Wednesday, June 6, 2018

Palo Alto PPPoE with vlan tag, it's stupid setup but it's working !!

Palo Alto is not allow L3 subinterface with PPPoE, but certain ISP require to perform PPPoE with VLAN tagging

at 2018, update from reaper

So I come out this setup. Yes, it is stupid but it work !

Basically, ethernet1/3 setup as Layer 3 with PPPoE

Select interface as Layer 3, virtual router and security zone

Go to IPV4 tab, check PPPoE then configure as request

ethernet 1/4
Create VLAN profile , security zone I left it blank and interface type as L2

Ethernet 1/5, edit select ethernet1/5 at bottom create sub-interface

subinterface configure as TAG (VLAN ID), as Malaysia ISP unifi is using VLAN ID 500, at VLAN must select the previous create VLAN profile at ethernet1/4

p/s by missing VLAN profile at ethernet1/4 and ethernet1/5.500 the packet unable unable reach to modem (laptop as my testing environment)


My laptop receive PPPoE discovery broadcast packet with VLAN ID 500 tagged

Although is stupid setup but it work, LOL

alternative setup if with extra switch with VLAN feature

Summary, well Palo Alto is very common implementation via L3 sub-interface PPPoE, okay !

Monday, March 5, 2018

Note for myself (ignore it)

ISE disable AD encryption for query tshoot



Enable full coredump

Force Coredump

SSLVPN - timestamp formula


Friday, May 12, 2017

Note - Fortianlyzer generate top sent byte

This topic is for my own reference/note only

Dataset to generate report which top user

select srcip, dstip, dstport, action, service, sum(sentbyte/1048576) as sent_MBps,sum(rcvdbyte/1048576) as receive_MBps, count(*) as sessions from $log where logid_to_int(logid) not in (4, 7, 14) GROUP BY srcip, dstip, dstport, action, service ORDER BY sent_MBps DESC

Monday, May 1, 2017

Note - Forti Analyzer Report

This topic is for my own reference/note only

Dataset to generate report which hit policy id xxxx

select srcip, dstip, dstport, policyid, action, service, count(*) as sessions from $log where policyid = xxxx GROUP BY srcip, dstip, dstport,policyid, action, service

Thursday, January 26, 2017

Fortianalyzer with gmail setup

If you tried to setup Fortianalyzer sending alert via gmail but kept fail

p/s  if you tried setup with 3th party apps for send notification via gmail, this guide might suit too.

Current my analyzer running 5.2.5

Herewith the steps

1. Setup on Fortianalyzer mail server setup

for information about gmail setting

2. SSH to Fortianalyzer , configure the secure option, this command make sure using starttls.


config system mail
    edit "Gmail"
        set secure-option starttls

below is the wireshark capture  using starttls, as the red arrow indicate the SSL handshake start

3. Login into your gmail account

4. Access the url , turn it on

You can skip steps 5 and 6 if you 1st time setup gmail smtp server, else continue

5. Access the url, click continue

6. You will come to this page below

6. Let test the email setup, right click the email setup and key in the recipient email

7. You should successfully send the email

Monday, November 21, 2016

Windows 7 administrator

if you wish to reset password, you may skip this topic.

if you wish to gain *Ahem*  local administrator role for c**p*** laptop/pc *Ahem*

*Ahem* bypass G** and doing without 3th party software

yup you come to right place.

1 x same windows version CD/USB bootup image
1 x working CD room/ USB port

Follow the steps as below link until reset password

p/s if you unable to locate the windows/system32 directory, it might store at other drive, please try d,e,f,g drive and etc.

hit the shift key 5 times till pop out the command prompt.

1. Type net user

2. You will get a list of user

3. type net user <username> , example net user Administrator

4. Scroll till end, it will list local group memberships as per below

5. type net localgroup <local group membership> <username> /add , example net localgroup Administrator limvuihan /add (local group membership is key sensitive)

6. verify the username you had modify, type net user <username>, if success add should listed as below

Then recover back the file that overwrite as per link listed earlier or below

So, you has the administrator role.