So i get a call from a good client of ours that their ISA server has died, so after some discussion we quickly installed a new server that they had sitting around and we loaded ISA server onto it.
One rule of thumb i didn't really abide by was to make sure the the external network card was disabled while i was loading the server onto the domain. One thing i've always had to deal with when installing ISA onto an SBS machine it disabled the other network card. But thats not REALLY too much of an issue. I would disable the external network card untill after you have added the server to the domain (If its aDC then not to worry). After the installation of ISA 2004 i kinda struck a flash back moment where GOD DAMN IT i forget which rules to put in for proper access, so of course i put in the ALLOW ALL ANYWHERE rule in to allow the client access to get their shit underway. From here i had to add rule after rule to get all their services running again.
One thing i did notice was when i restricted the ALLOW ALL ANYWHERE rule to only people from a specific group, some shit started failing in the log (Monitoring the log is you FRIEND USE IT!!). So i had to load a few other rules to allow the DNS server to access External DNS servers. Also adding rules for MAIL which was beign forwarded to a smart host from Exchange then from the Smart Host to the internet. After awhile i found that i had RULES FOR AFRICA in my ISA. What to do?
What i did was watch the monitoring logs again and deletd the rules that never showed up for a day, very tidy indeed. Listed below are the rules i have setup that i believe allows default access to systems to keep your hair intact when dealing with ISA.
1.DENY ALL TO EXTERNAL for ALL USERS
2.ALLOW ALL TO EXTERNAL for specific internet users
3.ALLOW ALL TO INTERNAL form LOCAL HOST
4.ALLOW ALL TO INTERNAL form INTERNAL
5.ALLOW DNS TO EXTERNAL form local DNS Servers (there is a system rule for DNS from local to external)
6.ALLOW SMTP TO EXTERNAL form Mail Server or Smart Host
7.ALLOW SMTP FROM External to Mail Server for External SMTP delivery
8.ALLOW Any other service you require.
If you require VPN Users to access a rule then you must add the VPN Users group to the FROM section of the rule.
If all else fails then ISAServer.org is your friend, thanks Tom.
-Fr33ze
Thursday, 14 April 2011
Wednesday, 13 April 2011
Fortigate
Loading Firmware on a fortigate i thought was easy, well it is coz i can't read for shit anyways FORMAT boot image first THEN load FIRMWARE zzZZZzz. Fuckballs i wear glasses for a reason and its not to see obviously!!!
If you are in the market for a decent Firewall Appliance check out FortiNet
-Fr33ze
If you are in the market for a decent Firewall Appliance check out FortiNet
-Fr33ze
IdealPOS WTF stop begin so picky!!
So, not only do i installs servers but i'm a dab hand at installing POS systems. My last post below mentioned that i'm doing this because i sometimes forget how i got shit working well this post is one of those posts!!
We sell IdealPOS and this system is great, but sometimes the hardware we want to put it on isn't or is it the other way around? Anyway i have an HP ap5000 POS system this system is compact and great for the POS market, except IdealPOS doesn't like serial MAG stripe readers the only thing serial IdealPOS likes i think are receipt printers.
So this MAG reader doesn't work in IDealPOS so what the FUCK do i do, the boss i saying get it working, i'm not a fucking miracle maker!! AM I!??!!?!...or am I?
We get these AP5000 from Sektor so i give Dave Whitty a ring and ask him can he find something that can make these Serial MSR translate into Keyboard Wedge.....Dave is a Genius!!
Datalogic do a utility that can do this translation, install it make the neccassary configuration and you're away. The ap5000 comes with a MSR configuration utilty which you need to modify:
PACKAGE
FS = none FE0 = CR FE1 = none Error = None Check = None
after that the MSR will work as WB Wedge!
The Customer Line Display that comes with the ap5000 is also a tricky on because it uses a usual BUAD rate 38400 well its not THAT usual but still got me for awhile, still HP you need more INFO on this, i had to download the JPOS driver and install it to find out that there is a PDF in that driver package that explains which BAUD rate to use ZzzZZzzzz. So after a few minutes i sort it out: go into IdealPOS and select customer display under terminal options set the TYPE to Epson DM-Dxxx set the COM port to 2 by default or 1 (The display doesnt work on COM3) set the SETTINGS at 38400,n,8,1 set your Display TExt and you are away.
OMG STOP BEGIN SO FUSSY!!!!!
-Fr33ze
We sell IdealPOS and this system is great, but sometimes the hardware we want to put it on isn't or is it the other way around? Anyway i have an HP ap5000 POS system this system is compact and great for the POS market, except IdealPOS doesn't like serial MAG stripe readers the only thing serial IdealPOS likes i think are receipt printers.
So this MAG reader doesn't work in IDealPOS so what the FUCK do i do, the boss i saying get it working, i'm not a fucking miracle maker!! AM I!??!!?!...or am I?
We get these AP5000 from Sektor so i give Dave Whitty a ring and ask him can he find something that can make these Serial MSR translate into Keyboard Wedge.....Dave is a Genius!!
Datalogic do a utility that can do this translation, install it make the neccassary configuration and you're away. The ap5000 comes with a MSR configuration utilty which you need to modify:
PACKAGE
FS = none FE0 = CR FE1 = none Error = None Check = None
after that the MSR will work as WB Wedge!
The Customer Line Display that comes with the ap5000 is also a tricky on because it uses a usual BUAD rate 38400 well its not THAT usual but still got me for awhile, still HP you need more INFO on this, i had to download the JPOS driver and install it to find out that there is a PDF in that driver package that explains which BAUD rate to use ZzzZZzzzz. So after a few minutes i sort it out: go into IdealPOS and select customer display under terminal options set the TYPE to Epson DM-Dxxx set the COM port to 2 by default or 1 (The display doesnt work on COM3) set the SETTINGS at 38400,n,8,1 set your Display TExt and you are away.
OMG STOP BEGIN SO FUSSY!!!!!
-Fr33ze
Intro
So what the fuck is this, can you imagine having a day in your life that was important enough to want to remember but now so long down the track you can't. This is what this shit is for!
I'm a Network Engineer by trade, WOW an engineer, no i didnt go to uni for that, its a title given by Microsoft because you sat their unbelievably retarded exams. Now all you fucking pro MS guys out there are probably saying "The exams are not hard", i'm sorry but i went to school to eat my lunch and it shows. If i could live my life not having to sit another Exam would be great, thanks Microsoft.
I also have a few Hobbies which are worthy of writing about because they are cool:
I've been playing the guitar for 22 Years and i'm the BEST.........bedroom guitarist ....in my house. I also have been an online GHEYMER for a few years now actually making shit load more friends than IRL (fuck RL its a LIE! mmmCAKE). I also do Brazilian Jiu Jitsu, yeah i know BJJ best Martial Art PROVEN!.
So through my little blogs i will tell you about all my shit that i've done and all my experiences, i mean thats what this shit is for right, well that and making me remember about shit i've done.
So hopefully some of you out there will google some RAND search and find some of my posts and find them helpful, if you do you owe me.
I wonder if you're allowed to swear on your blog...fuck it i'm about to find out when i click on PUBLISH POST.
-Fr33ze
I'm a Network Engineer by trade, WOW an engineer, no i didnt go to uni for that, its a title given by Microsoft because you sat their unbelievably retarded exams. Now all you fucking pro MS guys out there are probably saying "The exams are not hard", i'm sorry but i went to school to eat my lunch and it shows. If i could live my life not having to sit another Exam would be great, thanks Microsoft.
I also have a few Hobbies which are worthy of writing about because they are cool:
I've been playing the guitar for 22 Years and i'm the BEST.........bedroom guitarist ....in my house. I also have been an online GHEYMER for a few years now actually making shit load more friends than IRL (fuck RL its a LIE! mmmCAKE). I also do Brazilian Jiu Jitsu, yeah i know BJJ best Martial Art PROVEN!.
So through my little blogs i will tell you about all my shit that i've done and all my experiences, i mean thats what this shit is for right, well that and making me remember about shit i've done.
So hopefully some of you out there will google some RAND search and find some of my posts and find them helpful, if you do you owe me.
I wonder if you're allowed to swear on your blog...fuck it i'm about to find out when i click on PUBLISH POST.
-Fr33ze
Subscribe to:
Comments (Atom)