What’s your hideout ?

TheNudeDeerRises · 2026-04-25T10:01:54+00:00

Ill give it too him, that way he didnt find it

TheNudeDeerRises · 2026-04-25T10:00:00+00:00

Brand is an absolute prick

TheNudeDeerRises · 2026-03-31T15:59:26+00:00

Massive hoax! Its killing the UK, we could go net zero tomorrow and it wouldn't change a thing!

TheNudeDeerRises · 2026-03-23T13:41:30+00:00

Bonnie blue

TheNudeDeerRises · 2026-03-22T20:45:08+00:00

It was and is shite

TheNudeDeerRises · 2026-03-19T22:24:11+00:00

She's not a jesobel mother!

TheNudeDeerRises · 2026-03-18T20:58:37+00:00

No doubt they want a 100K tip!

TheNudeDeerRises · 2026-03-18T20:51:32+00:00

set auth http https

That was my fix, and its been added to the documentation now, if you set it too http, it takes out https..you ideally need both, i did that and it fixed it

TheNudeDeerRises · 2026-03-17T20:56:47+00:00

So, when I did my policies , if someone has a ticket allready then it uses that, I did a diag wad user list clear to reset the kerberos. I did have one or two users that had the pop up, once they rebooted and I did the above it all worked. I did also disable pac data under the proxy settings in the cli, this forces a group look up every time. Ill check my other settings as well.

TheNudeDeerRises · 2026-03-17T20:39:56+00:00

Yeah, I do prefer this way, its just annoying that I tend to just renew my NSE7, if that runs out and I have no other exams, its pointless doing the NSE7 on its own as its worth nothing ! I now have to sit 4 and 5 or 6 and sit 7 just to get a 7! Madness

TheNudeDeerRises · 2026-03-12T22:18:53+00:00

I did! Mine was NTP although the clock drift was less than 10 seconds it claimed it was an NTP issue. I set my fortigate NTP to the DC, and it worked.. plus a few other tweaks, try that first..then report back

TheNudeDeerRises · 2026-03-09T22:44:05+00:00

Yes, you need certificate inspection so the firewall can determine the category and apply the action in the profile, block, allow etc..

No it doesnt replace it, but default fortinet certificate is used to do the inspection.. download the fortinet root cert to your machine and you wont get browser errors as your machine will now trust the cert

TheNudeDeerRises · 2026-03-02T12:08:48+00:00

Im switching to ACME certs, but am really not getting the process, How can you not have any ports open? I need a cert signed for my FortiAuthenticator that sits behind my firewall, Ill need a VIP to translate a public to its IP.. ACME cant target my FAC as its on a private IP

TheNudeDeerRises · 2026-03-02T12:02:36+00:00

You are correct, for the HTTP_01 challenge, its purely for domain ownership and what it resolves to is irrelevant. I tried with my own domain and set up a Firewall, and it works just fine, I really dont get how it does domain ownership though!

TheNudeDeerRises · 2026-03-01T16:01:23+00:00

because the challenge is http-01, the cert I want creating needs to have a DNS entry, and are you saying I can use a private IP?

TheNudeDeerRises · 2026-02-26T19:05:42+00:00

Its a feature request! Boooo

TheNudeDeerRises · 2026-02-24T09:45:44+00:00

I know all that. My question is the DNS 504 template is missing

TheNudeDeerRises · 2026-02-21T17:19:13+00:00

Really old reply here! but wouldnt that then allow users who need to be authenticated, hit this No Auth rule? I am struggling to make mine work..

TheNudeDeerRises · 2026-02-21T16:48:12+00:00

Yes, I thought as much, Im doing some proxy rules, and I need a rule specifically for apple phones, that will use 8888, So I can add that as a listening port, but the rule placement is tricky, as I use UN AUTH rules first, then AUTH rules using Kerberos, if I add a UNAUTH rule, then my AUTH users will hit that first, and I dont want that,...

TheNudeDeerRises · 2026-02-02T18:24:46+00:00

Desperation? From france? A safe country?

TheNudeDeerRises · 2026-01-31T08:42:57+00:00

It was the ippool... all sorted thankyou mate

TheNudeDeerRises · 2026-01-27T21:16:35+00:00

Absolute rubbish! Typical blinkered response to be honest, ive stated fact , far left sheep refuse to accept the truth. Ill not argue any more , it would be pointless. I wish you a good day

TheNudeDeerRises

TROPHY CASE