Setup MacvLAN on docker instance

After you created a docker instance, by default it will sharing the docker host default network interface IP address and port.

If you want to create a virtual LAN for docker and getting static dedicated IP address from the same network as the host, you will need to setup a MacVLAN under the docker.

Simply use the below command to create a MacVLAN. But first, you will need to identify your host network interface, IP range, subnet and the DHCP configuration to avoid IP conflict.

sudo docker network create -d macvlan -o -parent=eth0 --subnet=192.168.81.0/24 --gateway=192.168.81.1 --ip-range=192.168.81.8/32 new-macvlan

The next step is to create a bridge interface on the docker, you use any network which is not in use.

Finally, add both bridge network and macvlan network to the docker instance to get it work.

Utilize PsTools for analytic

https://download.sysinternals.com/files/PSTools.zip

PSTools is a set of collection of similar tools allow you to manage remote systems as well as the local one. The tool can execute with powershell and schedule tasks to let you perform a lot of remote tasks and troubleshooting.

Here is an example for psping.exe in PStools, not only to measure network performance but also to check the health of the website. We can simply write a BAT script to create the ping result log with timestamp.

echo %date%
SET mm=%date:~4,2%
SET dd=%date:~7,2%
SET yy=%date:~12,2%
echo %time%
SET hh=%time:~0,2%
SET min=%time:~3,2%
SET ss=%time:~6,2%
"C:\temp\psping.exe" xxx.com:443 >> "C:\temp\log\logfile_%mm%%dd%%yy%_%hh%%min%%ss%.log"

Ignore duplicate MAC address in SCCM

The new laptop nowadays usually don’t come with LAN ports, you may had an issue when trying to image multiple laptops with same USB to Ethernet Adapter.

Beginning with SCCM 1610, you can provide a list of hardware IDs that SCCM will ignore when using PXE boot and client registration. You can now exclude the MAC address and SMBIOS GUID in the console so that same adapters can easily be reused.

  1. In the SCCM console, go to Administration / Site Configuration / Sites
  2. On the top ribbon, click Hierarchy Settings
  3. In the Client Approval and Conflicting Records tab
  4. In the Duplicate hardware identifiers section, click Add and enter your MAC Address or SMBIOS GUID to exclude

How to block traffic from specific countries using CloudFlare

If for any reason you want to block visitors from any country, the solution is extremely simple!

First, enable the IP Geolocation in CloudFlare

IP Geolocation card in Network app, Cloudflare dashboard.

And then everything can be done from .htaccess file, via apache server:

# Block countries - IP Geolocation
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP:CF-IPCountry} ^(CN|IR|PK|TH|BD)$
RewriteRule ^ - [F,L]
</IfModule>

The country code list can be find from the below link:
http://www.ip2country.net/ip2country/country_code.html

Fortinet SSL VPN connection logout after 8 hours

By default, a SSL VPN connection logouts after 8 hours. Which will cause some user disconnected while continuously working from home for more than 8 hours.

config vpn ssl settings

set idle-timeout 300

The idle-timeout is period of time in seconds that the SSL VPN will wait before timing out.
Default value is 300 seconds (5 minutes). Range: <0> to <259200>.


set auth-timeout 28800
The auth-timeout is period of time in seconds that the SSL VPN will wait before re-authentication is enforced.
Default value is 28800 seconds (8 hours). Range: <0> to <259200>

A value of 0 indicates no timeout.

Changes as above or changing tunnel/web mode will not impact the environment.

However, be aware:
Once a SSL VPN client is connected, a change to firewall address objects or IP pools under SSL VPN settings in a production environment will tear down all the active SSL VPN connections regardless of the above timeout.