So you’ve just got a TPG IP Line connection and they have sent you your IP , how do you set this up on your Fortigate or other router?

They would have sent you an IP with Netmask e.g. : 210.9.x.x/30

How do you set this up on your router?

Enter the IP in the Subnet Calculator with the mask bit e.g. 30 and it will give you the range you can work from

38.242.x.x will be the network address cannot be used as it used to identify where the network starts

38.242.x.x ( +1) Will be the ISP Gateway , you need this to add a static route on the foritgate for this WAN Port

38.242.x.x ( +2) Will be the IP address you need to set on your Foritgate


Next you will need to add a policy to allow all outbound from Lan to the new WAN Port


GD Star Rating
GD Star Rating

Private Pre-Shared Key: Simplified Authentication

Organizations that are planning wireless LAN’s to support corporate devices, BYOD, guest access, may be struggling to find the balance between flexibility and security. Though using IEEE 802.1X is the most secure approach to Wi-Fi authentication, this method is typically only implemented for devices managed by IT. For BYOD, contractors, or guests, the IT staff may not have the access, time, or knowledge to provision certain devices.

  1. Configure Private PSK on Guest SSID to the below.



  1. Specify the PSK User groups
    1. You will have to create them based on daily/weekly/monthly rotation
    2. See below for details

Note: you have to use the profile attribute as your guest user profile in this instance, it is 2.

  1. Hit Save and view your Local PPSK User groups.


  1. If you Browse to Configuration> Authentication> Local Users you will see all the pre-generated user keys.



  1. Create a user account with guest user account and password rights.
    1. Goto Home> administrators > administrators
    2. Create new
    3. Give a username/email and password
    4. Assign to the User Manager Operator group.


  1. Configure email service on Hive manager.
    1. Goto Home>Hivemanager Services> check the Email Service settings
    2. Specifiy the smtp server as
    3. Specify a from email address
    4. Click update.


  1. Log in as the User who will be distributing the guest credentials
    1. Login to the portal as the new account
    2. Click create
    3. Enter details and you will have your user specific guest account details, which you can send to them.





GD Star Rating
GD Star Rating

cisco-asa-5520-and-55501The inspection engine is looking at the ftp protocol and finding something objectionable in that user’s sessions. Exactly what is hard to say without debugging or capturing a live failing session.

You can disable ftp inspection as follows (in global configuration mode of course):

policy-map global_policy

class inspection_default

no inspect ftp

GD Star Rating
GD Star Rating

HP have forced people to use the Web interface on the new range of switches , however you can enable advanced cli through : 

Using _cmdline-mode on

with Password: Jinhua1920unauthorized

To find the Mac and port relation on 1920G

Login to Web interface , go to Network Tab , then sub tab MAC

You can See Mac and port relation there

GD Star Rating
GD Star Rating

SRX210[1]Trying to get  site to site route based VPN working with 2 x SRX 240’s with the config ; 

routing-options {

static {

route next-hop

This was worked on a previous site to site vpn , however , using Show route after committing this did not show in the routing table was the IP of the secure tunnel interface st0.3 which was 

it’s a Juniper official technical document for route-based VPN setup that you just declare the Secure Tunnel interface instead of the IP×44/topics/example/ipsec-route-based-vpn-configuring.html

routing-options {

static {

route next-hop st0.3


GD Star Rating
GD Star Rating

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.


en the Fortigate CLI from the dashboard and enter the following commands:

  • config system settings
  • set sip-helper disable
  • set sip-nat-trace disable
  • reboot the device

Re-open the CLI and enter the following commands:

  • config system session-helper
  • show    (locate the SIP entry, usually 12, but can vary)
  • delete 12    (or the number that you identified from the previous command)

Disable RTP processing as follows:

  • config voip profile
  • edit default
  • config sip
  • set rtp disable



config system settings
set default-voip-alg-mode kernel-helper-based

Important is that you need to configure it on all the VDOM`s
A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear


Great diagnosis guide as well here 

GD Star Rating
GD Star Rating

SRX210[1]In configuring a IPSec site to site vpn with SRX 240 we need to set the st0/1/2 Adapters to manual address

For this I choose Subnet 30 which only gives 2 IP’s per subnet (between SRX1 and SRX2)

If you try and assign an IP in the Broadcast Address or Subnet Address wou will get

Cannot assign broadcast address as ip address


Cannot assign address 0 on subnet

Use a subnet caculator for checking these address’ and only use the values in between the Min and Max Host

GD Star Rating
GD Star Rating