2025年7月5日 星期六

OSPF over IPsec gre tunnel in FortiGat

 Continuing this theme, this time it’s a site-to-site VPN between FTGs

https://xrcd2.blogspot.com/2025/07/fortigate-site-to-site-vpn-lab.html

https://xrcd2.blogspot.com/2023/02/ospf-over-ipsec-for-paloalto-and.html



CLI config example

(1)

FortiGate-BH (VPN-TO-HQ) # show

config vpn ipsec phase1-interface

    edit "VPN-TO-HQ"

        set interface "port1"

        set local-gw 68.10.1.1

        set peertype any

        set net-device disable

        set proposal des-md5 des-sha1

        set dhgrp 14 5

        set encapsulation gre

        set remote-gw 210.10.1.1

        set psksecret FortiPWD168

    next

end


FortiGate-BH (VPN-TO-HQ) # show

config vpn ipsec phase2-interface

    edit "VPN-TO-HQ"

        set phase1name "VPN-TO-HQ"

        set proposal des-md5 des-sha1

        set dhgrp 14 5

        set auto-negotiate enable

        set encapsulation transport-mode

        set protocol 47

    next

end


FortiGate-BH (VPN-TO-HQ) # show

config system interface

    edit "VPN-TO-HQ"

        set vdom "root"

        set ip 192.168.1.2 255.255.255.255

        set allowaccess ping

        set type tunnel

        set remote-ip 192.168.1.1 255.255.255.252

        set snmp-index 15

        set interface "port1"

    next

end

================================================

(2)

FortiGate-HQ (VPN-TO-BH) # show

config vpn ipsec phase1-interface

    edit "VPN-TO-BH"

        set interface "port1"

        set local-gw 210.10.1.1

        set peertype any

        set net-device disable

        set proposal des-md5 des-sha1

        set dhgrp 14 5

        set encapsulation gre

        set remote-gw 68.10.1.1

        set psksecret FortiPWD168

    next

end


FortiGate-HQ (VPN-TO-BH) # show

config vpn ipsec phase2-interface

    edit "VPN-TO-BH"

        set phase1name "VPN-TO-BH"

        set proposal des-md5 des-sha1

        set dhgrp 14 5

        set auto-negotiate enable

        set encapsulation transport-mode

        set protocol 47

    next

end


FortiGate-HQ (VPN-TO-BH) # show

config system interface

    edit "VPN-TO-BH"

        set vdom "root"

        set ip 192.168.1.1 255.255.255.255

        set allowaccess ping

        set type tunnel

        set remote-ip 192.168.1.2 255.255.255.252

        set snmp-index 15

        set interface "port1"

    next

end


===================================================



WEB config  example









========================================










Tracer & Ping Test 



張貼者: 沒有留言:
標籤: , ,

2025年7月4日 星期五

FortiGate Site to Site VPN Lab

 Continuing this theme, this time it’s a site-to-site VPN between FTGs

https://xrcd2.blogspot.com/2023/02/ospf-over-ipsec-for-paloalto-and.html





















張貼者: 沒有留言:
標籤: , ,

2025年6月27日 星期五

FortiGate firewall configures the Syslog filter

FortiGate firewall configures the Syslog filter

Reference URL :  

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-syslog-free-style-filters/ta-p/204606


Test







Log Example:

ssh login

Jun 28 14:06:00 192.168.100.254 date=2025-06-28 time=14:06:00 devname="Test-FW" devid="FGVMEXXXXXXXXXXX" eventtime=1751090760672765479 tz="+0800" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1751090760" user="admin" ui="ssh(192.168.100.112)" method="ssh" srcip=192.168.100.112 dstip=192.168.100.254 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from ssh(192.168.100.112)"


web login 


Jun 28 14:07:10 192.168.100.254 date=2025-06-28 time=14:07:09 devname="Test-FW" devid="FGVMEXXXXXXXXXXX" eventtime=1751090829377377416 tz="+0800" logid="0100032001" type="event" subtype="system" level="information" vd="root" logdesc="Admin login successful" sn="1751090829" user="admin" ui="http(192.168.100.112)" method="http" srcip=192.168.100.112 dstip=192.168.100.254 action="login" status="success" reason="none" profile="super_admin" msg="Administrator admin logged in successfully from http(192.168.100.112)"


=======================================================

ssh config 

Jun 28 13:48:30 192.168.100.254 date=2025-06-28 time=13:48:30 devname="Test-FW01" devid="FGVMEXXXXXXXXXXX" eventtime=1751089710571156282 tz="+0800" logid="0100032102" type="event" subtype="system" level="alert" vd="root" logdesc="Configuration changed" user="admin" ui="ssh(192.168.100.112)" msg="Configuration is changed in the admin session"

web config 

Jun 28 13:58:07 192.168.100.254 date=2025-06-28 time=13:58:07 devname="Test-FW" devid="FGVMEXXXXXXXXXXX" eventtime=1751090286557611095 tz="+0800" logid="0100032222" type="event" subtype="system" level="notice" vd="root" logdesc="Global setting changed" user="admin" ui="GUI(192.168.100.112)" field="hostname" old_value="Test-FW01" new_value="Test-FW" msg="User admin changed hostname global setting to Test-FW from GUI(192.168.100.112)"


==================================================

FTG Config 

Test-FW # config log syslogd filter

Test-FW (filter) # show
config log syslogd filter
    config free-style
        edit 1
            set category event
            set filter "logid 0100032001 0100032102 0100032222"
        next
        edit 2
            set category traffic
            set filter "srcintf port1"
        next
    end
end

Test-FW (filter) # get
severity            : information
forward-traffic     : enable
local-traffic       : enable
multicast-traffic   : enable
sniffer-traffic     : enable
ztna-traffic        : enable
anomaly             : enable
voip                : enable
gtp                 : enable
free-style:
    == [ 1 ]
    id:     1       category: event
    == [ 2 ]
    id:     2       category: traffic

Test-FW (filter) #

張貼者: 沒有留言:
標籤: , , ,

2025年6月13日 星期五

Rsyslog 收到特定訊息的觸發動作

 

以往都習慣用 Rsyslog + logfmon 這樣的組合去做一些簡單網管小功能.

但 logfmon 這個好工具,已長久不再更新,故想改變一個方式,去取代這樣的組合.

https://xrcd2.blogspot.com/2016/11/logfmon.html

僅用 rsyslog 去做-->收到特定訊息的觸發動作

但不確定這樣的組合是否可以通過高壓測試?

以往 Rsyslog 僅負責將接收到的特定 IP  log 寫入指定位置,
並透過 logfmon 去做特定訊息的分析及觸發動作.

等上線實戰後再來後續處理了.待追蹤~

記錄相關設定如下:



啟用 omprog 模組 在 rsyslog.conf  加上 module(load="omprog")

並啟用相關設定如:


if ($msg contains "Login failed" or $msg contains "Configured" or  $msg contains "LINEPROTO-5-UPDOWN" or  $msg contains "Critical") then {
    action(type="omprog" binary="/usr/local/sbin/XXX.sh")
    stop
}

=========================================

XXX.sh

#!/bin/bash
while read line; do
  echo "收到特定訊息:$line" >> /var/log/trigger.log
  # 這裡可以改成你想做的動作,例如:
  # echo "$line" | mail -s "特定訊息通知" you@example.com
done




 




張貼者: 沒有留言:
標籤: , ,

To use Windows NPS (RADIUS) with a Cisco device

透過 Windows NPS 服務驗証 Cisco 設備登入機制

以往都習慣用 Linux + FreeRADIUS 去完成登入驗證(OTP)

https://xrcd2.blogspot.com/2016/01/cisco-radius-otp.html

這次換成 Windows NPS ,實驗截圖如下:












張貼者: 沒有留言:
標籤: ,

2025年5月2日 星期五

pfSense + FortiGate 整合測試

 pfSense + FortiGate VPN 登入驗證使用  OTP 

先前導讀相關 Blog 

FreeRADIUS 搭配 Google Authenticator 完成 2FA [ 透過 pfSense ]

https://xrcd2.blogspot.com/2025/04/freeradius-google-authenticator-2fa.html

相關運用圖解如下 :                    PS: 圖左功能可由 pfSense 取代




重點設定圖示及功能驗證如下:












張貼者: 沒有留言:
標籤: , , ,
訂閱: 文章 (Atom)