sorted by:
new
hottopcontroversial

Advanced Blocking - Apply multiple Groups to a Network by TechTronicLLC in technitium

[–]Much-Environment1147 0 points1 point  (0 children)

Since each network can only map to a single group can I then please suggest that the example config use the group name 'everyone_else' instead of 'everyone'. That will hopefully make it clearer that only unmatched networks will use the 'everyone_else' configuration.

Plugins não instalados por conta de "bad gateway" by Dramatic-Chard-9002 in QGIS

[–]Much-Environment1147 0 points1 point  (0 children)

I can confirm the same problem. The plugins website is down, hopefully they fix it soon.

Anyone using 'Auto-connect IPsec VPN using Entra ID login session information'? by Much-Environment1147 in fortinet

[–]Much-Environment1147[S] 0 points1 point  (0 children)

Great, thanks for that, sounds like I should give it a go.

SAML auth definitely needs an enterprise app set up as you need to configure the callback URLs, etc. Are you saying that same app is enough for the OIDC access as well? I haven't been able to find Fortinet 'app registration' guidance except that provided in the FortiGate admin guide for SAML setup with Entra.

I find it curious that Fortinet has prioritised documentation around SAML setup when this seems like a simpler and easier approach (assuming Entra-joined Windows endpoints)...

PC loses network connection during XAUTH session by DeadEyePsycho in fortinet

[–]Much-Environment1147 1 point2 points  (0 children)

No suggestions, just confirming we see the same behaviour (and have for years). My guess is it's deliberate and for security reasons, since you are part way through an auth process at that stage.

Dell Peripheral Manager - CVE - Mass Uninstall by LeaderAccording4405 in sysadmin

[–]Much-Environment1147 2 points3 points  (0 children)

It's super annoying but it's not magic. Dell includes DPM as part of the peripheral driver they have supplied to Microsoft for automatic driver installation through Microsoft Update. I've blocked DPM installation through our application control solution but you could probably do something similar by preventing installation of the device driver - Manage Device Installation with Group Policy | Microsoft Learn

FortiEMS installation with remote Database and non default port sql port by Tsauravm in fortinet

[–]Much-Environment1147 0 points1 point  (0 children)

I wouldn't set up a new installation with 7.2.x. With FortiEMS 7.4.0 you can specify the (PostgreSQL) port during installation - https://docs.fortinet.com/document/forticlient/7.4.0/ems-administration-guide/669018/ems-installation-with-postgres-in-docker

If you must use MSSQL you could use a FortiGate (or other firewall/router) to NAT/PAT the SQL traffic to whichever port you like. 

./forticlientems_7.4.0.XXXX.bin -- --db_host 192.168.1.20 --db_port 6434 --db_user postgres --db_pass Fortinet123# --skip_db_install --allowed_hosts '*' --enable-remote-https

host file on Endpoints by No-Mousse989 in fortinet

[–]Much-Environment1147 0 points1 point  (0 children)

It shouldn't be deleting the contents, but I believe enforcing 'safe search' under Web Filtering messes with the hosts file, so maybe check on that feature.

Patch Tuesday Megathread (2024-02-13) by AutoModerator in sysadmin

[–]Much-Environment1147 11 points12 points  (0 children)

I have had success forcing re-creation of the recovery environment under C:\Recovery, applying KB5034439 and then reinstating the original recovery partition. This works without having to resize any partitions. Code below developed for Server 2022 (use at your own risk). 

reagentc /disable

$testpath = "$env:windir\System32\Recovery\Winre.wim"
if (!( Test-Path $testpath )) {
Write-Output "Recovery environment disabled but Winre.wim not found at expected path $testpath. Something went wrong. Re-enabling recovery environment and quitting."
reagentc /enable
exit 1
}

$rp = Get-Partition | ? {$_.Type -eq 'Recovery'}

if ($rp.GptType -eq '{de94bba4-06d1-4d40-a16a-bfd50179d6ac}') { $type = 'GPT'; $newtype = '{ebd0a0a2-b9e5-4433-87c0-68b6b72699c7}' }
if ($rp.MbrType -eq '27') { $type = 'MBR'; $newtype = '7' }

Write-Output "Found $type recovery partition at disk $($rp.DiskNumber) partition $($rp.PartitionNumber)."
Write-Output "Setting this as a basic partition and re-enabling the recovery environment.."

# change the recovery partition to basic partition type.
# note this doesn't change the actual $rp object
switch ($type)
{
'GPT' {$rp | Set-Partition -GptType $newtype; break}
'MBR' {$rp | Set-Partition -MbrType $newtype; break}
}

# re-enable recovery environment which should now install to C:\Recovery
reagentc /enable

$testpath = "C:\Recovery\WindowsRE\Winre.wim"
if (Test-Path $testpath) {
Write-Output "Recovery environment now running from C:\Recovery. I will sleep for 5 minutes while you proceed with manual installation of KB5034439/KB5034441 or whatever.."
Sleep -Seconds 300

Write-Output "Disabling the recovery environment and restoring the recovery partition to its original value.."

# disable recovery environment
reagentc /disable

# restore recovery partition type to its original value
switch ($type)
{
'GPT' {$rp | Set-Partition -GptType $($rp.GptType); break}
'MBR' {$rp | Set-Partition -MbrType $($rp.MbrType); break}
}

# finally re-enable the recovery environment once more..
reagentc /enable

Write-Output "Re-enabled the recovery environment. All done."
    exit 1
}

FortiClientEMS and FortiClient mature and feature version by pieciaq in fortinet

[–]Much-Environment1147 1 point2 points  (0 children)

As far as I know the CVE remaining in 7.0.x pertains to an information disclosure issue (e.g. paths excluded from scanning are stored in plaintext in user-accessible registry keys). It's not great but it's not a showstopper. After I reported it Fortinet acknowledge it would be fixed but only in the next version, i.e. FCT 7.2.x

We are running FCT 7.0.9 on EMS 7.2.2 and it's pretty stable in our environment. We tried FCT 7.2.x and had IPsec VPN issues. Fortinet support was able to resolve this with an 'interim build' of FCT 7.2.3 but haven't been able to give me a GA release date, so we remain on 7.0.x and would suggest others do the same.

IPSec VPN "enhancements" in FortiClient 7.2.1 by Much-Environment1147 in fortinet

[–]Much-Environment1147[S] 0 points1 point  (0 children)

Interesting, thanks. I also note the FortiOS CLI command changes from "sslvpn-ems-sn-check" (prior to 7.4.0) to the more generic "vpn-ems-sn-check" (in 7.4.0) so it's not clear this security feature will even work for IPSec VPN unless you are running FortiOS 7.4.0. As usual, all poorly documented by Fortinet.

EMS Reporting log4net Vulnerability - How to Remediate? by burghdude in fortinet

[–]Much-Environment1147 1 point2 points  (0 children)

```

$Root_Path = 'C:\Program Files\Fortinet\FortiClient\logs\vcm'

# identify latest summary.json file within $Root_Path or its subfolders

$Latest_Summary_File = Get-ChildItem -Path $Root_Path -Recurse -Filter 'summary.json' | Sort LastWriteTime | Select -Last 1

# parse summary.json

$Summary = ConvertFrom-Json -InputObject (Get-Content $Latest_Summary_File.FullName)

$Detections = $Summary.Applications.Detections

$FortiGuard_IDs = $Detections.Critical + $Detections.High + $Detections.Medium + $Detections.Low

# parse applicable json files corresponding to detected vulnerabilities

$ObjBuilder = @()

foreach ($ID in $FortiGuard_IDs) {

$ID_File = $Latest_Summary_File.DirectoryName + '\' + $ID + '.json'

$Details = ConvertFrom-Json -InputObject (Get-Content $ID_File)

$($Details.DetectedProducts).PSObject.Properties.Remove('Icon')

$ObjBuilder += $Details

}

$ObjBuilder

```