicht ernsthaft zu spielenden Ribbon-Controller...
View ArticleClik here to view.
Noch ne ADS-B Antenne
Nachdem meine selbst gebauten ADS-B Antennen bereits sehr gut laufen hat mich jemand auf die Idee gebracht, mal eine speziell auf diesen Frequenzbereich zugeschnittene ADS-B Antenne bei eBay zu kaufen...
View ArticleClik here to view.
Bye Bye Maglite
Auch ich merke, dass ich älter werde. Mittlerweile ist es soweit, dass Technik, die “zu meiner Jugendzeit” hochaktuell war, total veraltet ist. Ein schönes und für mich trauriges Beispiel ist die...
View ArticleClik here to view.
Palo Alto IPv4 vs. IPv6 Performance Speedtests
After I have done some speedtests on the FortiGate firewall I was interested in doing the same tests on a Palo Alto. That is: What are the throughput differences of IPv4 vs. IPv6, measured with and...
View ArticleClik here to view.
Palo Alto VPN Speedtests
Once more some throughput tests, this time the Palo Alto Networks firewalls site-to-site IPsec VPN. Similar to my VPN speedtests for the FortiGate firewall, I set up a small lab with two PA-200...
View ArticleClik here to view.
Fortinet Feature Requests
I really like the FortiGate firewalls. They are easy to manage and have lots of functionality. However, I am also aware of some other firewall products and therefore have some feature requests to...
View ArticleClik here to view.
FortiGate Application Traffic Shaping
This is a really cool and easy to use feature of the FortiGate firewall: the traffic shaper. Once an application category uses too much traffic, the bandwidth consumption can be decreased with it. Just...
View ArticleClik here to view.
Using NetFlow with nProbe for ntopng
This blog post is about using NetFlow for sending network traffic statistics to an nProbe collector which forwards the flows to the network analyzer ntopng. It refers to my blog post about installing...
View ArticleClik here to view.
CPU Usage Increase FortiGate 100D -> 90D
A few weeks ago I swapped a FortiGate 100D firewall to a 90D firewall. The 100D was defective and needed to be replaced. Since the customer only has a 20 Mbps ISP connection, I thought that a FortiGate...
View ArticleClik here to view.
ownCloud Data Directory
I initially stored my ownCloud data on an external NTFS hard disk. (Yes, this was not a good idea at all.) After some time now I wanted to move the files to a bigger ext4 drive on the same machine....
View ArticleClik here to view.
Wie man als arbeitender Familienvater 399 € Elterngeld bekommt
Unser erstes Kind kam während des Studiums. Sprich: Elternzeit konnte ich mir keine nehmen (oder ich hätte ein ganzes Semester verlängern müssen) und fürs Elterngeld gab es immerhin den Mindestsatz von...
View ArticleClik here to view.
Palo Alto FQDN Objects
While I tested the FQDN objects with a Palo Alto Networks firewall, I ran into some strange behaviours which I could not reproduce, but have documented them. I furthermore tested the usage of FQDN...
View ArticleClik here to view.
Palo Alto DNS Proxy Rule for Reverse DNS
I am using the DNS Proxy on a Palo Alto Networks firewall for some user subnets. Beside the default/primary DNS server it can be configured with proxy rules (sometimes called conditional forwarding)...
View Article