Debugging Akamai

Akamai just works, … most of the time. But sometimes you have to check what’s going on, and Akamai gives you a handy tool for this. There is an HTTP request header that tells Akamai to respond with some internal information. Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-ssl-client-session-id, akamai-x-get-true-cache-key, akamai-x-get-request-id With this request header Akamai includes …

Continue reading ‘Debugging Akamai’ »

MikroTik Automatic IPSec Failover

Problem: Mikrotik allows only one ipsec policy per network-to-network pair. If you want to have redundant tunnels between two locations with two upstreams you cannot configure ipsec redundancy on Mikrotik because one ipsec policy is always marked as “invalid” by the OS. Solution: I made a Mikrotik script that checks the status and reachabilty of …

Continue reading ‘MikroTik Automatic IPSec Failover’ »

FortiGate HA Synchronization Fail

Problem: Two FortiGate firewall show “not synchonized” in the HA status. Discussion: the problem with this is, that FortiGate does not show why it fails. I found no log file with a reasonable error message. So I tried to synchronize the config myself, which is exactly what should NOT be necessary when using HA synchronization. Solution: When an …

Continue reading ‘FortiGate HA Synchronization Fail’ »

My Contact was Shared with Facebook

Facebook gives a list of companies who run Facebook ads, and sent my contact information (tel, email) to Facebook. This list for my account lists some obvious companies, some companies I never heard of, and some companies who really should never have forwarded my contact information to Facebook! Look up your own list by: Click …

Continue reading ‘My Contact was Shared with Facebook’ »

Annoyances While Setting Up FortiGate 100E

After unboxing and starting two Fortigate 100E firewalls the following things failed. Fortinet should really work on QA I think: When starting the Webgui for the first time the box asks to register or login to activate the box. I tried to register and the box asks so many questions, doesn’t Fortinet know GDPR ? …

Continue reading ‘Annoyances While Setting Up FortiGate 100E’ »

F5 iRule Class Match Crash

Problem: F5 iRules with “class match” crash sometimes with this message: /Common/UA_DETECT – ambiguous option “-“: must be -all, -index, -element, -name, or -value while executing “class match [string tolower [HTTP::header User-Agent]] contains UA_STRINGS” Discussion: the class match command has optional parameters, when the HTTP header User-Agent starts with a “-” it gets intepreted by …

Continue reading ‘F5 iRule Class Match Crash’ »

No Text Console After NVME Storage Upgrade

Problem: After upgrading a system to NVME, Linux boots without textconsole, or sends the text console to the wrong graphics card. Discussion: The NVME upgrade needed to change from BIOS boot to UEFI boot. UEFI boot disables the pure text console, and the kernel uses whatever frame buffer is available, or without text console if …

Continue reading ‘No Text Console After NVME Storage Upgrade’ »

Juniper MX204 Upgrade

Check the current version. > show version Hostname: Router Model: mx204 Junos: 18.2R1.9 JUNOS OS Kernel 64-bit [20180614.6c3f819_builder_stable_11] … go to¬†https://support.juniper.net/support/downloads/ and select MX204, and search for newer version Select “Install Package” -> “VMHOST 64-BIT” -> “tgz” After login you will see a URL. Copy this URL Download the file onto your Juniper MX204, with …

Continue reading ‘Juniper MX204 Upgrade’ »