FortiGate web inspection issues - LetsEncrypt root cert expired Networking |
- FortiGate web inspection issues - LetsEncrypt root cert expired
- Is amazon having routing issues in my region? How do I contact amazons peering team?
- Setting EAP-TLS with freeRadius
- Dual VPN Routers?
- Searching for a new business class, simple-ish router
- Moving to a Senior Engineer role.
- Hyper-V Guest VLAN Connectivity Issue - Or lack there of
- Connecting three servers with QSFP+
- Ethernetp device similar to ont
- Is there a device/computer app that will let me get network information from any ethernet port
- Mesh wifi and network gear recommendation
- Not sure what's happening with my Dell PowerConnect 5548... help!
| FortiGate web inspection issues - LetsEncrypt root cert expired Posted: 01 Oct 2021 08:34 AM PDT FYI. We've been dealing with this for a day or two now. A root cert from LetsEncrypt expired and FortiGate is detecting this and blocking various sites that would otherwise be allowed. "Fortinet, Shopify and more report issues after root CA certificate from Lets Encrypt expires | ZDNet" https://www.zdnet.com/article/fortinet-shopify-others-report-issues-after-root-ca-certificate-from-lets-encrypt-expires/ The workarounds we've found and TAC has recommended are to enable "Allow untrusted certs" in the web filter profiles doing inspection, or you can set the rule itself to flow-based. [link] [comments]  |
| Is amazon having routing issues in my region? How do I contact amazons peering team? Posted: 01 Oct 2021 08:59 AM PDT My region: south east Europe. It worked nice until yesterday. We have direct peering with amazon in our DC and in an IX and it worked great until yesterday. Traffic going from us to AWS is going nicely where it should, trough our peering. However, all or most traffic goingn from AWS to us is going from Frankfurt to roundabout ways, several dosens of hops, to Romania, Bulgaria and then to us. Trough one of our uplinks, and it seems to pick the worst ones :) We have tried emailing amazon to peering-to@amazon.com but in 6 hours we got no response yet. Is there any other better way to contact their peering or network team? Rumor is that another local ISP has similar issues with Amazon right now. [link] [comments]  |
| Setting EAP-TLS with freeRadius Posted: 01 Oct 2021 05:54 AM PDT I have successfully setup a full functioning EAP-TLS authentication with free radius. But, am having trouble setup EAP-TLS authentication while integrating freeradius with a PKI system. For testing purposes I pasted PKI CA cert in (/etc/freeradius/3.0/certs) folder and updated eap file in mod-available. When I run the eapol-test it throws an error saying "unknown ca cert". Any idea how am I solve this? [link] [comments]  |
| Posted: 01 Oct 2021 11:26 AM PDT I have a bit of a situation. First the setup. I am part of a 3 part stores. We have a system that is mostly managed by the software supplier. I say mostly because the vender allows me to take care of many of the small support issues due to my basic knowledge, to the point that they have given me admin access to the server. Store 2 has the main equipment, server, static ip, generator exc. Store 1 and 3 connect to store 2 through VPN. There are a lot of other aspects with our server connecting to our main warehouse and so on so out inventory can be check by online shopper's. The problem. Our sales staff used to be able to connect to our store server when on the road using RDP. We had some attempted hacks bring our system to halt, so they disabled the RDP options for now. They are having a hard time finding newer secure routers to replace the ones we have that will work with everything. My sales staff is having a lot of problems not being able to connect. I have a spare static ip on the WAN I'm not using. Can I connect a second firewall to the network using to manage VPN's for my sales staff? That would eliminate the need to change the entire setup at all 3 locations. The router that is there currently is static. Any DHCP's that are handed out, are sent from the server. I just can't find much information about one LAN being connected to the WAN with 2 separate units, and not sure if this is possible. All the information I have found seam to relate to having to connections for splitting the bandwidth. In this situation I just want to have a way for my sales staff to connect. Thank you in advance for any help. I am also not very experienced with reddit yet, so if I am doing anything wrong with this post, please let me know so I can correct myself. Thanks, Partsjunky edit - added paragraphs to make reading easier. [link] [comments]  |
| Searching for a new business class, simple-ish router Posted: 01 Oct 2021 09:25 AM PDT I hope this is OK to post here. I'm looking for a business router that supports the following and does not have WiFi. Going for a smaller form factor, and will handle WiFi with APs. Needs to be able to support OpenVPN Needs to be able to support Port Forwarding with the ability to whitelist IPs and block all other traffic Needs to be able to disable the DHCP of the LAN ports The two routers I've been using are the Ubiquiti ERX and ERX-Lite3, however they are becomming much too difficult to acquire. I was looking at the TPLink ER605, however its a bit vague if you can whitelist IPs using its "Virtual Servers" for port forwarding. It doesn't appear so. There is also mention that you have to use their Cloud Management tools to setup OpenVPN. I'd like to be able to setup everything locally or with a config file. [link] [comments]  |
| Moving to a Senior Engineer role. Posted: 01 Oct 2021 12:39 PM PDT Hi all, As you might see in my previous posts, I have been stuck in a rut for a number of years and I am starting to believe I am not as good of an engineer as I think I am. I am very slow in regards to obtaining certifications (in the process of getting my AWS solutions architect associate for the last 6 months) and I am in a conglomerate where the most important thing I do is rack devices in the DC since I live nearby. Recently I have been looking around for a more senior role, but the questions I got asked make me want to cry afterwards. From questions that make me think "I read and knew about this 10 months ago" to "Why is this a network engineering question, this is more of a linux/developer one". I am thinking of getting a pay cut to join a smaller organization that does more work so I feel more productive and not hate my life that much. Unfortunately job satisfaction is important to me and I do not know how to do anything else, although I have tried having hobbies. I definitely do not want a career change because I cant live with minimum wage. The fact that I live in London, UK makes the whole job market a lot more competitive. Ideally I want a more hands on project role with the opportunity to learn stuff in a "normal" pace. By normal I mean a place where you can do your job and have a bit of a challenge unlike some small MSP that you are constantly firefighting, or a huge company where all you do is paste the config given to you by the architect team (what I am currently doing). My previous role was Technical Design Authority in a small company of 50, only to find out that the company was a scam to put it simply. Its like I was given the job and title from Michael Scott from "the Office" which means nothing since there were no designs to authorize. I tend to learn by doing instead of studying and this is why I have been struggling a lot. I like being pushed and having a mentor. Does that make me inadequate for a senior role? I am curious to know more about networks but it seems that I have missed the boat because everything is slowly moving to the cloud and more roles require automation/programmability which I am really bad at. Thanks for listening, I would appreciate any input. [link] [comments]  |
| Hyper-V Guest VLAN Connectivity Issue - Or lack there of Posted: 01 Oct 2021 03:58 PM PDT This is my first Hyper-V Guest that I have tried to run strictly in a VLAN. I"m trying to create a backup server to run off of my 10G Server / Storage switch. This is my Environment:
From the BareMetal T340 I can ping all IT assets, from the installed Hyper-V Guest I cannot ping anything including the Hyper-V Host This is what I have tried:
Why? 2 reasons - I don't want this backup on my main network for obvious RansomWare reasons and secondly we have about 120 TB of data and growing that needs to be backed up and it bogs the network down when the backups run. Help me Luke Skywalker, you are my only hope!! [link] [comments]  |
| Connecting three servers with QSFP+ Posted: 01 Oct 2021 01:32 PM PDT Hi! I have a chance to get three DL380 G9s, each with a HPE 544 dual-port QSFP+ FlexLOM adapter. The entire system should be a (probably Proxmox based) virtualization cluster with two main VM hosts (with all of the client VMs) and a third smaller "office"/"admin" VM host, and I'd like to use the 40Gbit links for replication inside the cluster. However, I'm not sure whether I also need two QSFP+ switches (i.e., server{1,2,3}-port1 on switch1, server{1,2,3}-port2 on switch2) or if I can manage to connect them into the cluster with a physical loop (i.e. server1-port1 <-> server2-port1, server2-port2 <-> server3-port1, server3-port2 <-> server1-port2) and use Linux's bridging and STP to achieve redundant links. It is ok if there are performance degradation in case of failures (e.g. if the cable between vmhost1 and vmhost2 fails, it is ok that the CPU on officehost can't handle 40Gbit in & out), but it would be great if it could utilize the 40Gbit links in the fully-functional case. This also raises the question, if the STP tree is global (i.e., all bridges use the same tree and ignore the same links) or local (i.e. vmhost1 uses its direct link to vmhost2, but falls back on the link via the officehost bridge).? Do you have any recommendations about the most cost-effective and power efficient way to connect the three hosts? Thanks! [link] [comments]  |
| Ethernetp device similar to ont Posted: 30 Sep 2021 07:55 PM PDT We are looking to find a device that would work similar to a fttx ont but do it on copper(ethernet). It would need to do dhcp snooping and relay for v4 and v6 adding option 82 in v4 and 18, 37, or 38 for v6. Ideally something like mikrotik's gpen21 would be perfect, however that doesn't have the v6 tagging capability we are looking for. Has anyone seen something that would do this? Thanks! [link] [comments]  |
| Is there a device/computer app that will let me get network information from any ethernet port Posted: 01 Oct 2021 08:10 AM PDT Hello everyone! I work in a few hospitals and I am constantly required to get IP information from various ports throughout the area. The problem is I currently have to put in a ticket with IT and wait 3-5 days for this to be resolved. IMO this is incredibly inefficient because it is something I can easily do within 5 minutes if I had all the proper tools. So I am wondering is there a way I can plug my laptop directly into that port to get the IP, Subnet, and Gateway address. If not an app, some sort of external device that plugs straight into the port. If it matters all the IP addresses in the hospital as static. [link] [comments]  |
| Mesh wifi and network gear recommendation Posted: 01 Oct 2021 10:08 AM PDT What would you recommend for an integrated mesh wifi setup and PeE network switch ? My requirements: Absolutely no "cloud" features (so ubiquiti is out), integrated AP config (logging onto the switch gives access to all AP configs), with ability to add and remove APs from a mesh, WPA2 and WPA3 support, the switch has to support VLANs, and would be real nice to have IGMP. The plan is to havw 4 APs in a mesh and 2 outside of the mesh, with 5 of them on one vlan and the lone one on another vlan with a separete SSID and password This network is for a large room with high ceilings, but the 2 un-meshed APs will be in normal-height rooms. [link] [comments]  |
| Not sure what's happening with my Dell PowerConnect 5548... help! Posted: 30 Sep 2021 06:22 PM PDT I am pulling my hair about this and it's making no sense. I have two Dell switches 1x PowerConnect 5548 and 1x PowerConnect 5524P. they are stacked using HDMI. When I plug in my HPE ML350 Gen9 port 1-4 (ILO seems fine) to any of the 5548 ports it always show it's down. However, when I plug it to the PowerConnect 5524 it lights up. Here is the twist to the story. I plug another device to same port from the ML350 it works just fine. ex. if I plug in to port g1/0/11 from the ML350 it stays off. Plug another device to the same g1/0/11 works just fine. Plug the ML350 to g2/0/14 works just fine. plug the ML350 to g1/0/28 same thing no lights, plug another device on g1/0/28 works fine. I don't have any ACL setup nor protection set... anything I might be missing or I need to check? It does this even if I unstack them. [link] [comments]  |
| You are subscribed to email updates from Enterprise Networking Design, Support, and Discussion. To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States | |
No comments:
Post a Comment