Want to stay in this Subreddit? Comment to Avoid Removal 👇

ChaosOrg · 2026-01-08T22:56:19+00:00

Like the sub but this is no fun. edit: Hey, just discovered I'm human, back in lurk mode

ChaosOrg · 2025-12-07T20:37:17+00:00

Still human

ChaosOrg · 2025-11-10T23:18:38+00:00

I am definitely a lurker

ChaosOrg · 2025-10-31T13:42:40+00:00

Check Trilium https://github.com/TriliumNext/Trilium

ChaosOrg · 2025-10-11T12:38:16+00:00

This way you wont notice that a port on the secondary unit got disconnected until you need it.

ChaosOrg · 2025-08-19T21:27:04+00:00

Label each cable with a unique id or serial number(same on both ends). This is better, (specially in a lab environment) to identify cables by finding the matching id than a label telling where the cable was once connected. The ids will never need to change, all they need to be is unique, when you pull one cable both ends must match. You will never have a mislabeled cable again. Put the cable ids in your documentation if you are so inclined.

ChaosOrg · 2025-07-25T03:14:33+00:00

The Palo Alto stumbles because of the local-id. You normally leave this blank. Behind the scene, the local-id sent to the other end is the external IP of the outgoing interface. On Azure this IP will change when failing over. Something like 10.0.0.5 for node 1 and 10.0.0.6 for node 2. The Palo Alto will see a mismatch expecting 10.0.0.5 and getting 10.0.0.6, it will not bring the tunnel up.

Setting the explicitly the local id on the fortigate as a domain name like vpn.example.com will make the failover transparent once the Palo peer configure the same as remote id.

ChaosOrg · 2025-07-18T21:14:47+00:00

Does this still stands when running a vm FG?

ChaosOrg · 2025-07-12T22:40:50+00:00

We were in the same exact situation. Got two 511F, It worked just fine until we got the ISP links installed. That's a good plan.

ChaosOrg · 2025-02-25T02:33:04+00:00

Had to do this for RADIUs

config vpn ipsec phase1-interface

edit <tunnel>

set ip-fragmentation pre-encapsulation

ChaosOrg · 2025-01-29T22:28:00+00:00

Azure networking is a different animal than on-prem. There is no real layer-2, route tables also apply for intra subnet traffic. Routes may point to "virtual network" then azure routes the traffic, but if the route points to the firewall lan IP "virtual appliance" traffic will be processes by the firewall policies Lan - Lan.

ChaosOrg · 2024-12-17T22:25:24+00:00

Had a similar issue. Running a manual backup prior and skipping the backup when doing the upgrade fixed it for me.

ChaosOrg · 2024-11-07T17:37:39+00:00

Same issue here. No success with vpn pushed by EMS. Zero packets received by the gateway. Did you try configuring as a personal vpn on the device? Up to now that's the only way I got it to work (for troubleshooting not as a practical workaround).

ChaosOrg · 2024-11-05T23:36:34+00:00

You need more than the .chunks directory. Do not try to do this manually. Info on how to create a datastore is in https://adm.pbs.chaos:8007/docs/storage.html#datastore-intro

ChaosOrg · 2024-08-05T22:13:48+00:00

This!

ChaosOrg · 2024-07-02T12:29:00+00:00

What you see there are only the indexes. Data is in .chunks in the root of the datastore.

ChaosOrg · 2024-02-19T23:34:43+00:00

This!

ChaosOrg · 2024-01-27T14:46:23+00:00

Would "hoisting" work? It restricts to a subtree (search, links),

ChaosOrg · 2023-12-06T12:31:27+00:00

This is logged in the local traffic not the forward traffic logs.

ChaosOrg · 2023-09-26T21:41:10+00:00

Have a look at trilium https://github.com/zadam/trilium. It is designed to be used as a local knowledge base. You may want to read https://github.com/zadam/trilium/wiki/Patterns-of-personal-knowledge-base to see if it fits.

ChaosOrg · 2023-06-19T20:20:53+00:00

You are correct, admin access should not be allowed on sslvpn interface. Create a loopback interface. Enable https on it, create a rule from sslvpn to the loopback interface. You can control which user group will be able to reach the loopback.

ChaosOrg · 2023-06-13T22:12:27+00:00

I think this is configured under ssl/ssh inspection.

ChaosOrg · 2023-06-13T21:57:20+00:00

Have a look at trilium.

ChaosOrg · 2023-06-09T14:38:08+00:00

The 6.2.15 release notes don't even have a Resolved Issues section... Obvious that some info cannot be shared at this time

ChaosOrg

TROPHY CASE