Posts

JUNIPER SRX: SOURCE NAT (INTERFACE BASED SOURCE NAT)

Image
  #########NAT Configuration######## >set security nat source rule-set NAT-IBN description source_nat >set security nat source rule-set NAT-IBN from zone untrust >set security nat source rule-set NAT-IBN to zone untrust >set security nat source rule-set NAT-IBN rule NAT-IBN-Rule description NAT_IBN_Rule >set security nat source rule-set NAT-IBN rule NAT-IBN-Rule match source-address 10.10.10.11/32 >set security nat source rule-set NAT-IBN rule NAT-IBN-Rule match destination-address 0.0.0.0/0 >set security nat source rule-set NAT-IBN rule NAT-IBN-Rule then source-nat interface #######Firewall Policy configuration######### >set security policies from-zone untrust to-zone untrust policy allow-win-server match source-address 10.10.10.11 >set security policies from-zone untrust to-zone untrust policy allow-win-server match destination-address any >set security policies from-zone untrust to-zone untrust policy allow-win-server match application any >set s...

[PfSense] OpenVPN server configuration with Linux client [Ubuntu]

Image
  Import the CA certificate: openssl x509 -in pf-ca.pem -inform PEM -out pf-ca.crt sudo cp pf-ca.crt /usr/local/share/ca-certificates sudo update-ca-certificates Import the OpenVPN client configuration: sudo nmcli connection import type openvpn file [client].ovpn OpenVPN connection via cmd: sudo openvpn --config /path/to/config.ovpn

PfSense OpenVPN server with Windows client

Image

[CentOS/Rocky/RHEL] Forticlient installation

Image
  Method 1: Rocky 8  (and newer),  Centos 7 (and newer) and Redhat 7 (and newer) Install yum-utils: yum install yum-utils Add repo sudo yum-config-manager --add-repo  https://repo.fortinet.com/repo/forticlient/7.4/centos/8/os/x86_64/fortinet.repo Install FortiClient sudo yum install forticlient Method 2: Direct RPM Download Link: Installation Download the FortiClient VPN RPM package from  https://links.fortinet.com/forticlient/rhel/vpnagent  - this will normally be downloaded to the  Downloads  folder in your user's home folder. In the file browser navigate to this folder and double click on the forticlient_vpn_X.XX.XXXX_x86_64.rpm file and click Install in the software install window. Configuration Launch FortiClient using the shield icon in the top bar and then click 'Configure VPN'. Ensure that SSL-VPN is selected, enter a connection name (e.g. FMRIB VPN) and then in the Remote Gateway box enter https://vpn.fmrib.ox.ac....

IKEv2 Remote Access VPN using ForticlientVPN

Image
  Interface: config system interface     edit "port1"         set vdom "root"         set ip 192.168.0.108 255.255.255.0         set allowaccess ping https ssh http         set type physical         set netflow-sampler both         set alias "WAN1"         set lldp-reception enable         set role wan         set snmp-index 1         set secondary-IP enable         set mtu-override enable         set mtu 1000     next     edit "port4"         set vdom "root"         set ip 20.20.20.108 255.255.255.0         set allowaccess ping         set type physical         set alias "LAN"         set snmp-inde...

IKEv2 IPsec Config Fortigate

Image
Interface:  config system interface     edit "port2"         set vdom "root"         set ip 14.140.40.108 255.255.255.0         set allowaccess ping https         set type physical         set alias "WAN2"         set role dmz         set snmp-index 2     next     edit "port4"         set vdom "root"         set ip 20.20.20.108 255.255.255.0         set allowaccess ping         set type physical         set alias "LAN"         set snmp-index 8     next     edit "test"         set vdom "root"         set type tunnel         set snmp-index 9         set interface "port2"     next end IKEv2 V...

Configure Redundant IPsec VPN with SD-WAN

Image
  IPsec Tunnel Interface: config system interface     edit "tun1-isp1"         set vdom "root"         set ip 172.16.1.1 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 172.16.1.2 255.255.255.0         set snmp-index 9         set interface "port1"     next end config system interface     edit "tun2-isp2"         set vdom "root"         set ip 172.16.2.1 255.255.255.255         set allowaccess ping         set type tunnel         set remote-ip 172.16.2.2 255.255.255.0         set snmp-index 11         set interface "port2"     next end config vpn ipsec phase1-interface     edit "tun1-isp1"       ...