Friday 29 July 2011

Fortigate MR3 VPN to Cisco

So I'm doing a lot more Fortigate work in a new job.  Got to grips with most of the Forti foibles but this is a new one..

We've got a site with a Fortigate at the head office and Ciscos at the remote sites.  They're in construction so the Ciscos get kicked, dropped, spiked etc but just keep going.

I was adding a new site after recently updating the Fortigate to MR 3 PL1 and it would not work. The VPN just would not come up. Identical Cisco config (bar IP addresses) and the HO Forti VPN config looked identical too.  Until you get to the CLI...

Seems now there is a mode-cfg setting that defaults to enabled and the Cisco's don't like being told what to do.  Turn that off in the CLI and the VPN came up. By the way the VPNs on the Cisco end are VTIs using routes as these seem to play better and you don't have to specify and match proxies.

Monday 7 March 2011

Reformed Orcon user

This is a New Zealand specific thing so not relevant to most.

I finally had had a guts full of our previous ISP Orcon and changed to Telecom several weeks ago.

Talk about night and day!  We can use youtube etc.  Even two of us at the same time!  This was unheard of on Orcon.  It took tens of minutes to load a 30 second clip. Downloads were regularly 2KB per second.  Whoever set up their shaping needs castrating.

Speed test shows not quite as dramatic results.  Download is up about 30 to 50 per cent depending on the day, and this is on ADSL 1 as I'm still using an old Cisco 1751 router. Ping is usually about half what it was.

To be fair Orcon quite quite good at 5AM.  We could watch youtube and download at hundreds of KB per second.So I'm guessing they just not good at the shaping and over subscribed.  A shame given they used to be one of the best 5 years ago.  Seems change of leadership a while back has led to more flash ('cuse the pun) and less substance.

Gentoo grub-probe not working

 I have a bunch of history commands I run when I d a new kernel etc and one stopped working. grub-mkconfig would fail with grub-probe for /....