Fortigate Cert #2

31 - January - 2022Uncategorizedjoe.relhak@gmail.com

Use the fortigate create CSR.

downloaded the fortigategenerated.csr

submitt the CSR contents to (re)key the certificate

Once ready download the files from GoDaddy files (crt, pem, and gd.crt)

ssh into fortigate navigate to

config vpn certificate local and then find the csr certificate

and save encrypted private key section of the cert to a file

openssl pkcs12 -export -in fromgodaddy.crt -inkey savedencryptedprivate.key -out certificate.pfx – or use an online sslcertificate converter

Fortiswitch “offline”

28 - October - 2021Uncategorizedjoe.relhak@gmail.com

some quick notes post fix:

On Fortigate run:

execute switch-controller get-conn-status <FortiSwitch_serial_number>

execute switch-controller diagnose-connection <Fortiswitch_serial_number>

on Fortiswitch run:

config system global

set switch-mgmt-mode fortilink

end

Cisco Reset and Upgrade

4 - October - 2021Uncategorizedjoe.relhak@gmail.com

plugin console cable with known port open in Putty.

Eject the CF and copy firmware and rommon to it, or get it on the device via USB or TFTP etc.

Power on and “Ctrl+( right click putty > special command > break ) ” – repeat until

rommon 1 > confreg 0x2142


You must reset or power cycle for new config to take effect
rommon 2 > reset

upgrade rom-monitor file flash0:\"file name"

after rommon upgraded del flash0:/”all firmware but the newest bin” and reload

config t

config-register 0x2102

end

erase nvram:

copy run start

Forti-notes

29 - September - 2021Uncategorizedjoe.relhak@gmail.com

diag sys session filter src x.x.x.x

diag sys session list : grep “policy_id”

di sniff packet any ” host x.x.x.x” 4

di de app url filter src-addr

di de app urlfilter -1

di de en

di vpn ike log filter dst-addr 4 x.x.x.x

get vpn ssl monitor

Forticlient Automatic Install & Setup

1 - September - 2021Uncategorizedjoe.relhak@gmail.com

Download Forticlient https://links.fortinet.com/forticlient/win/vpnagent

Create a new folder and download Forticlient https://links.fortinet.com/forticlient/win/vpnagent

Create a Forticlient.reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\Sslvpn\Tunnels\FortigateSSLVPN]

“Description”=”Fortigate SSLVPN”

“Server”=”vpn.address.com:port”

“promptusername”=dword:00000001

“promptcertificate”=dword:00000000

“DATA3″=hex(7):00,00

“ServerCert”=”0”

“sso_enabled”=dword:00000000

Create an install.bat file:

“%~dp0FortiClientVPNSetup*” /Quiet /Passive /NoRestart

reg import “%~dp0Forticlient.reg”

Run the install.bat

Generate SSL VPN Cert

15 - August - 2021Uncategorizedjoe.relhak@gmail.com

After getting to a machine with openssl installed ( I used a Ubuntu Server for this purpose )

Generate a CSR and fill in the details asked:

jrelhak@ubuntu-server-jr:~$ openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr

Upload the CSR to the CA ( I used GoDaddy in this case): save the pem and crt bundle file back to the original CSR machine and convert the pem and key with GD bundle into a pfx. You’ll be asked for the previously set private key password and to set a PFX password:

jrelhak@ubuntu-server-jr:~$ openssl pkcs12 -export -out sslvpn.pfx -inkey PRIVATEKEY.key -in 85bff5d78f00ce1.pem -certfile gd_bundle-g2-g1.crt
Enter pass phrase for PRIVATEKEY.key:
Enter Export Password:
Verifying – Enter Export Password:
jrelhak@ubuntu-server-jr:

Verify PFX was created:

jrelhak@ubuntu-server-jr:~$ ls
85bff5d78f00ce1.crt 85bff5d78f00ce1.pem gd_bundle-g2-g1.crt MYCSR.csr PRIVATEKEY.key sslvpn.pfx

Upload the pfx to the Fortigate as a local certificate and enter the Export password.

From the CLI you can see the certificates under “config vpn certificate local”

Fortigate IPS troubleshooting

11 - June - 2021Uncategorizedjoe.relhak@gmail.com

IPS in lightweight mode:

config ips global
set cp-accel-mode none
end

config ips global
set engine-count 2
end

IPSmonitor restart and cache clear commands:

diag test application ipsmonitor 99
diag test application ipsmonitor 97
diag test application ipsmonitor 98
diag test application ipsmonitor 99

Powershell v2 “Test-NetConnection”

18 - May - 2021Uncategorizedjoe.relhak@gmail.com

function Test-Port($server, $port) {
$client = New-Object Net.Sockets.TcpClient
try {
$client.Connect($server, $port)
$true
} catch {
$false
} finally {
$client.Dispose()
}
}

Test-Port ipaddress port

Cisco Packet Capture CLI

26 - January - 2021Uncategorizedjoe.relhak@gmail.com

monitor capture CAP interface GigabitEthernet0/0/0 in

monitor capture CAP match ipv4 protocol tcp any any eq 1362

monitor capture CAP start

show monitor capture CAP buffer brief

monitor capture CAP stop

show monitor capture CAP buffer brief

show monitor capture CAP buffer detailed 

monitor capture CAP export ftp://10.0.0.1/CAP.pcap



no monitor capture CAP

ESX port-group packet capture

26 - June - 2019Uncategorizedjoe.relhak@gmail.com

esxcli network vm list [get world ID of VM ]

esxcli network vm port list -w [World ID]

ESX 6.5 —
pktcap-uw –switchport [Port ID] –dir 0 -o /tmp/[Port ID]_in.pcap & \
pktcap-uw –switchport [Port ID] –dir 1 -o /tmp/[Port ID]_out.pcap &
ESX 6.7 —
pktcap-uw –switchport [Port ID] –dir 2 -o /tmp/[Port ID]_in.pcap &

to kill —
kill $(lsof |grep pktcap-uw |awk ‘{print $1}’| sort -u)

mergecap -w [Port ID]_combined.pcap [Port ID]_in.pcap [Port ID]_out.pcap

———————————————————-

The new way to do pktcaps moving forward will be using the syntax below, and here’s some samples of what to capture:

At the VM switchport for ARP’s

pktcap-uw –switchport <#> –capture Vnic(Rx/Tx) –ethtype 0x0806 – o – | tcpdump-uw -r – -nn

At the physical NIC for ARP’s

pktcap-uw –uplink vmnicX –capture Uplink(Rcv/Snd)Kernel –ethtype 0x0806 -o – | tcpdump-uw -r – -nn

Joe Relhak

Scenario Firefigher