Latest posts

FortiGate Hair-pinning

I have been playing around with Policy mode on the FortiGate and an issue that I’ve ran into a few times is if you have something hosted internally that also needs to be accessed externally it doesn’t work internally when you use the external address, for example a reverse proxy.

In my setup I use a reverse proxy in front of my WordPress Docker containers. Due to this they are running on random ports. When I need to access them I need to use the external address not the LAN address. A half workaround that I was doing, was using CloudFlare proxied mode which did work but I wanted to fix it without needing to do that.

FortiGate Deny Logs

Something that’s annoyed me with FortiGates is that viewing the deny logs isn’t super straight forward. Part of the issue is the fact that Fortinet disables the deny log by default and if you don’t know where to look for it you might not figure it out by clicking around.

Fortinet says that they have the deny logs off by default to optimize the usage of logging space. I however want to see as much info as possible when possible, especially when troubleshooting.

Thankfully turning it on is easy, here’s how to do it and view it.

Script to make Scripts

It finally happened, I actually needed to make a script to write scripts. There’s been a few times where I needed to write multiple scripts that are basically the same minus a few variables and in the past I’ve just done this manually. An example of this is a BitDefender Gravity Zone install script, I have a basic PowerShell script that I use and the only items I need to change are the Gravity Zone ID and the company name.

However all of the scripts broke because the URL to get the BitDefender MSI changed and the MSI used to be in a ZIP file. Now all the PowerShell scripts are trying to download from a dead URL and are written to handle an MSI in a ZIP file.

geoSCOUT 8.17 Launcher Upgrade

With the release of geoSCOUT version 8.17 geoLOGIC upgraded the geoSCOUT launcher but only included an upgrade file that needs to be ran as admin on each system and under each user account. Which is annoying in company setups where users don’t have local admin.

Technically speaking geoSCOUT still works even if you don’t run the geoSCOUT 8.17 launcher upgrade, the users just don’t get some of the new features and that’s not fun.