AD Authentication

AD Authentication with Firewall

One of our end customers wanted an AD Authentication to be done between its Head Office and Branch Office.

They had Sophos Firewall installed and wanted a secure connection in the entire network.

In this blog, we demonstrate how you can add an authentication server on Sophos Firewall and how to import AD groups. 

Here’s an overview of our process-

  • Refer to IP address as per the diagram
  • After Basic parameters configuration into the firewall, we need to create IPSEC tunnel between Head Office and Branch Office.
  • First, we need to create IPsec Tunnel between Head Office and BR_Office 1 & BR_Office 2.
  • Configure the Authentication server on all Firewall and
  • Install STAS into the Head Office AD server

IPsec Tunnel Configuration

Head Office Firewall Configuration

Step 1:

Host Creation

In your Sophos Panel, go to System >> Host and Services >> IP Host

In our case, as shown below we have created hosts for each the Head Office and the 2 branch offices.

Step 2:

Add IPSEC connection:

Configuration >> site-to-site VPN >> IPse

Step 3: Configure AD Server in firewall:

Under Configure, go to “Authentication” > Servers > Add

Select Server Type as “Active Directory”.

In the Connection Security option, make sure you either select SSL/TLS or START/TLS (as they are both secure)

Fill in the rest of the details and then click on the “Test Connection” button at the bottom to check the connectivity and then click on Save if everything is okay.

Before enabling STAS, you need to enable AD Authentication Service:

To do that, go to Adminstration > Device Access > Check necessary requirements and click on Apply

Once done, Go to Authentication > Services and choose your AD server as the primary authentication method before integrating STAS.

What is STAS?                       

Stands for Sophos Transparent Authentication Suite. By keeping track of domain controller events, Sophos STAS authentication can match authenticated users with their corresponding IP addresses. Once the user’s identity is known, the Sophos UTM can provide access based on that user.

How does Authentication work?

STAS tracks events taking place in the Domain Controller (DC). Each DC is supposed to track user log-ins and log-outs.

DC Collects these events and forwards them to the STAS Collector, the information collected is consolidated and forwarded to Sophos UTM along with the IP address and username.

The UTM pushes the Active Directory to establish which group the user falls under and then it allows or denies access based on permissions granted.

Integrate STAS:

  1. On the firewall, go to Authentication > STAS.
  2. Toggle On the Enable Sophos Transparent Authentication Suite and click Apply
  3. Click on Add new collector, specify your settings and then click Save

Add Firewall Rule:

STAT Configuration on AD Server:

  1. Download STAS Client from Firewall.

Configuration>>Authentication>>Client Download

Download it on Server Device

Install Client into AD server.

STAT Agent Configuration:

STAT Collector Configuration:

How to check if the STAS Service is Running or not

In order to check that, you need to start WMI Service in AD Server

Start WMI Service in AD Server:

Installed AD Certificate to Avoid SSL/TLS error:

It can happen to you that you get an SSL TLS Error when you try to work the above mentioned procedure. To avoid that, do the following:

Go t o AD Console>> Manage>> Add Roles and Features

Check Server Roles and check the status.

Now follow the IPSec Configuration step for the Branch offices as well and you are good to go.

fortianalyzer

FortiAnalyzer: Generate Audit Report

This blog is regarding generating an audit report of the day-to-day bandwidth and other applications usage from FortiAnalyzer generated from FortiGate firewall.

What is FortiAnalyzer?

FortiAnalyzer is a powerful log management, analytics, and reporting platform that provides organizations with a single console to manage, automate, orchestrate and respond, enabling simplified security operations, proactive identification and remediation of risks, and complete visibility of the entire attack landscape.

For generating report from Analyzer, we need to perform the below steps.

  • First, login to Analyzer.
  • After logging in, you will see a dashboard which includes the below options.
FortiAnalyzer
  • Once you can see the dashboard, just click on the Report.
FortiAnalyzer
  • After clicking on the reports, you will see Reports bars/options below.
FortiAnalyzer

Here, for now, I am only showing you how to generate the bandwidth and application Report.

Note: By default, this Template is available in Analyzer, you can create your own custom template as per the requirement.

  • Click on the bandwidth and application report > Report > Edit. As shown below.
FortiAnalyzer
FortiAnalyzer
  • After clicking on the edit, you will see generated reports, settings and editor.
  • Generated reports: you will see the reports which is generated already.
  • Editor: you can edit the layout of your reports as per the customers’ requirements.
  • Settings: under settings, you can see the below options.
                   

Name – you can give custom names to the reports.

Time period – you can select the time range, here I am generating for the previous 30 days.

  • Device:  we have two options here.

1. All devices– this will generate a report for all firewall/devices which is connected to this Forti Analyzer or in your network.

    2. Specify- from here we can select the individual devices as I have selected below.

  • Subnets:  
  1. All subnets- you can run reports for all subnets which is currently implemented in your FortiGate.
  2. Specify– for particular subnets (not for all the subnets).
  • Type:
  1. Single report- for each device it will generate a single report.
  2. Multiple reports- for each device It will generate a separate report

Now you have three options here,

  1. Enable Schedule: from here you can schedule your report like when it needs to be generated automatically.
  2. Enable Notification: Select this to enable report notification when generated.
  3. Enable Auto-cache: When enabled, this process uses system resources and is recommended only for reports that require days to assemble datasets. Disable this option for unused reports and for reports that require little time to assemble datasets.

You can also apply filters and go to advanced settings to customize fonts, language layout headers and other features.

FortiAnalyzer

Once all this is done, click on apply and return to the Reports section.

  • Under the report section, select your template and click on run report.
FortiAnalyzer
  • After clicking on the Run report, you will be able to see your generated report in the Generated Report section below.

Here, you will see the report is generated, and you can download this in HTML, PDF, XML, or CSV format.

FortiAnalyzer

Upcoming

We upload blogs on our website on a weekly basis. Keep an eye out for it. If you want to go through all the other blogs that we’ve uploaded, you can visit our blog section.

volsnap error event 36

How to fix Volsnap Error 36

A volsnap error shows up when you are dealing with low disk space in any drive (C, D, E or F Drive or any external Disk Drive). When this error appears, you would not be able to take a backup.

If you are using a hard disk which you are trying to backup, you may see a message such as “Failed to Backup”.

The Volsnap source errors are events that are listed in the Windows System event log. Such events usually contain relevant troubleshooting information as to why the shadow copy got dismounted and as a result, causes the backups to fail.

The shadow copies of volume D: were aborted because the shadow copy storage could not grow due to a user-imposed limit.

Description

What is a Shadow Copy?

Shadow Copies are nothing but Snapshots. A feature available in Windows file which creates these snapshots of a disk volume. You can create or store these snapshots or shadow copies on a local disk, an external hard drive, or even a network drive.

It is a type of technology which enables backup of files and creates snapshots of files and drives based on a schedule.

You have probably more shadow copies than you may know. Every time a system restore point is created, you will have a shadow copy.

Every time a system restore point is created, you will have a valid shadow copy. 

Shadow copy is what you use to recover deleted files.

Procedure to fix Volsnap Error

Firstly, identify the volume ID in Event Viewer.

Then go to the Shadow copy configuration window by right-clicking on any storage drive > click on Configure Shadow Copies option

Now, check how much free disk space is available on the system volume in Windows Explorer.

Open Control Panel > System > Advanced System Settings.

On shadow copies configuration window select the volume id same as shown in the event.

Click on Setting > Under Maximum Size : Select Use limit > Set it on 320 MB > Click on OK

Then again go to Settings for the same storage id > Under Maximum Limit option Use Limit as “10% of total storage of that drive” > Click on OK

For example: If your drive’s total size is 100 GB then the shadow storage should be 10 GB.

Once you do this, the error should not appear again.

Some of these blogs may be of interest to you: 

How to fix Microsoft Error Code 80090016 

IT Outsourcing from India: 6 reasons why you should 

How to get the right clients for your MSP Business 

Fix Clock Drift Monitoring Error on N-able N-central 

ConnectWise Automate: Show devices that are more than X years old 

Take Control RDP Connections not working in N-Central 

ConnectWise Automate uninstall n-able agent

ConnectWise Automate Control Centre Script to remove Advanced Monitoring (N-able) Agent

This blog will show you a step-by-step process of how a script (linked below) can help you uninstall the Advanced Monitoring N-able agent from all devices in your network.

Below is the command we can use as a batch file extension in script creation, and it will remove (N-able) Advanced Monitoring Agent out of all the devices.

start “C:\Program Files (x86)\Advanced Monitoring Agent\unins000.exe” /silent

 

Step by Step procedure to remove (N-able) Advanced Monitoring Agent using ConnectWise Automate

The user first needs to log in to Connectwise Automate > Automation > Script > View script > New > Script.

 

 

Main page: Name: Advanced Monitoring Agent Uninstall

Note: This script will uninstall Advanced Monitoring Agent on the specified computer.

Step 1: Select Function: Resend Software and select Save Step

 

Step 2: Select function: Execute the script and select Save Step

Script type: Batch

Script to Execute: start “C:\Program Files (x86)\Advanced Monitoring Agent\unins000.exe” /silent

Script Parameter: keep blank

Script Credentials: Run as Local Agent

Variable: keep blank

 

 

Step 3: select function: Resend Software and select Save Step

 

Step 4: Select the function: IF Software Installed and select Save Step

App Name: Advanced Monitoring Agent

Label to Jump to or Steps to Skip: !: Success

 

Step 5: Select function: Script Note and select Save Step

Remark : Success

 

Step 6: Select the function: Resend Process List and select Save Step

Step 7: Select the function: Resend Service List and select Save Step

 

Step 8: Select the function: Script Log Message and select Save Step

 

Message: Advanced Monitoring Agent uninstalled successfully.

Select “Save

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

Revamped Infrassist

A New and Revamped Infrassist

Who doesn’t like change? Who doesn’t like scaling? 

A revamp, a tweak is always a good idea, isn’t it?

 

We are elated, we are delighted and we are immensely honoured and proud to announce that we, Infrassist Technologies Pvt. Ltd. has undergone a revamp. 

We have a new colour, a new branding and a lot of new services to offer to our MSP Partners.

 

 

Why the change? 

The previous website didn’t have a lot of features that we used to offer. We talked about Microsoft Services to our prospects but we didn’t have any information about it on our website. How would people have trusted us? There was a huge misalignment in what we were saying and what we had on our website. 

 

We were already planning on adding new content and making the change, then why not try something new? 

There was a visible gap and that is when we felt the need to undergo a modification. Why not a facelift? That is when the marketing team felt the need to undergo modification and decided to jiggle things up.

infrassist transformation

The previous red colour that we had, wasn’t appealing when used on collaterals. Our graphic designer got to work and gave us a bunch of suggestions for logo colours. From all the colour combinations that we went through, we finally settled on this: 

infrassist technologies pvt. ltd

 

Why this colour? 

The idea behind this change is to make our website and collaterals look mild and professional. Additionally, we feel that we can be more approachable to companies, with Orange as our primary colour as opposed to the previous colour.

Orange is said to exude positivity, enthusiasm, excitement and warmth.  And the blue indicates stability and reliability.

 

New Services – Infrassist

We can’t exactly say that these are new services. We have served our existing partners with these services but convincing newer ones was a task. With the addition of these to the new website, we have categorized our services into the following 3 categories-

 

  1. Professional Services 

  • Microsoft 365 
  • IT Automation Services 
  • RMM Audit 
  • Firewall Audit 

2. IT Infrastructure Management 

  • O365 Admin
  • Azure Admin
  • RMM Admin
  • Firewall & Endpoint Admin  

3. Monitoring & Managing Support 

  • 24X7 NOC Support
  • Helpdesk Services 

 

A brief overview of the Services

Microsoft 365 – Under M365, we have Teams Adoption, SharePoint Migration, Power BI, Power Automate, Intune MDM/MAM, Autopilot, Azure, Identity and Access Management, Advanced Threat Protection, Data Loss Prevention, Tenant Level Features.

IT Automation ServicesDigitize your workplace as we automate your mundane IT Tasks via PowerShell Scripts, custom integrations through API, by leveraging Power BI and Power Automate

RMM Audit We perform an audit of the RMM Tool that you use so that you can optimize it for a better, more enhanced performance

Firewall Audit An audit of the Firewall tool so that you can check if it’s properly configured or not.

O365 AdminLeave the everyday O365 operations on us

Azure AdminTo help you leverage all of Azure’s future-ready cloud solutions

RMM AdminA dedicated RMM Admin

Firewall & Endpoint Admin A dedicated Firewall & Endpoint Admin

24×7 NOC Support24×7 NOC Support

HelpdeskFor quick and optimal IT Support and Resolutions

 

Infrassist’s mission has always been to provide our MSP customers deliver robust and reliable Infrastructure
management and security services. To deliver service excellence with Integrity leading to predictable outcomes. To build a team with passion, commitment and relentless customer focus. And this revamp, expanding our platter of services to provide MSPs with the best, is a step towards the same.

Our goal is to see businesses efficiently run their operations because of the difference that we made.

Here’s to more such endeavours and adventures to bring a change.