Fortinet: Maximum Values Table
On this link.
Windows powershell – calculate hash
Certutil -hashfile <file> <hashAlg>
ASDM not working in Windows 10 – “this app can’t run on your PC”
Edit ASDM launcher shortcut and change target to “C:\Windows\System32\wscript.exe invisible.vbs run.bat”
OpenSSL error while converting .p12 to .cer
openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer>
Enter Import Password:
Error outputting keys and certificates
4087C8485B7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Try adding -legacy:
openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer> -legacy
FMC deploy stucked/cannot login to FMC?
- ssh to FMC, expert, sudo su
- /etc/rc.d/init.d/console restart
- OmniQuery.pl -db mdb -e “select status,category,hex(uuid),body from notification;” | grep “\ 7\ “
- OmniQuery.pl -db mdb -e ‘delete from notification where uuid=unhex(“HEX-NUMBER-FROM-OUTPUT”);’
- OmniQuery.pl -db mdb -e “select status,category,hex(uuid),body from notification;” | grep “\ 7\ “
ACS 5.8 to ISE 3.0 migration: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
Tried to migrate ACS 5.8 to ISE 3.0 but I was getting following message: “The server selected protocol version TLS10 is not accepted by client preferences [TLS12]”.
Since TLS 1.0 is disabled by default I had to enable it in java control panel (Oracle java 1.8) and also edit file C:\Program Files (x86)\Java\jre1.8.<some_version>\lib\security\java.security, remove TLSv1 from option jdk.tls.disabledAlgorithms and finally restart the migration application.
You can do the same in linux environment for openjdk by editing /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security
Tnx to stackoverflow
Firepower 2100 Serial number
ssh to device, and connect to fxos
FTD> connect fxos
FXOS# scope chassis 1
FXOS/ chassis# show chassis inventory expand
Use Talos IP Blacklist on your ASA
Create bash script:
#!/bin/bash
wget -q https://talosintelligence.com/documents/ip-blacklist
ipblack=( $(cut -d ';' -f2 ip-blacklist ) )
echo "conf t"
for ip in "${ipblack[@]}"
do
echo "name $ip TALOS_BLACKLIST_$ip"
done
echo "no object-group network TALOS_BLACKLIST"
echo "object-group network TALOS_BLACKLIST"
for ip in "${ipblack[@]}"
do
echo "network-object host $ip"
done
echo "!"
echo "exit"Run it, copy-paste output to your ASA:
./talos-ipblacklist.sh > talos-blacklist.cfg