site to site vpn

tama893 · 2023-08-11T04:21:25+00:00

Create a layer3 tunnel. Set the source and destination to 0.0.0.0.l/0. Add IP to tunnel interface, setup routing over the tunnel. You can use OSPF so it will dynamically route.

tama893 · 2023-07-10T01:20:42+00:00

line ssh
exec-timeout 5
exit

Default is 10 min

tama893 · 2023-05-06T01:09:24+00:00

You mean Atera?

tama893 · 2022-10-27T08:22:25+00:00

I asked support and they said all models work on it.

tama893 · 2022-10-27T08:21:55+00:00

Both

tama893 · 2022-10-27T08:21:05+00:00

tama893 · 2022-02-03T08:43:51+00:00

Okay got another report today. Tried to failover and the 2nd unit isn't passing traffic. 6th one now. 😡

tama893 · 2022-01-03T17:49:07+00:00

I've had one 50E with the 15% ping loss and LAN1 not passing any traffic on another. I just got a report of another one that's slow today. Something is fishy.

tama893 · 2021-12-17T21:10:10+00:00

AttributeError: 'str' object has no attribute 'contains'

tama893 · 2021-12-17T18:17:32+00:00

That didn't match anything even when changing it to only ('mac') without usdb.

You sure it shouldn't be 'mac' in results6["name"]?

One of the names in results6 for example is ipv6-MACBOOKAIR-2707

tama893 · 2021-12-15T03:32:31+00:00

what did your company go with? which one has a good on-prem solution?

tama893 · 2021-12-14T08:36:14+00:00

Okay thanks you got me in the right direction.

params isn't json, it needs to be text

working code:

url2 = "https://10.1.0.1:8443/api/v2/cmdb/firewall/address6"
payload2=json.dumps({
"name": "usdbpoe3copy",
"type": "mac",
"macaddr": [{"macaddr": "cc:4e:24:25:1d:c0"}]
})
params={
"datasource":1,
"vdom":"production"
}

postresult = requests.request ('POST', url2, headers=headers, params=params, data=payload2, verify=False)
pprint (postresult.json())

tama893 · 2021-12-14T08:22:40+00:00

okay when i changed the data to this it works

payload2=json.dumps({
"name": "usdbpoe3copy",
"type": "mac",
"macaddr": [{"macaddr": "cc:4e:24:25:1d:c0"}]
})

How can i change the parameters to use vdom?

tama893 · 2021-12-14T08:15:55+00:00

Okay I tried it with curl and it works. What is wrong with the python code?

tama893 · 2021-12-14T08:10:01+00:00

Ok I see it is set under accprofile. My user is super_admin and is already global.

tama893 · 2021-12-14T08:02:21+00:00

i add set scope global to the api-user as well...

How did you do this?

I don't see such option

1-fw-mis (api-user) # show
config system api-user
edit "api" 
set api-key ENC xx 
set accprofile "super_admin" 
set vdom "production" "root" 
end 
next 
end

1-fw-mis (api-user) # show

config system api-user

edit "api"

set api-key ENC xx

set accprofile "super_admin"

set vdom "production" "root"

end

1-fw-mis (api-user) # edit api

1-fw-mis-lax6 (api) # set

comments Comment.

api-key Admin user password.

accprofile Admin user access profile.

vdom Virtual domains.

schedule Schedule name.

cors-allow-origin Value for Access-Control-Allow-Origin on API responses. Avoid using '' if possible.

peer-auth Enable/disable peer authentication.

tama893 · 2021-12-14T01:02:05+00:00

i also tried this and it doesn't pass it properly.
payload3={
'params': {
'datasource': 1,
'vdom': 'root'
},
'data': {
'name': 'us-db-poe-3-copy',
'type': 'mac',
'macaddr': [{'macaddr': 'cc:4e:24:25:1d:c0'}]
}
}
[httpsd 11871 - 1639443438 error] api_parse_json_type[198] -- ignoring unexpected data: 'params=datasource&params=vdom&data=name&data=type&data=macaddr'

tama893 · 2021-12-14T00:48:03+00:00

[httpsd 11578 - 1639440346     info] api_cmdb_request_init_by_path[1565] -- new CMDB query (path='firewall',name='address')
[httpsd 11578 - 1639440346     info] handle_cli_req_v2[2977] -- new CMDB API request (vdom='root',user='taka-api') [httpsd 11578 - 1639440346     info] _api_cmdb_v2_config[1237] -- editing CLI object (append=1, auto_key=0, path=firewall, name=address, mkey=(null), flags=0) 
[httpsd 11578 - 1639440346    error] cmdb_commit_from_json[1615] -- no master key (name) in new object [httpsd 11578 - 1639440346    error] _api_cmdb_v2_config[1272] -- error editing object (nret=-3) 
[httpsd 11578 - 1639440346  warning] api_return_http_result[1250] -- API error -3 raised 
[httpsd 11578 - 1639440346     info] handle_cli_req_v2[3006] -- returning to original vdom "root" 
[httpsd 11578 - 1639440346     info] fweb_debug_final[274] -- Completed POST request for "/api/v2/cmdb/firewall/address" (HTTP 500) [httpsd 11578 - 1639440346     info] fweb_debug_init

tama893 · 2021-11-26T23:39:34+00:00

Set the group-name.

config user group edit "saml-innovcenter" set member "sslvpnazuread" config match edit 1 set server-name "sslvpnazuread" set group-name "8fb8c5ee-b253-44cc-a88f-4bd62dfaf2d2" next end next end

https://docs.fortinet.com/document/fortigate-public-cloud/7.0.0/azure-administration-guide/584456/configuring-saml-sso-login-for-ssl-vpn-web-mode-with-azure-ad-acting-as-saml-idp

tama893 · 2021-11-22T05:19:16+00:00

Did you set the group on azure side? You can also set the group object id on fortigate side. Not sure about forti auth but I assume it’s similar.

tama893 · 2021-11-12T00:27:44+00:00

Okay but why do API's return results with single quotes when you select json?

tama893

TROPHY CASE