Create site-to-site VPN with FortiGate to Microsoft Azure

I know, it is an unsupported configuration to create a site-to-site VPN to Microsoft Azure with a FortiGate firewall. But a FortiGate device is what i have and only to run some test’s I don’t want to buy some of this expensive supported firewalls.

I tried a lot of configurations, but nothings seams to run with Azure and my Fortigate firewall. So this week, I started a new try with this problem and after a few test’s I was successfully.

First I detected, that there is a new Option in Windows Azure, I never saw before: Dynamic Routing GateWay. After trying the old option Static Routing Gateway, I tried the new one and was successfully. The differences between dynamic and static routing gateways are described here. read more

auto-update Antivirus Essential for Synology NAS behind proxy

Since DSM 4.1 you can configure proxy service at the Control Panel – Network:

but if you have installed the AntiVirus Essential package, it wouldn’t use this settings to update it’s virus definitions and will fail:

To configure autoupdate for the virus definitions behind a proxy server, you need to configure some settings manualy:

activate ssh on your NAS:

connect to your NAS by SSH and login as root (not as admin!)

create a new script:

change vi to the insert mode by press key i, then insert this lines: read more

network calculations in Excel 2010

i need often to calculate network addresses, subnet-masks/bits, Hosts and more. For this i wrote this script Network.bas, which you can implement in your Excel file or your Default template book.xltm:

i implemented this functions:

  • NetworkCalculate
    • Add or subract from an IP-Address:
add second default route to Synology NAS

Shortly i need to connect a Synology NAS to two separated networks. At default you can only define one Gateway for your Synology NAS. To define a second route, do this steps:

Activate SSH access to your Synology NAS:

configure first LAN interface:

configure second LAN interface:

configure default gateway:

Connect to NAS by ssh and configure the second route:

after configuring this, you can disable ssh access again.

Did you ever wonder, how to backup your cisco configuration on a regular base? Earlier you need a tool which made the backups for you.

Since IOS version 12.2(25)S cisco has integrated the archive command, which can backup the IOS configuration based on time or an event:

in this example, the config is archived whenever you write your running config to the startup config and additionaly on a weekly (10080 minutes) interval.

note: if you like to write your backups in a subfolder for each switch, you have to create the subfolder on your server. read more

In the last time i have a lot to do with creating and testing SNMP monitors in our monitoring system. Rather than being surprised when a SNMP monitor doesn’t work correctly, i would like to test my newly created monitors against a SNMP simulation tool.

So i was looking for an SNMP simulating tool. But the only ones i could found, are to expensive for me or not useable.

Cause of this, i started to develope my own SNMP simulation tool running on Windows system.

The currently planed features are: read more

Create a calculated SNMP Rule in SCOM

Sometimes you need a SCOM Rule which was calculated from one or more SNMP values. Maybe the values have to be calculated, cause the value is in an unhandy format or unit. In this example i will create a Rule and a Performance View to show the autonomny time for an APC UPS. The originaly readed value is in 1/100 seconds, but i want it to show in minutes.

Creating the Rule

Insert this Code to the field Script:

As you see, you have to define the SNMP OID in the script. After this you can calculate with the returned value. To get the devices ip address and communitystring, you have to define this parameters, which could be readed by the script with Wscript.Arguments: read more

Add third-party SSL-Certificate to Cisco WLC's web authentication page

If you create a guest network with a Cisco Wireless Lan Controller, you will like to create and import a third-party SSL-Certificate for the Web Auth page. If you don’t add a third-party SSL certificate, your guest users will receive an error-message, that the WLC’s selfsigned certificate isn’t valid. Cause i searched long time around, how to setup a third-party SSL certificate and it seems not to be the easiest thing, i wrote a Step-by-Step guide for integrating SSL-certificate to a Cisco WLC 5508 with Version 7.0.98.


To create and import a third-party SSL-certificate you will need:

  • an WLC 5508 with IOS Version 7.0.98 (i didn’t test it with other WLC’s or other versions, but maybee it will run the same way)
  • an external Certificate Authority (CA). in this document i will use www.startssl.org, which offers free Class 1 certificates.
  • a separated VLAN for the guest network with a DNS- and a DHCP-server.
  • OpenSSL 0.9.8h for Windows
  • a TFTP-server software (i use TFTP32)
  • read more

    Did you ever need to know, to wich network switch a computer is connected? When you are a system administrator in a large company with tousends of users, this can be difficult. But when you use SCCM for OS or Software deployment, you have a good inventory tool integreated. Unfortunately SCCM by default only collect datas which the client operating system knows. Your Windows computers doesn’t known to which switch or port they are connected, but if you have Cisco switches the computers would be able to collect this information. Fact is that switches from Cisco are spreading all 60 seconds a lot of information about them to the connected ports (you can disable this, but by default it’s enabled). So you need only a tool to gather this information an write it to the SCCM. read more