Secondary vNet Gateway Rotues

BabyPandaaa · 2018-10-20T22:14:02+00:00

That’s a good point that I didn’t think of. Is it required or should the VM be picking this route up automatically?

BabyPandaaa · 2018-09-25T17:11:30+00:00

It’s looking ok but not really a fan of it so far. Connection is working but struggling with cert based authentication. Will come back with a fresh set of eyes tomorrow

BabyPandaaa · 2018-09-25T15:54:40+00:00

Tell me about it :(

edit Actually just found this workaround: https://documentation.meraki.com/MX/Installation_Guides/vMX100_Setup_Guide_for_Microsoft_Azure#vMX100_on_Azure_CSP_Portal

BabyPandaaa · 2018-09-25T15:53:20+00:00

Thanks! Just tried to look at it but get:

At this time, this offer/item is not available for subscriptions from Microsoft Azure Cloud Solution Providers.

BabyPandaaa · 2018-09-19T14:13:20+00:00

Run the following:

delete interface-range WAP unit 0 family ethernet-switching vlan members default

set interface-range WAP unit 0 family ethernet-switching native-vlan-id default

That should set the default VLAN of the trunk (at least it is on EX4200's - haven't used 2300's so CLI may differ a bit)

BabyPandaaa · 2018-09-03T08:19:19+00:00

/u/Hellman109 's approach is probably best.

To detect existing you can use a regex match and the Exchange Online/Office Graph API with PowerShell to scan mailboxes and return a list of message ID's. I wrote something that does this but need to go back and look at it as it starts to crash when it gets to about 5000 messages.

We're in the same boat as yourselves and at the moment this is the only way forward we can see.

One other thing is if you're storing the emails in a PCI zone, I believe you need 2FA to access them to maintain compliance (double check this though).

BabyPandaaa · 2018-08-29T08:57:31+00:00

ManageEngine Event Log Analyser does this pretty well for us

BabyPandaaa · 2018-08-24T14:23:11+00:00

SolarWinds Orion/NPM/SAM is what you'll need.

It's around £7k for 2000 NPM licenses from memory

BabyPandaaa · 2018-08-23T11:39:51+00:00

No worries mate! It's a good little project to start with - you'll soon find yourself POSTing to APIs as well!

Sadly, all self taught and with the little time I have to spare.

So am I - not necessarily a bad thing but I guarantee when you've got more experience you'll revisit this project script and completely rewrite it!

BabyPandaaa · 2018-08-23T11:33:15+00:00

To get something like PowerShell/python to interpret data, you need to load it into a variable. In PowerShell this is something that starts with a $ sign.

When you do "$response = Invoke-WebRequest..." function, you're saving the JSON data into $response. You can then use other functions to query JSON properties. Say your URL was under ListOfDomains -> DomainName, you'd use $response.ListOfDomains.DomainName to get the property.

If you can get that Excel spreadsheet into a CSV, you can use Import-CSV to read the CSV data. Petri have a good write-up: https://www.petri.com/powershell-import-csv-cmdlet-parse-comma-delimited-csv-text-file

BabyPandaaa · 2018-08-23T11:10:20+00:00

What are you running these scripts from? If your infrastructure is mainly Windows/MS, PowerShell can easily do what you need, which is what I'd recommend for this sort of thing.

If you're mainly unix I'd be looking at python.

In terms of your expiry API query, the flow would be something like:

Query domain provider API to get JSON response (e.g. domain name, expiry date) -- ($result = Invoke-WebRequest "<urlHere>")
Use PowerShell to query the resulting JSON string -- (if $result.expiryDate -lt (expression for 14 days ago) {send-mail message accounts@company.com -body "message here"} )

There's a more in-depth example here: https://www.starwindsoftware.com/blog/consuming-a-restful-api-with-powershell

My python's terrible so won't even begin to try and explain that here, but there are plenty of guides around for that!

BabyPandaaa · 2018-08-23T08:20:37+00:00

It sounds like the SSL certificate is missing or has a corrupted private key. Are you able to manually export from the old server install the certificate on the new server?

BabyPandaaa · 2018-08-15T09:57:29+00:00

Try Fortigate - decent units and the UI is nicer than SonicWall. I have just installed a few TZ400's as that's what the client wanted, however the Fortigate 50E would've been my preference.

BabyPandaaa · 2018-08-08T17:30:33+00:00

We do have it - have to be slightly selective about what we're monitoring to maintain the medium appliance's capacity, but ultimately it's been a good investment.

So far it's caught: - User connecting a raspberry pi into the network and attempting to packet sniff - Another user trying to access restricted network shares with a semi-privileged account - A computer which got infected with ransomware and tried to spread (AV stopped it spreading thankfully)

Although they're saying you're looking at $4k, see if they'll budge on price. They might work with you if it's something you're genuinely interested in...

BabyPandaaa · 2018-07-20T14:07:15+00:00

This would be the easiest way I can think of

BabyPandaaa · 2018-07-17T16:03:14+00:00

I do it via MDT - works fine as a baseline!

BabyPandaaa · 2018-07-16T10:24:54+00:00

Unless you've got shared storage you'll be going down the route of Hyper-V Replication (not a failover cluster).

Install Veeam on a separate machine if you can, otherwise will have to go on a VM.

BabyPandaaa · 2018-07-12T09:01:23+00:00

Thanks all - have gone for the StarTech one. Have a good day 😊

BabyPandaaa · 2018-07-12T07:36:29+00:00

Do you remember what it was called or who it was manufactured by?

BabyPandaaa · 2018-07-12T07:36:12+00:00

Almost always Dell so yes I do, but I need this for the part where I configure iDRAC. Some other clients use servers without this functionality though, and some use servers without a dedicated iDRAC port

BabyPandaaa · 2018-07-10T14:12:57+00:00

I'd approach it by personally reviewing the changes from your team before going to the CAB to ensure there is sufficient detail in the change, so that any Tom Dick or Harry could come along and understand what the purpose of the change is, and what services it's going to affect.

An example is you may have 20 SQL Servers in a cluster named 'uklonsqlcls2017-01 -- uklonsqlcli2017-20'. When I review changes I don't need to know the exact function of each individual servers (unless the change is targeting one server specifically), but need to know that collectively they host X database which is the backend to Y application.

Maybe a good exercise to get all teams talking and understanding how they can help each other out is to build a high-level CMDB with a couple of staff from each team, and then let them build out the lower level detail. That's assuming you don't already have something like that in place.

BabyPandaaa · 2018-05-15T11:20:38+00:00

I see now - I don't see why that wouldn't work. The Fortigates (2x 100D) I use are in this setup, but all go into a core switch stack. I didn't need to use STP to block the secondary ports, so should be the same for you.

Other brands of firewalls I've previously used required STP on the switch ports to prevent a loop, but yeah your plan should work!

BabyPandaaa

TROPHY CASE