sábado, 10 de janeiro de 2015

FORTIGATE - AUTENTICAÇÃO "NOT VERIFIED"

FSSO funcionando normalmente.

 FORTIGATE # diagnose debug authd fsso list
----FSSO logons----
IP: 10.0.0.2  User: SPOK  Groups: CN=CONSULTANT,OU=GRUPO,OU=BILOLA,DC=MONSTRA,DC=LOCAL+CN=ACCESS_FULL,OU=GRUPO,OU=KURUMIN,DC=MONSTRA,DC=LOCAL  Workstation: KABLAU MemberOf: ACCESS FULL CONSULTORIA
Total number of logons listed: 1, filtered: 0

----end of FSSO logons----


 Porém ao acessar o Agente você nota está está recebendo a mensagem de "Not Verified" para estação.





Habilite o serviço Registro Remoto em Services.








Acesse o Registro do Windows HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ SecurePipeServers\winreg

 Adicione o Serviço Local e coloque permissão de Leitura, caso ele já esteja configurado e o Not Verified ainda constar no agente, modifique a permissão pra Controle Total.


Postado por às 4 comentários:

FORTIGATE - COMANDOS ÚTEIS

Verificar o consumo de CPU
FORTIGATE# get system performance top
Run Time:  2 days, 4 hours and 44 minutes
2U, 2S, 96I; 1843T, 1415F, 153KF
           authd       74      S       8.6     0.9
          newcli     3364      R       2.8     0.7
       ipsengine     3182      S <     0.0     4.1
         pyfcgid     3319      S       0.0     1.5
         pyfcgid     3318      S       0.0     1.5
     proxyworker       56      S       0.0     1.4
          httpsd      114      S       0.0     1.4
          httpsd      117      S       0.0     1.2
         pyfcgid     3316      S       0.0     1.2
         pyfcgid     3317      S       0.0     1.1
         cmdbsvr       36      S       0.0     1.1
         miglogd       42      S       0.0     1.1
          httpsd       44      S       0.0     0.8
          httpsd      113      S       0.0     0.8
            iked       78      S       0.0     0.8
          newcli     3350      S       0.0     0.7
           fgfmd      100      S       0.0     0.7
         src-vis       84      S       0.0     0.7
          fcnacd       75      S       0.0     0.7
          cw_acd      101      S       0.0     0.6


Verificação de Tráfego
FORTIGATE# get system performance firewall statistics
getting traffic statistics...
Browsing: 10014170 packets, 7688174225 bytes
DNS: 228686 packets, 22137858 bytes
E-Mail: 2657460 packets, 1255411117 bytes
FTP: 0 packets, 0 bytes
Gaming: 0 packets, 0 bytes
IM: 0 packets, 0 bytes
Newsgroups: 0 packets, 0 bytes
P2P: 0 packets, 0 bytes
Streaming: 0 packets, 0 bytes
TFTP: 0 packets, 0 bytes
VoIP: 0 packets, 0 bytes
Generic TCP: 20329044 packets, 13913188326 bytes
Generic UDP: 444630 packets, 127355536 bytes
Generic ICMP: 379816 packets, 25450000 bytes
Generic IP: 161589 packets, 5231988 bytes

Verificação de Status 
FORTIGATE# get system status
Version: XX
Virus-DB: 23.00580
Extended DB: 22.00839
IPS-DB: 5.00593
IPS-ETDB: 0.00000
Serial-Number: FORTIGATE
Botnet DB: x.xxxx
BIOS version: 04000023
System Part-Number: xxxx-xx
Log hard disk: Available
Internal Switch mode: switch
Hostname: ADONAI
Operation Mode: NAT
Current virtual domain: root
Max number of virtual domains: XX
Virtual domains status: 1 in NAT mode, 0 in TP mode
Virtual domain configuration: disable
FIPS-CC mode: disable
Current HA mode: standalone
Branch point: 271
Release Version Information: GA
System time: XX

Verificar a configuração das interfaces físicas 
FORTIGATE # get system interface physical
== [onboard]
        ==[dmz]
                mode: dhcp
                ip: 192.168.25.103 255.255.255.0
                ipv6: ::/0
                status: up
                speed: 1000Mbps (Duplex: full)
        ==[internal]
                mode: static
                ip: 10.0.0.254 255.0.0.0
                ipv6: ::/0
                status: up
                speed: 1000Mbps (Duplex: full)
        ==[wan1]
                mode: pppoe
                ip: 179.15.44.83 255.255.255.255
                ipv6: ::/0
                status: up
                speed: 1000Mbps (Duplex: full)
        ==[wan2]
                mode: dhcp
                ip: 211.1.11.7 255.255.254.0
                ipv6: ::/0
                status: up
                speed: 1000Mbps (Duplex: full)
        ==[modem]
                mode: pppoe
                ip: 0.0.0.0 0.0.0.0
                ipv6: ::/0
                status: down
                speed: n/a
Checar a tabela ARP
FORTIGATE# get system arp
Address           Age(min)   Hardware Addr      Interface
200.000.00.00     92         00:01:5c:71:84:46 wan2
10.0.0.11         0          00:25:11:b4:92:54 internal
10.0.0.14         0          c8:9c:dc:c7:a9:4d internal
10.0.0.20         0          18:a9:9b:fb:db:8d internal
10.0.0.21         0          e0:69:95:20:d4:d2 internal
10.0.0.29         0          10:78:d2:ba:dd:8e internal
10.0.0.32         0          00:24:8c:a2:b6:59 internal
10.0.0.38         9          00:01:01:01:33:34 internal
10.0.0.39         0          00:25:22:4f:c9:31 internal
10.0.0.41         0          00:14:2a:7e:99:a4 internal
10.0.0.51         0          00:1e:c9:1b:0f:12 internal
10.0.0.52         0          d8:9d:67:e2:52:db internal
10.0.0.58         11         00:15:5d:28:89:02 internal
10.0.0.79         0          bc:5f:f4:cb:ed:50 internal
10.0.0.96         0          c8:9c:dc:0d:8f:83 internal
10.0.0.104        13         00:1f:e2:33:fb:5f internal
10.0.0.117        0          00:25:22:3a:12:bd internal
10.0.0.118        0          44:87:fc:b1:d3:d1 internal
10.0.0.119        0          00:26:18:96:5c:f6 internal
10.0.0.121        0          c8:9c:dc:ce:bf:59 internal
10.0.0.122        0          c8:9c:dc:ce:bf:1a internal
10.0.0.135        0          e0:69:95:20:d9:6c internal
10.0.0.155        0          a4:ba:db:04:87:50 internal
10.0.0.166        1          00:1f:e2:32:a4:17 internal
10.0.0.176        1          00:15:5d:28:89:01 internal
10.0.0.192        0          bc:ee:7b:21:ef:5b internal
10.0.0.199        0          78:45:c4:ff:bf:ac internal
10.0.0.250        2          90:02:a9:b5:3f:33 internal
192.168.25.1      0          68:15:90:fc:66:16 dmz
Checar a tabela de roteamento
FORTIGATE# get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default
S*      0.0.0.0/0 [1/0] via 187.100.231.2, ppp1
C       10.0.0.0/8 is directly connected, internal
C       169.254.1.1/32 is directly connected, PPTPVPN_0
                       is directly connected, PPTPVPN_0
C       XXX.XXX.XXX.XXX/32 is directly connected, ppp1
C        XXX.XXX.XXX.XXX/32 is directly connected, ppp1
S       192.168.2.1/32 [1/0] is directly connected, PPTPVPN_0
C       192.168.25.0/24 is directly connected, dmz
C       XXX.XXX.XXX.XXX/23 is directly connected, wan2
x
Postado por às 14 comentários:
Assinar: Postagens (Atom)