Tuesday, March 18, 2014

FortiAuthenticator SCEP

You can use SCEP to auto-enroll devices in FortiAuthenticator as well as retrieve CRLs. When configuring this on a firewall or other device the correct URL to use is:

http://<fortiauth IP>/cert/scep

I have asked the technical documentation team to add this to the FortiAuthenticator Admin Guide.

Friday, March 14, 2014

Logging DNS Requests

When inspecting DNS traffic it can be useful to log the domain names that are part of the DNS request. In order to accomplish this you can use a custom IPS signature:

IPS Custom Signature: F-SBID( --attack_id 4153; --name DOM-ALL; --protocol udp; --service dns; --log DNS_QUERY;)

The signature below allows you to search for and prevent DNS lookups for a specified domain, in this example xyz.com.



set signature F-SBID( --name xyz.com; --protocol udp; --service dns; --pattern xyz.com; --context host; --no_case; --default_action drop;)

(Danke C.R)

Wednesday, March 5, 2014

Deleting VDOMs

VDOMs have quite a number of dependencies that need to be deleted before you can get rid of the VDOM itself. Below is a useful little script that goes through all the sections and purges them so the VDOM can be deleted. Adjust it as needed.

## This script needs to be run interactively. In other words you cannot copy and paste the whole script. You have to acknowledge each purge command.
## Purge all VDOM specific configuration


config vdom
 edit <vdomname>
 config firewall policy
  purge
 end
 config firewall policy6
  purge
 end
 config firewall vipgrp
  purge
 end
 config firewall vip
  purge
 end
 config firewall addrgrp
  purge
 end
 config firewall address
  purge
 end
 config router static
  purge
 end
end

## Assign any interfaces used by the VDOM back to ROOT

config global
 config system interface
    edit <interface name>
    set vdom root
 end
end

## Delete any VDOM Links

config system global
 config system vdom-link
    delete <vdom link name>
 end
end  

## Make sure all admins are assigned to the root VDOM

config system global
 config system admin
  edit <admin-name>
  set vdom root
  end
 end

config vdom
 delete <vdomname>
end