FortiGate Hair-pinning

FortiGate Hair-pinning

I have been playing around with Policy mode on the FortiGate and an issue that I’ve ran into a few times is if you have something hosted internally that also needs to be accessed externally it doesn’t work internally when you use the external address, for example a reverse proxy.

In my setup I use a reverse proxy in front of my WordPress Docker containers. Due to this they are running on random ports. When I need to access them I need to use the external address not the LAN address. A half workaround that I was doing, was using CloudFlare proxied mode which did work but I wanted to fix it without needing to do that.

Read More Read More

FortiGate Deny Logs

FortiGate Deny Logs

Something that’s annoyed me with FortiGates is that viewing the deny logs isn’t super straight forward. Part of the issue is the fact that Fortinet disables the deny log by default and if you don’t know where to look for it you might not figure it out by clicking around.

Fortinet says that they have the deny logs off by default to optimize the usage of logging space. I however want to see as much info as possible when possible, especially when troubleshooting.

Thankfully turning it on is easy, here’s how to do it and view it.

Read More Read More

Script to make Scripts

Script to make Scripts

It finally happened, I actually needed to make a script to write scripts. There’s been a few times where I needed to write multiple scripts that are basically the same minus a few variables and in the past I’ve just done this manually. An example of this is a BitDefender Gravity Zone install script, I have a basic PowerShell script that I use and the only items I need to change are the Gravity Zone ID and the company name.

However all of the scripts broke because the URL to get the BitDefender MSI changed and the MSI used to be in a ZIP file. Now all the PowerShell scripts are trying to download from a dead URL and are written to handle an MSI in a ZIP file.

Read More Read More

VMware Copy Paste Enabler

VMware Copy Paste Enabler

Something that has annoyed me with VMware when compared to Hyper-V is the fact that Hyper-V lets you paste into the VM console. By default VMware has that disabled but you can manually enable it. Doing that is kind of slow so I wrote a script with PowerCLI to enable copy paste on a VM.

Read More Read More

geoSCOUT 8.17 Launcher Upgrade

geoSCOUT 8.17 Launcher Upgrade

With the release of geoSCOUT version 8.17 geoLOGIC upgraded the geoSCOUT launcher but only included an upgrade file that needs to be ran as admin on each system and under each user account. Which is annoying in company setups where users don’t have local admin.

Technically speaking geoSCOUT still works even if you don’t run the geoSCOUT 8.17 launcher upgrade, the users just don’t get some of the new features and that’s not fun.

One of the changes geoLOGIC made with geoSCOUT 8.17 is the shortcuts. In the past the shortcuts would be set to start in the user’s documents folder but now they are set to start in program files.

Typically a program needs to run as admin when it is changing things beyond what a normal user account can change like system settings or files. With the 8.17 geoSCOUT launcher it is updating the geoSCOUT exe in program files and updating the system wide start menu shortcut with the updated start in info.

Read More Read More

Windows Admin Center SSO

Windows Admin Center SSO

If you’ve installed Windows Admin Center (WAC) on a domain joined server and you connect to another domain joined system you’ll see a message similar to this.

Having to login multiple times is annoying so here’s how to make the Single Sign On work with WAC using Kerberos constrained delegation.

Read More Read More

Hide Installed Programs

Hide Installed Programs

Have you ever wanted to be sneaky and hide a program that’s installed on your computer from Programs and Features and the Apps & features list? Well search no more, I have all the answers you seek. It’s shockingly simple.

Proper programs will list their uninstall info directly in the registry all we have to do is tweak that slightly.

If the program is 64 bit it will show up in the registry in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and it will have a key for it’s program sometimes listed by its program ID or the actual program. You may need to search for the application you want to hide.

If the program is 32 bit it will show up in the registry in HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall just like 64 bit it will have a key for the program.

The process is the exact same for 32 bit or 64 bit programs.

Read More Read More

Default Gateway Layer 3

Default Gateway Layer 3

I’ve been playing with a Brocade ICX 6650 in router mode and got hung up on making the second VLAN on another Virtual Ethernet talk to the internet. I’m posting this so I don’t forget how to do it later on lol.

Your default VLAN of 1 is on Virtual Ethernet 1 and because that’s likely going to be on your regular network you likely won’t run into this issue. However when you make a second VLAN and you want things on that VLAN to be able to talk to the internet well the missing piece is an IP route for the default gateway so it knows how to get to the internet.

My setup looked like this

Nothing on VE 70 could talk to the internet.

Read More Read More

ESXi Manual Update

ESXi Manual Update

You can upgrade your ESXi very easily with vCenter but if you don’t have that well then here is how you can do it manually.

With VMware the depot files contain the VIBs and image profiles (basically everything you need). You can read more about it here.

  • Upload the offline bundle into a datastore (make a note of the full filename)
  • Depending on your setup either migrate the VMs or turn them off

Read More Read More

ESXi Config Backup

ESXi Config Backup

Backups are a good thing to have. While it can be super quick and easy to rebuild your ESXi config sometimes that is not always the case. It’s a good idea to have a backup just in case. Here’s how to do it.

  • Enable SSH by right clicking on the host and selecting Services > Enable Secure Shell
  • Login with SSH
  • Enter the following commands
vim-cmd hostsvc/firmware/sync_config
vim-cmd hostsvc/firmware/backup_config

Read More Read More