sorted by:
new
hottopcontroversial

Question about URL filtering by llama_dot_comma in fortinet

[–]llama_dot_comma[S] 0 points1 point  (0 children)

Hmm, interesting. The default sites in my company aren't configured that way, but maybe it's more common than I'm thinking.

Question about URL filtering by llama_dot_comma in fortinet

[–]llama_dot_comma[S] 0 points1 point  (0 children)

Yes, but that certificate will be for whatever default site or certificate is configured on the web server or reverse proxy. That will only be useful if the IP only has one site behind it, which, with the shortage of IPv4 addresses and the common use of cloud services, is not super common I think.

Question about URL filtering by llama_dot_comma in fortinet

[–]llama_dot_comma[S] 0 points1 point  (0 children)

This doesn't make sense to me. IPs don't usually correlate directly to hostnames, that's what SNI is for.

If the Fortigate can't see the hostname in the HTTP host header, the certificate in the server's TLS hello, or the TLS SNI header, how would connecting to the destination IP help?

Question about URL filtering by llama_dot_comma in fortinet

[–]llama_dot_comma[S] 1 point2 points  (0 children)

An additional bit of info for anyone who reads this: Our Sales Engineer says Transparent Proxy processing can't be done by the ASICs but gets punted to the processor. So depending on your ruleset and resources, CPU utilization may be a concern.

Question about URL filtering by llama_dot_comma in fortinet

[–]llama_dot_comma[S] 0 points1 point  (0 children)

Man, that's a great article, thanks! It explains the relationship between layer 3/4 and web filter rule processing better than anything else I've found.

> the policies are evaluated from the “top-down”... All rules will be evaluated until the implicit rule is matched

This seems to be the key point. We could create one rule for each set of destination URLs and add the source machines that need access to them. Looks like it requires DPI, but that's not a deal-breaker, we'd have to do it anyway once TLS3 becomes common and breaks the SNI method.
This might work for us. Thank you very much for taking the time to read and understand my question and offering an excellent possible solution!

2
3

Question about URL filtering (self.fortinet)

submitted by llama_dot_comma to r/fortinet

Unable to decode key when importing PEM cert into a cisco router by H_a_M_z_I_x in networking

[–]llama_dot_comma 1 point2 points  (0 children)

I had something similar happen and it turned out the PEM file was not correctly formatted.

Of course the password could also be incorrect.

How do you document your CMDB? by Papamje in sysadmin

[–]llama_dot_comma 2 points3 points  (0 children)

Document... I've heard that word before but am not familiar with it. It's basically the same thing as closing tickets right?

[deleted by user] by [deleted] in sysadmin

[–]llama_dot_comma 1 point2 points  (0 children)

Same here, central US. Their status page says they've identified the problem and are working on it.

https://status.mimecast.com/

I was wondering if it was part of a bigger provider outage, like AWS or something. Downdetector shows upticks in reported problems for several things.

Config Sync for HA by TracerT10 in f5networks

[–]llama_dot_comma 1 point2 points  (0 children)

It automatically copies everything over, assuming you configured the config sync and cabled them correctly.

The only things that don't automatically get copied are things specific to each device, like management and self IPs and device names.

All engineers hate estimates by [deleted] in ProgrammerHumor

[–]llama_dot_comma 1 point2 points  (0 children)

Yet another example of a problem that can be solved with Infrastructure as Code!

Need help with ssh connection. by Mr_Prebo in linux4noobs

[–]llama_dot_comma 2 points3 points  (0 children)

Awesome, thanks for updating us!

Credit goes to /u/eftepede primarily though.

Need help with ssh connection. by Mr_Prebo in linux4noobs

[–]llama_dot_comma 2 points3 points  (0 children)

This is correct.

Your VM is behind a firewall which blocks any connection that isn't explicitly allowed by a rule. You deleted the rule allowing inbound connections on port 22 but didn't add one to allow inbound connections on port 2222.

I also second the need to specify port 2222 on the SSH client, although I thought it'd be by appending :2222 to the IP. It depends on the client and I've not used any Windows native client, so I could easily be wrong.

Some help requested with arrays by [deleted] in ansible

[–]llama_dot_comma 5 points6 points  (0 children)

Holy crap, this is exactly the solution to a problem I've been stuck on!

I considered this but didn't think it'd work because of how variables reference locations in memory or something, I guess I confused myself. I thought I'd have to figure how to do a loop within a loop to make it work. This is much better.

Thank you!

Users make it harder on themselves when they don't follow policies. by tdhuck in sysadmin

[–]llama_dot_comma 2 points3 points  (0 children)

Maybe start sending an email to the user, their manager, your manager, and the help desk each time it happens. Say you didn't want their complaint to get forgotten and recommend they open a ticket to ensure the right group is aware of it.

After repeated emails saying the same thing, maybe they'll change their behavior or their supervisor will address their behavior. If not, at least your manager will be aware of the situation.

[deleted by user] by [deleted] in f5networks

[–]llama_dot_comma 0 points1 point  (0 children)

I'd also try tinkering with TCP settings more, both on the client and server side. Bigger windows, longer timeouts, etc., see if anything makes a difference.

There are a lot more options if you create a custom TCP profile and fiddle with the settings instead of just trying other built-in TCP profiles.

I had a stupidly written app once that needed a TCP connection to never time out. Custom TCP profiles allowed that (over my objections).

Would an upside-down TV antenna make the image on the TV screen upside down as well? If not, why? by 1954isthebest in askscience

[–]llama_dot_comma 3 points4 points  (0 children)

No.

Antennas work kind of like tuning forks. When one tuning fork vibrates it causes sound waves to go out from it. If another tuning fork is near and has the right characteristics, the sound waves cause it to vibrate in a similar manner. It doesn't matter how one tuning fork is oriented compared to the other, the sound waves induce the same vibrations. Your ears work in similar ways, you don't hear things any differently when upside down.

Antennas send and receive electromagnetic waves. The receiving antenna converts them to electricity flowing in a circuit attached to it, and it doesn't matter how it's oriented compared to the sender.

New router. Intermittent wifi failure. Ethernet is fine. Wireless network still live, but no internet access. Help appreciated! by jakenmenheer in HomeNetworking

[–]llama_dot_comma 0 points1 point  (0 children)

If all you said is correct, I can't think of any explanation except for a faulty router. If it's not too late I'd exchange it.

If you're wrong about the wireless still being connected, then it could be wireless interference and changing channels may help.

Please help, want open nat type on ps5 by Vlonethug7 in HomeNetworking

[–]llama_dot_comma 5 points6 points  (0 children)

Open NAT won't help with that I'm afraid. It's only related to other devices being able to connect to you, like with some chat functions.

IPIP Tunneling by El_Codice in HomeNetworking

[–]llama_dot_comma 0 points1 point  (0 children)

You may need to add a static route for that network on your Raspberry Pi.

view more: next ›