Nested group object not present on FortiGate when configured through FortiManager

I encountered a problem with a firewall blocking traffic even though it was supposed to let traffic through. This particular policy used nested object grouping (Main group > Sub-group > NetworkAdr-member). The odd thing was, it seemed to only affect one vDom. What was happening: The traffic did not match the configured policy and was […]

Upgrading a quad supt VSS-cluster 6807 with minimal network interruptions

Scope and disclaimer This blog post is primarily to explain and show the process of upgrading a Quad-sup 6807 VSS-cluster using the In Service Software Upgrade (ISSU) feature, also known as Enchanged Fast Software Upgrade(EFSU) in VSS terminology. The entire process is very painless as long as the cabling is done right. Requirements Dual homed […]

Site to Site VPN between FortiGate and Check Point – malformed payload

Just thought I’d drop a post on a compatability issue which caused a lot of hassle for us. Problem: Problems establishing site to site VPN between FortiGate 1500D and Check Point 1430 appliance with Gaia embedded. Error: Main Mode Sent Notification to Peer: payload malformed – possibly a mismatch in pre-shared keys Background: We were […]

Microsoft CA commands and cheat sheet

This post does not go into depth of anything really, but serves more as a post to list useful commands/settings in a PKI setup. If you got anything to add, feel free to leave a comment and I’ll add it to the list as soon as I can. Client commands certutil -pulse – Triggers auto-enrollment […]

How to list users connected to SSLVPN / mobile access blade

Whilst trying to find out who is connected to the Check Point Gateway using mobile access/SSLVPN I found a few neat commands that comes in handy. First and foremost; who is connected to the gateway using SSLVPN: listusers And also to stop, start and restart the mobile access services cvpnstop cvpnstart cvpnrestart The commands are […]

Web server template with private key export

Per default, the web server template in Microsoft CA does not allow exportation of the private key once installed onto a system. To enable this option you need to create a new WebServer template which allows just that. As we can see from the default WebServer template, the export Private Key is unticked which is […]