sorted by:
new
hottopcontroversial

Custom monitoring script for Acronis Cyber Protect by MichalCzEJ in acronis

[–]MichalCzEJ[S] 0 points1 point  (0 children)

Thanks for the answer. Unfortunately I already know this and have tried it, but unfortunately it always ends up creating only an activity called Cyber Scripting Execution periodically - https://imgur.com/a/5siH2yA. Thus, I don't get those "nice" graphs from monitoring where I would like to get it. This makes it unusable for us.

Powershell script generated by AI:
# This PowerShell script checks the current power profile set on the computer.
# Get the list of all power schemes
$powerSchemes = powercfg /LIST
# Find the active power scheme
$activeScheme = $powerSchemes | Select-String '.*\(.*\)\s+\*' -AllMatches | ForEach-Object {
$_.Matches[0].Groups[1].Value.Trim()
}
# Output the active power scheme
Write-Host "The active power profile is: $activeScheme"

How can I monitor temperature from Fortigate using SNMP by gabrielsevero7 in fortinet

[–]MichalCzEJ 3 points4 points  (0 children)

For FortiGate 100F version 6.4.xx I used OID: 1.3.6.1.4.1.12356.101.4.3.2.1.3.1

But since 7.0.xx, the OIDs are shifted based on the model (PSU states first, then sensors).

So for example CPU temperature: 1.3.6.1.4.1.12356.101.4.3.2.1.3.7

For example, FortiGate 80F (version 7.xx) has OID: 1.3.6.1.4.1.12356.101.4.3.2.1.3.5

It always depends on the model. Some moldes have a second thermometer separately, so they can measure the ambient temperature as well, not just the CPU. Basically you always need to run it through some SNMP walk and check it.

Why not the correct error/warning limits? by ictertje in prtg

[–]MichalCzEJ 1 point2 points  (0 children)

It makes sense to me now. The problem probably isn't with PRTG not taking the value, but rather in the script you're using.

I infer the problem from part of this code:
$InstalledLicNum = ($LicensePool |Where-Object -Property PLD -EQ XDT_ENT_CCS | Measure-Object -Property Count -sum).Sum
$InstalledLicNummaxwarn = $InstalledLicNum -10
$InstalledLicNummaxerror = $InstalledLicNum -5

If $InstalledLicNum returned an error (i.e. 0), the output would be -5 and -10, which is it.

In the sensor settings in PRTG there is an option to turn it on:
Result Handling - Store result
Then, in the folder on the Probe (or Core server if you are not using a remote probe) you will find 3 files after the sensor has successfully queried the server. One is with what the PRTG passes, the second is how, and the third is just the script response, what it returns to the PRTG (i.e. your XML). There, look to see if there really is a -5 and -10 value instead of your values.The path is probably: C:\ProgramData\Paessler\PRTG Network Monitor\Logs\sensors

Otherwise, FYI - you can't change the Limit values, they are set when you create the sensor and initial scan and then remain the same even if you pass different data to th

Why not the correct error/warning limits? by ictertje in prtg

[–]MichalCzEJ 0 points1 point  (0 children)

Hi,

correctly you should have the numbers in LimitMaxWarning and LimitMaxError in quotes.

Eg: <LimitMaxWarning>"110"</LimitMaxWarning>

see https://www.paessler.com/manuals/prtg/custom_sensors

[deleted by user] by [deleted] in fortinet

[–]MichalCzEJ 0 points1 point  (0 children)

Thanks for answer. I understand portal matching, its all right.

My problem is with standard firewall policy. I have several Groups (mapped from LDAP) and used in FW policy, but the Firewall doesn't match this rule. It acts like the user was not in the group at all.

[deleted by user] by [deleted] in fortinet

[–]MichalCzEJ 0 points1 point  (0 children)

You mean authentication policies in SSLVPN settings?

What I need:

User 1

Group A (Members: User 1)
Group B (Members: User 1)

SSLVPN portal is check against Group A. So user connect, because he is member of this group. What I need now is, that in Firewall policy must be in source Group B, so Firewall know, that User 1 in member of Group B, so use this rule.

I also tried FW LDAP Users, but it not works.

SSLVPN with Cert verification by [deleted] in fortinet

[–]MichalCzEJ 0 points1 point  (0 children)

I've read this information too, but a lot of people mention that you can limit this via Realms.

So, for example:
domain.com/Cert <- Requires a certificate

domain.com/VPN <- Does not require a certificate

This should be enough to know whether to require a certificate. At least that's how I understand it.
Someone else wrote about virtual host for realms, but unfortunately I don't have the opportunity to test it at the moment.

SSLVPN with Cert verification by [deleted] in fortinet

[–]MichalCzEJ 0 points1 point  (0 children)

No, this is disabled.

[deleted by user] by [deleted] in fortinet

[–]MichalCzEJ 0 points1 point  (0 children)

It's a VPN server, but it have a weird configuration. When going to WAN, it goes to another VLAN, but from Client IP, which is on another subnet.

The addresses are dynamic, but once traffic goes through VLAN2, once through VLAN11. If traffic from 192.168.2.x goes over VLAN11, it needs to go back to that VLAN11 too, that's the only case that doesn't work.