Howtos – Ryan Dorman's IT Blog

Let’s Encrypt Certificates and Remote Desktop Services

By Ryan Dorman | March 29, 2023March 30, 2023 by Ryan Dorman

Background With the potential of SSL certificates in Chrome being considered expired after 90 days and the inevitable downtime from not renewing a certificate in time, its time to get serious about automating the renewal and installation of certificates on all platforms. This process is well honed for popular webservers but other applications require custom solutions. Microsoft Remote Desktop Services relies heavily on trusted SSL certificates to function properly. I’ve worked on two methods of…

Howtos

Triggering HomeKit Automations with a Fortigate

By Ryan Dorman | November 27, 2022January 22, 2023 by Ryan Dorman

Problem Statement and Proposed solution I use Apple HomeKit as my smart home platform of choice. Its not perfect and doesn’t have nearly the ecosystem that Alexa does but I like it and it compliments the fact that I use mostly Apple devices in the rest of my network. I don’t do anything all that complicated because I rent so there is a limit to the amount of smarts I can integrate. One feature I…

Howtos

My Journey to IPv6: Part 3 – Outbound Firewall

By Ryan Dorman | November 10, 2022November 10, 2022 by Ryan Dorman

Three is the magic number In parts 1 and 2 we discussed IPv6 addressing, and connection basics then configured a Fortigate to grab a DHCPv6 PD prefix and distribute it with SLAAC to clients on the inside network. In this episode I will go over the Fortigate firewall and security policy configuration to get your IPv6 traffic out to the Internet. The illusion of control In part 1 I discussed how router advertisements are sent…

Howtos

My Journey to IPv6: Part 2 – Fortigate Address Configuration

By Ryan Dorman | November 9, 2022November 20, 2022 by Ryan Dorman

How did we get here? In part 1 of this series I covered some basics about how IPv6 addresses are distributed. In summary we use DHCPv6 PD to find out from an ISP what prefix should be placed on our clients. After that a combination of SLAAC and DHCPv6 result in one (or more) IP address and DNS server combo that gives a client IPv6 connectivity. As mentioned in the first article I have Verizon…

Howtos Tips

Azure AD Conditional Access Standard

By Ryan Dorman | June 24, 2021June 28, 2021 by Ryan Dorman

Based on the excellent work in this blog article I implemented a standard for conditional access that we plan to use across clients. It attempts to balance the security lock down with breaking as few things as possible. You need to create and populate the following groups CA-Excluded No Conditional Access rules applied to members CA-Service Accounts Can only authenticate from trusted IP named locations CA-International Users Users who can connect from pre-defined trusted countries…