Using TFTPD32 to Backup Switch / Router Configuration.

As a network administrator, one of the requirements in my job scope is to have regular backup for the switches and routers in our network. But sometimes, there are several “legacy” router / switches that we still use until this day. If we want to back up the configuration, it become more troublesome as we are unable to save their using existing method (‘copy the configuration and paste it on notepad). So, one of the ways to do this is by using TFTP server and it’s very easy.

 In this guide, I will be using 3com 3226 switch as our references and configure my own laptop as the TFTP server.

Requirement

TFTPD32 – You can download here in this Link: tftpd32.jounin.net

3Com 3226 switch

Laptop

Network connection to your Switch

Procedure

Step 1: Install the TFTPD32 by installer. The installation itself is self-explanatory. So I don’t think you will have problem with that.

Don’t forget to allow firewall acces for your TFTP server in Windows Security

Step 2: Get your Laptop IP. 

Step 3: Go to your router. And find the correct syntax to download configuration file. For example, in the 3com S3226: go to system > backupConfig > save

Here you need to define the IP server of the TFTP. In our case, we need to put our laptop IP. Also do not forget to name the file that need to be save.

Step 4: Open up your TFTPD32 folder. You will see the configuration that has been save there. Verify the configuration by open it to your favorite editor such as notepad.

And you have done! Hope this will help whoever stumbles upon the same problem.

Configure Firewall Policy in Microsoft (Internal Security and Acceleration Server) ISA 2006

Microsoft ISA 2006 is the old release for the current product of Microsoft TMG or known as Forefront Threat Management Gateway. Although this product have been discontinued and has been replaced by Microsoft TMG 2010 (also has been discontinued, but the support still available until 2015) there might be some of the users that still using this server. For the sake for those people as well as for our general information, below are the basic steps to deny access into particular website. In this article we are using Youtube as example.

Step 1: Open ISA server management. A menu like below should be shown.

 

Step 2: Click on the Arrays > YourServerHostname > Firewall Policy. A list of rule will be shown here. You can verify what policy rule that has been created.

 

Step 3: Right click on the Firewall Policy menu on your left. Choose New > Access Rule to start creating new rule in our firewall policy arrays.

 

Step 4: A pop up box wizards will be shown. Give any name to the access rule name that we want to create.

 

  

Step 5: Select which rule action to continue. Click Next to continue.

Step 6: Select which protocol that rule will apply to. You can choose between All Outbound Traffic, Selected Protocol (which you define your own set of protocol) and All Outbound except Selected. For this guide we choose All Outbound traffic. Click Next to continue.

Step 7: Select Access Rule Sources. You need to add manually from the list of entities given. If the sources are not in the list, you can create new entities in the box given. We choose internal and local host connections. Click Next to continue.

Step 8: Select Access Rule Destinations. Add the destination address base on your requirement. Choose from several lists of entities given. If there are not given, you can create new list. Create youtube connections and click next to continue.

Step 9: Selects user sets from the list for the rule to apply to. Choose the list from box given. If not, you can create new user. For now, we choose All Users and click next to continue.

Step 10: After that a confirmation box will show. Click Finish to proceed.

Step 11: Before any changes can take any effect, you need to click Apply at the top of the page.

Step 12: Write down the description on the box given. It is useful for your future references. Click Apply to finish.

And that’s it. Your new rule should be up and ready!

**Please make sure that before these policy can take changes, you must enable proxy settings to automatically use the ISA server configuration in each your clients PC’s internet browser. 

Step by step Opening Port in Fortigate 200A

If you are network administrator, there are times when we need to open some port in our firewall to allows people accessing our website .CMS website such as Joomla or Drupal have certain port that need to be open (depending on the service that they use) before users can access it from external network. For this guide I am using FortiGate 200A as our example.

Step 1: Provide port details and related detail.
Make sure we have sufficient information before we can proceed to next step. Below is the example of information we need to prepare to open the website port.

Name: YourWebSiteName
Public IP: 122.129.x.x
Web Server IP: 10.8.1.33
Service Port that need to be open: 8080

Step 2: Create new Virtual IP with the designated port.
After you have collected all information that you need, then you can start configuring in firewall.
1. Go to Firewall Objects > Virtual IP  > Virtual IP
2. Click Create New at the upper page.
3. Fill Up the information such as below :


Name: INTRANET-MYOBE                  --> your website name
External Interface: External     --> your ext interface which connected to your firewall
Type: Static NAT
Source address Filter: Disabled
External IP address/Range: 122.129.x.x-122.129.x.x --> public ip of website
Mapped IP address/Range: 10.8.1.33-10.8.1.33 --> webserver IP add
Port Forwarding: Enabled
Protocol: TCP
External Service Port: 8080-8080  --> the port that need to be open
Map to Port: 8080-8080 --> same as above

4. Click OK for changes to take effects.

Step 3: Verify configuration.
1. Try accessing the website URL from external network. The website should be accessible by now.

Guide to allowing access from certain IP to external Network in FortiGate 200A.

In FortiGate firewall you can exclude certain IP to access without any thing to block or giving them priority of certain speed/ bandwidth of internet. Usually we need this for VIP users or giving stable connection for VOIP devices. We can manage this setting by certain IP address, subnet, etc...

**Note of reminder: If you network are using proxy server, you must disable proxy setting in the web browser in client PC before they can start browsing without any interruption.

Step 1: Provide IP for PC’S. Get related information and details.

As usual, before we can configure the IP address in firewall, we need to make sure that we have the appropriate details before we can proceed to next step.

Address IP: 10.8.18.20

Subnet Mask: 255.255.255.0/24

IP Default Gateway: 10.8.1.1

Primary DNS servers: 10.8.1.21

Secondary DNS servers: 10.8.1.31

Step 2: Add user IP address in Firewall Objects.

After getting all the details that you need, you can start adding these IP in firewall.

1. Go to Firewall Objects > Address > Address
2.  Click Create New
3.  After that there will be page like below. Fill up the information given appropriate to your settings.

Address Name: PC-test

Type: Subnet/IP Range

Subnet /IP Range: 10.8.18.20/255.255.255.0

Interface: Any

    4.     Click OK for the changes to take effect.

Step 3: Create bypass group in Firewall Objects. (Optional)

If you have creating multiple users for the same purposes, you can ease up the management of those IP by putting it together into single group.

    1.      Go to Firewall Objects > Address >  Group

    2.      Click Create New at the above page.

    3.      Fill up the information given appropriate to your settings.

    4.      Click OK for the changes to take effects.

Step 4:  Add information in Firewall Policy.

    1.      Go to Policy > Policy.

    2.      Click Create New on the upper of the page.

    3.      A new page with several details will be display. You need to fill in details like example below.

    Source Interface/Zone: Internal interface

    Source Address: pc-test

    Destination Interfaces/Zone: External interface

    Destination Address: All

    Schedule: Always

    Service: Any

    Action: Accept

    Log Allowed Traffic: Enable

    Enable NAT: Enable. Use Destination Interface Address

    UTM: Enable. (If you have purchase activation key for UTM service, choose your UTM service that                                     
   you’ve desired.)    

    4.      Click OK before any changes can take effects.

Step 5: Create static IP in Client PC. (Optional)

If you have DHCP server in your network and each user are bind with their own IP, you do not need to configure static IP for these users. If not, you need to manually configure static IP in their PC’s.

     1.      Go to Control Panel > Network and Sharing Center

     2.      Click Change Adapter Settings.

     3.      Change properties of connected adapter. Make sure you have entered the right configuration.

     4.      Click OK for changes to take effect.

Step 6: Verify the network connections.

You set up is done. You can check the internet speed and others sort things you have set in the firewall in those client PC’s.

A New Beginning

Hi and Good Day!!

This site contain my personal collection of article and example that had been used from my experience. 
It acts as my own place holder for guidance/references and therefore I will not hold any responsibilities if anything wrong happen when you are following this article.
Hopefully some of these knowledge can help anyone out there somewhat or somehow.
Cheers.