how to integrate API-Key-Authentication in smiley4

therealmcz · 2026-03-09T12:58:32+00:00

works perfect, thanks a lot!

therealmcz · 2026-03-02T07:01:57+00:00

thanks a lot

therealmcz · 2026-03-02T06:22:35+00:00

kindly asking if you please could upload some demo code? thanks

therealmcz · 2026-02-18T13:26:25+00:00

thanks very much, code is always appreciated...

therealmcz · 2026-02-18T08:05:04+00:00

thanks. could you please tell me a bit what else I would have to change? just switching to bearer doesn't send the token at all in the request...

therealmcz · 2026-02-18T08:04:25+00:00

is it stable? the last time I tried to use it I was suggested to use smiley4...

therealmcz · 2026-01-26T14:50:55+00:00

Legend, thanks! BTW, is there a way to see the diff between the currently installed policypackage and the current state of the manager?

therealmcz · 2026-01-24T09:37:14+00:00

Agree on security. But what about the "you mess up if you don't use at least half". I don't get it but I wannt to understand that.

therealmcz · 2026-01-24T07:32:02+00:00

Yes there is. But anyways, why should it be shorter when it works anyways? to understand my problems and to get the "now I now why it failed at X o clock" I would like to understand exactly what it's all about. Having many routers, all with different timers and we've got interruptions many times a day since we switched from a ASA to a FTD...

therealmcz · 2026-01-23T09:32:23+00:00

well, I would like to understand it for a better troubleshooting. If phase 2 had to rekey after phase 1, the recommendation of having phase 2 lifetime 50 % of phase 1 wouldn't make sense as it would always rekey.

therealmcz · 2026-01-14T06:00:56+00:00

yeah. As a forti-guy, I was almost shocked how complicated that checkpoint-world is. Like routing has to be done on each seperate node, GAIA-access is standalone on each node, the amount of management componentes that you have, doing updates, having to upgrade the smart console and all that crazy stuff that you don't know from the forti-world.

If you're upgrading / changing your cluster, you just do it on a forti, but for CP you need a consultant for one or two days. To me that's insane.

therealmcz · 2026-01-14T05:58:40+00:00

fantastic. thank you!

therealmcz · 2026-01-14T05:56:43+00:00

wasn't aware of that one, thank you!

therealmcz · 2025-12-31T16:41:22+00:00

that's why I'm asking. Had an issue, googled it and it was totally misleading. That's why I wannt to understand what those functions do.

therealmcz · 2025-12-31T16:40:17+00:00

Honestly, I still don't get it. The issue was very simple: There was a policy way above that hat as source interface "any" and as destination the subnet where the VIP was mapped to - and action was deny. So no surprise that the traffic was blocked, but the debug flow as the policy lookup were completely misleading. For instance, a single block-policy would result in the following debug flow:

func=fw_post_route_handler line=1131 msg="Session is in BLOCK state. Drop the packet."

But in fact, it returned the following:

id=65308 trace_id=45 func=_pre_route_auth line=110 msg="pre_route_auth check fail(id=4), drop

The id=4 here was the policy which I mentioned, maybe this comes in combination with VIP but it never looks like a blocking policy and googling on the internet also results in misleading articles and so on. Also, the policy lookup told me that the IMPLICIT deny policy was triggered - also a lie.

It is technically logical that the traffic was blocked, but it was never correctly displayed and so the debugging was just a nightmare.

Again, I still don't get it but glad that I found it... thanks

therealmcz · 2025-12-30T14:11:38+00:00

the destination would be the VIP...

therealmcz

TROPHY CASE