Category Archives: Crypto

IPsec VPNs Deep Dive

Establishing an IPsec VPN between two sites or even among multiple sites such as Fortinet's ADVPN.  But do we really…

By Manny Fernandez

February 16, 2026

Extracting Private Key from FortiGate Firewall

Why would you need to export the private key when you create a CSR on the FortiGate.  If for instance,…

By Manny Fernandez

August 30, 2022

Extracting Your Private Key from a .pfx certificate

I had a customer that installed a wildcard certificate on an Exchange server.  Later they wanted to use the same…

By Manny Fernandez

August 30, 2022

What Diffie-Hellman (DH) Group Should I Use

There has been a lot around Diffie-Hellman groups and which ones to use.  Some think that the bigger the DH…

By Manny Fernandez

January 7, 2020

Encrypting a USB Thumb-Drive on macOS from CLI and GUI

There are a couple of ways to encrypt drives and volumes on macOS X.  I recommend that if you are…

By Manny Fernandez

January 1, 2020

Troubleshooting IPSec VPNs on Fortigate Firewalls

Lets start with a little primer on IPSec.  I am going to describe some concepts of IPSec VPNs. IPSec Primer…

By Manny Fernandez

November 12, 2019

IPv6 VPNs in Fortigate Firewalls

I have two Fortigate 140Es in my environment.  SecPrimate-01 and SecPrimate-02.  The SecPrimate-01 is using the Mariner color while the…

By Manny Fernandez

October 20, 2019

Setting Up Tor On macOS

Tor is an Open-Source project created in the 90's by United States Naval Research Laboratory.  Tor give you a level…

By Manny Fernandez

September 18, 2019

Disabling Weak Ciphers on Fortigate Firewalls

A customer of mine sent me an email after having a vulnerability assessment done against his environment.  He got back…

By Manny Fernandez

April 14, 2019

Using OpenSSL to Provision Wildcard Certificate

I have my lab set up with plenty of gear from Fortinet, Cisco, Palo Alto and Checkpoint. In order to…

By Manny Fernandez

January 3, 2019

Categories

Recent posts

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story