FortiClient can’t connect over dail-up VPN to remote site

After upgrading from 5.2.x or 5.4.x to 5.6.2 it is possible that FortiClient VPN connected clients can not access a remote site over VPN anymore from the FortiGate that they are connecting to.
The local LAN is accessible, but the remote LAN is not.

It seems there is a routing issue in the 5.6.2 OS. If you do

# execute traceroute <ip-address>

you will see the first IP adres beeing an IP address that is not defined in the Dail-up FortiGate.

You must add a static route at the remote site with the IP range of the IPsec client IP adresses.

With

# diagnose sniffer packet <interface> 'host <ip adress>'

you must see a ping request and reply on both the source FortiGate and the remote FortiGate.

Formatting Failure (Error Code:107) – CH3MNAS

After multiple moves of the NAS, one drive failed. So my Raid 1 was gong.

Ordering a new disk and replacing the faulty one, gave me:

Formatting Failure (Error Code:107) (Restart)

I have fun_plug installed, so was able to ssh into the linux kernal of the disk.

root@CH3MNAS:~# mdadm --detail /dev/md0
/dev/md0:
 Version : 00.90.03
 Creation Time : Sat Jul 1 21:41:07 2017
 Raid Level : raid1
 Array Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Device Size : 1951407424 (1861.01 GiB 1998.24 GB)
 Raid Devices : 2
 Total Devices : 1
Preferred Minor : 0
 Persistence : Superblock is persistent

Update Time : Fri Aug 11 13:46:28 2017
 State : clean, degraded
 Active Devices : 1
Working Devices : 1
 Failed Devices : 0
 Spare Devices : 0

UUID : deca97b0:e9d03d89:02b4d16e:e91b5409
 Events : 0.126622

Number Major Minor RaidDevice State
 0 8 2 0 active sync /dev/sda2
 1 0 0 1 removed

Adding The New Hard Disk:

root@CH3MNAS:~# sfdisk -d /dev/sda | sfdisk /dev/sdb

root@CH3MNAS:~# mdadm –manage /dev/md0 –add /dev/sdb2

root@CH3MNAS:~# cat /proc/mdstat

root@CH3MNAS:~# cat /proc/mdstat
Personalities : [linear] [raid0] [raid1]
md0 : active raid1 sdb2[2] sda2[0]
 1951407424 blocks [2/1] [U_]
 [>....................] recovery = 2.5% (49485376/1951407424) finish=263.8min speed=120113K/sec

Looking MUTCH better..

Stop DHCP INFORM flooding

Background

Windows 7 among others ask for proxy settings using DHCP. The issue is that they do not stop asking until they have received an answer. This results in that the log contains a lot information about these requests, an example can be found below.

2017:07:30-00:12:03 firewall-1 dhcpd: DHCPINFORM from 192.168.188.213 via eth3
2017:07:30-00:12:03 firewall-1 dhcpd: DHCPACK to 192.168.188.213 (00:50:56:ab:38:53) via eth3

2017:07:30-00:14:03 firewall-1 dhcpd: DHCPACK to 192.168.188.213 (00:50:56:ab:38:53) via eth3
2017:07:30-00:14:03 firewall-1 dhcpd: DHCPINFORM from 192.168.188.213 via eth4

Add the following option to the DHCP server:

dhcp-option=252,"\n"

Installing VMware Tools in a Linux VM

Go to Virtual Machine > Install VMware Tools (or VM > Install VMware Tools).

sudo mkdir /mnt/cdrom
sudo mount /dev/cdrom /mnt/cdrom or sudo mount /dev/sr0 /mnt/cdrom
tar xzvf /mnt/cdrom/VMwareTools-x.x.x-xxxx.tar.gz -C /tmp/
cd /tmp/vmware-tools-distrib/
sudo ./vmware-install.pl -d

sudo reboot

vSphere Client Console Does Not Display Full Screen

While opening a console for any virtual machine from one particular workstation, the console display is not sized correctly.

To resolve this, you will have to disable Display Scaling.

  1. Right click the vSphere Client icon and select Properties
  2. Click Compatibility
  3. Check box, “Disable display scaling on high DPI Settings”.
  4. Apply the settings
  5. Reload the vSphere Client.

The console session should populate the full screen.

Initial setup FortiGate VM

config system interface
  edit port1
    set ip 192.168.0.100 255.255.255.0
    append allowaccess http
end

config router static 
  edit 1 
    set device port1 
    set gateway
end

HPE 3PAR Change DNS Settings

Check Existing 3PAR DNS Settings:

3PAR01 cli% shownet
IP Address         Netmask/PrefixLen   Nodes   Active   Speed   Duplex   AutoNeg     Status
172.28.22.115    255.255.255.0              01         1      100        Full           Yes    Active

Default route : 172.28.22.254
NTP server : 172.27.40.254
DNS server : 172.27.20.3 172.27.20.2

Add DNS Server:

3PAR01 cli% setnet dns -add 10.144.175.37
DNS server successfully updated.

Remove DNS Server

3PAR01 cli% setnet dns -remove 10.135.5.1
DNS server successfully updated.

SSMC Admin password lost / recover

Also mentioned in the SSMC Administrator’s Guide:

 

If you forget the Administrator credentials, clear the password by executing the script ClearAdminCredential.bat located in the SSMC\ssmcbase folder.

C:\Program Files\Hewlett-Packard\SSMC\ssmcbase

Run the script from an administrator command prompt window.

VEEAM issues after installing KB4015553

Following error can occure:

“An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full”

Please remove KB4015553 from the Windows Updates. (reboot needed)

Fortigate get Update Status via CLI

To get the update from a FortiGate via the CLI:

get sys perf stat