Tuesday, 27 March 2018

Cisco ISE CoA Posture 5417 & 11103 errors

I was getting the following errors with client Posture and CoA.

In the switch I was missing the server-key from radius author

aaa server radius dynamic-author
client 1.1.1.1 server-key secretkey
auth-type all
-
Labels: ,

Tuesday, 20 March 2018

Palo Alto firewall URL whitelist

Just wanted to included a reference for declaring URL keywords for Whitelisting / blocking URL's in PA firewalls

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/url-filtering/block-and-allow-lists
-
Labels: , ,

Thursday, 15 March 2018

SX20 not registering with CUCM

I had an SX20 not registering with CUCM, the error stated "reason=Failed to decrypt/verify signature of .."

The trick was to delete the security certificates of CUCM from SX20.

Go to Configuration -> Security -> CUCM and select "Delete CTL/ITL"

It would register in the next minutes, no need to restart.
-
Labels: ,

Friday, 9 March 2018

Fortinet SSL VPN Windows 10

Recently I had to connect to a remote VPN session using Fortinet SSL VPN.
I installed the simple SSL VPN via Microsoft store on Windows 10 and I run into an issue because the firewall was using an untrusted certificate.
There are no relative option to change in the settings of the client, so searching the Internet I found the following solution that worked:
When you declare your server name use the following URL,

https://<vpn.server.addresss>:443/realmname?ignore-certificate-errors=1


relative Fortinet forum thread:
https://forum.fortinet.com/tm.aspx?m=118768&mpage=3
-
Labels: , , ,
Subscribe to: Posts (Atom)