Category Archives: Network

Important FortiGate CLI commands

FortiGate High Availability Cluster CLI commands:

Manage the specified FortiGate unit (X ist the unit number):

execute ha manage X

Set the current ForitGate Unit as master:

diag sys ha set-as-master enable

Get HA Status:

get system ha status


FortiGate Session commands:

Get all Sessions:

diag sys session list

Filter Sessions:

diagnose sys session filter

Clear Sessions (only filtered ones or all):

diagnose sys session clear

Clear Filter:

diag sys session filter clear

LetsEncrypt on CentOS 6 – Free SSL certificate for everyone!

This is a short manual how to use Let’s Encrypt on CentOS 6 with Apache Webserver:

1. Install dependencies:

Download, unzip and install Python:

tar -xvpzf Python-2.7.11.tgz
cd Python-2.7.11
make altinstall

Install Git:

yum install git
git clone

2. Stop apache:

Continue reading LetsEncrypt on CentOS 6 – Free SSL certificate for everyone!

Swisscom TV stört WLAN

Vor einigen Tagen habe ich bei meinen Eltern das Centro Grande mit Swisscom TV, Internet und Telefonie eingerichtet. Laut Verpackung alles schön einfach: Einstecken, Einschalten, Surfen, Telefonieren und TV-gucken. So einfach habe ich mir das auch vorgestellt…

Ich habe mich also an die Installation des Centro Grande DSL-Routers gemacht, wie ihn Swisscom so schön nennt. Eigentlich

Continue reading Swisscom TV stört WLAN

DNS forwarder on Qnap NAS

A few days ago I installed dnsmasq on my QNAP NAS. I use this DNS-forwarder to resolve my LAN-device’s names. Here is a little instruction:

First install ipkg, if you haven’t already (see

Access your NAS with ssh as “admin”. If you haven’t already activated ssh, see

Bring your ipkg installation up to date with this command: /opt/bin/ipkg update

Install the DNS-forwarder dnsmasq: /opt/bin/ipkg install dnsmasq

Edit with vi or your favorite text-editor the file /opt/etc/dnsmasq.conf and add the following line:


I added also a dedicated user for dnsmasq called “dnsmasq” and modified the following lines in dnsmasq.conf:

# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.

Create and edit the file: /opt/etc/dnsmasq-hosts.conf

In this file, you define all your hosts with their names.


After modifying and saving this file, restart the dnsmasq service:

/opt/etc/init.d/S56dnsmasq restart

All done! Now you have to set the first DNS-Server address on your computer, to the IP-Address of your NAS.

The NAS will now answer all DNS-Queries. IP-Addresses which are not in the config file will be forwarded to the DNS-Servers configured on the NAS to resolve names outside your network.

Multicast Routing of Apple’s Bonjour with FortiGate WiFi

A few weeks ago I replaced my good old DrayTek Vigor with a FortiGate WiFi. Because I have now two different Networks (one WiFi and the other Wired-LAN), the TimeMachine Backup does not work.

This has a simple background: TimeMachine uses Apple’s Bonjour protocol to find backup-volumes on the Network. Bonjour uses multicast, which is not routed between different Networks.
The solution is very simple, but you have to find it because it is not activated by default:

1. Go to “System” -> “Admin” -> “Settings” and activate the checkbox on “Multicast Policy“, then click “Apply” to save the changes.


Continue reading Multicast Routing of Apple’s Bonjour with FortiGate WiFi