Batch script to determine 32 or 64 bit Windows Operating Systems and perform an action

I think that’s the longest title I’ve ever made! Anyway, if you’re like me and need to work on different Windows Operating Systems and would like to distinguish between architecture types when executing batch scripts, then you’ve come to the right place.

Check out the below script and use it to make your life easier:

@echo off
::Written by Samontech

SET Version=Unknown

wmic os get osarchitecture | FINDSTR /IL “32” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”32″

wmic os get osarchitecture | FINDSTR /IL “64” > NUL
IF %ERRORLEVEL% EQU 0 SET Version=”64″

ECHO The OS architecture of Windows found is %VERSION% bit

IF %VERSION% == “32” GOTO OLD
IF %VERSION% == “64” GOTO NEW
::If no versions are found go to UNKNOWN
GOTO UNKNOWN

:OLD
ECHO Execute script for 32 bit OS
***Insert awesome script work here!
GOTO FINISH

:NEW
ECHO Execute script for 64 bit OS
***Insert awesome script work here!
GOTO FINISH

:FINISH
ECHO Script executed successfully
GOTO END

:UNKNOWN
ECHO OS Architecture Unknown

:END

It’s very similar to my batch script which deletes temporary files on all Windows Operating systems, but, use your imagination and put it to use e.g. upgrading Adobe Reader, Adding Registry keys, the list goes on!

Fortigate: Configure High Availability

So this may not be necessary for most home users out there but for those that need a quick rundown on how to configure High Availability between Fortigates, I hope this helps:

Prerequisites:

  • All Fortigates need to have the same hardware configuration i.e. hard disk configuration, optional components installed, same model version.
  • All Fortigates need to have the same firmware build e.g.¬†v5.0,build0271 (GA Patch 6)
  • All Fortigates need to be using the same operating mode e.g. NAT or Transparent
  • All Fortigates need be operating in the same VDOM mode
  • If all Fortigates are operating in multiple VDOM mode, have they all got the same VDOM configuration
  • All interfaces need to have a static IP address. If any interface is using DHCP you can’t configure HA
  • Fortigates that have an in built switch will not work. You will need to configure Interface Mode.

Boring stuff done, let’s get to work.

High level steps required to configure HA:

  1. Configure Fortigate units for HA operation individually and power off.
  2. Connect the Fortigates to the network
  3. Connect all interfaces (LAN, Heartbeat, Internet)
  4. Power on both Fortigate units
  5. Test!

Details Instructions

  1. Log onto the first Fortigate unit (FG1) and configure all your interface settings, policies, hostnames, VIPs, firewall addresses, routes etc.

    FG1# conf sys hostname
    FG1# conf sys interface
    FG1$ conf firewall policy
    etc

  2. Configure High Availability via CLI. Here is my standard setup but ensure you read the Fortigate manual for further clarification

    FG1# conf sys ha
    FG1# set mode a-a
    FG1# set group-name SAMHA
    FG1# set password Th!sIs@s3CurePa$$w0rd
    FG1# set hbdev “port2” 50 “port3” 50
    FG1# set session-pickup enable
    FG1# set override disable
    FG1# set priority 50
    FG1# set monitor “port1” “wan1”
    FG1# set pingserver-monitor-interface “port1”
    FG1# set pingserver-failover-threshold 1
    FG1# end

    Notes:
    – Set “hbdev”: this is the interface that you will connect to your second unit and monitors the heartbeat of the unit i.e. port2 on FG1 will be connected to port2 on FG2. The number after is the priority of that interface. It is recommended that you have at least 2 heartbeat interfaces configured.
    – Set “monitor”: this is the interface that the Fortigate will monitor. If there is a fail on this interface, the unit will failover to the second unit.
    – Set “priority”: this sets the priority of the cluster device. Whenever you change the device priority of a cluster unit, when a cluster negotiation occurs, the unit with the highest priority becomes the primary unit.

  3. Power off FG1
  4. Perform steps 1 to 3 on FG2. Power off FG2
  5. Connect all interfaces correctly, ensure switching is correct, and heartbeat Interfaces are connected.
  6. Power on both Fortigates at the same time.
  7. Log on to one of the units and identify which of them is the master Fortigate by entering

    FG1# get sys stat

    You should get output that looks like the below. You can see from the output that this unit is the master unit.

    FG1 # get sys stat
    Version: FortiGate-60D v5.0,build0271,140124 (GA Patch 6)
    Virus-DB: 19.00098(2013-09-01 11:46)
    Extended DB: 1.00000(2012-10-17 15:46)
    IPS-DB: 4.00385(2013-08-28 22:38)
    IPS-ETDB: 0.00000(2001-01-01 00:00)
    Serial-Number: FG60D3911452369
    Botnet DB: 1.00229(2013-09-01 11:39)
    BIOS version: 04000007
    Log hard disk: Available
    Internal Switch mode: interface
    Hostname: FG1
    Operation Mode: NAT
    Current virtual domain: root
    Max number of virtual domains: 10
    Virtual domains status: 1 in NAT mode, 0 in TP mode
    Virtual domain configuration: disable
    FIPS-CC mode: disable
    Current HA mode: a-a, master
    Branch point: 271
    Release Version Information: GA Patch 6
    System time: Mon Mar 15 16:19:18 1996

  8. Test failover using these tests as a bare minimum:
  9. – Power off a Fortigate unit
    – Unplug port1 (production network)
    – Unplug internet connection (wan1)
    – Unplug one of the two heartbeat interfaces

Go forth and ensure you can keep that 99.999999999% uptime ūüôā

Fortigate: Configure Interface Mode

Some of the SMB Fortigate units will have default settings that are good for the everyday user. But what if there’s more to life then an in built switch? What if we want to configure, respect and treat all interfaces as their own?

For anyone that has a Fortigate unit and does not want to use the internal switch (factory default), here are quick steps to configure interface mode i.e. all ports are treated as individual interfaces and will need to be configured appropriately:

1. Delete DHCP server entries

FG123456# conf sys dhcp server
FG123456# delete 1
FG123456# end

2. Delete default firewall policy

FG123456# conf firewall policy
FG123456# delete 1
FG123456# end

3. Enable interface mode

FG123456# conf system global
FG123456# set internal-switch-mode interface
FG123456# end

Done and dusted. Now get that config up and ready!