Fortinet: Maximum Values Table
On this link.
Certutil -hashfile
<file> <hashAlg>
Edit ASDM launcher shortcut and change target to “C:\Windows\System32\wscript.exe invisible.vbs run.bat”
openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer>
Enter Import Password:
Error outputting keys and certificates
4087C8485B7F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:../crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
Try adding -legacy:
openssl pkcs12 -nokeys -clcerts -in <filename.p12> -out <filename.cer> -legacy
Tried to migrate ACS 5.8 to ISE 3.0 but I was getting following message: “The server selected protocol version TLS10 is not accepted by client preferences [TLS12]”.
Since TLS 1.0 is disabled by default I had to enable it in java control panel (Oracle java 1.8) and also edit file C:\Program Files (x86)\Java\jre1.8.<some_version>\lib\security\java.security, remove TLSv1 from option jdk.tls.disabledAlgorithms and finally restart the migration application.
You can do the same in linux environment for openjdk by editing /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security
Tnx to stackoverflow
ssh to device, and connect to fxos
FTD> connect fxos
FXOS# scope chassis 1
FXOS/ chassis# show chassis inventory expand
Create bash script:
#!/bin/bash
wget -q https://talosintelligence.com/documents/ip-blacklist
ipblack=( $(cut -d ';' -f2 ip-blacklist ) )
echo "conf t"
for ip in "${ipblack[@]}"
do
echo "name $ip TALOS_BLACKLIST_$ip"
done
echo "no object-group network TALOS_BLACKLIST"
echo "object-group network TALOS_BLACKLIST"
for ip in "${ipblack[@]}"
do
echo "network-object host $ip"
done
echo "!"
echo "exit"
Run it, copy-paste output to your ASA:
./talos-ipblacklist.sh > talos-blacklist.cfg