Fortigate VPN token有時後會沒用

 在fortigate上設定好ad帳號登入vpn，要啟用token驗證，才能連線。

但有些使用者設定好，手機上的程式也啟用了，登入vpn時就不會跳出要輸入token code，就直接登入成功了。

後來才發現是登入帳號大小寫的問題，有的人帳號是用大寫，就不需要輸入token code，用小寫才需要。

後來發現是我們在設定vpn的權限時，一開始是還沒用token時，直接把ad群組加入vpn的設定中。

現在因為要用token，需要把個別的ad帳號加到用戶名單，再加到vpn設定中。

所以vpn的設定裡就會有兩個不同的帳號來源，這時後只要把在vpn設定裡的ad群組拿掉，就行了。

user登入後，就只能接受跟用戶名單裡大小寫都要相符的帳號做登入。

Fortigate VPN Token Sometimes Doesn't Work

When setting up an AD account for VPN login on Fortigate, token authentication needs to be enabled to establish a connection.

However, some users have successfully configured their accounts and activated the token authentication on their mobile devices, but when they log in to the VPN, they are not prompted to enter the token code. Instead, they are logged in directly.

Later, we realized that the issue was related to the case sensitivity of the login credentials. Some users had their usernames in uppercase, which bypassed the need for a token code, while lowercase usernames required it.

We discovered that when initially setting up VPN permissions, before using tokens, we directly added the AD group to the VPN configuration.

Now, with the token requirement, individual AD accounts need to be added to the user list and then included in the VPN configuration.

As a result, the VPN configuration will have two different sources for account information. To resolve this, we simply need to remove the AD group from the VPN configuration.

After this change, users will only be able to log in with usernames that match the case sensitivity specified in the user list.

fortiVPN 使用token登入錯誤 : fortitoken clock drift detected

 結果是安裝fortitoken mobile的手機時間錯誤，把時間調對就好了。

fortiVPN login error with token: fortitoken clock drift detected.

 The issue was caused by incorrect time settings on the mobile device where fortitoken mobile was installed. Simply adjusting the time resolved the problem.

選擇權早盤當沖沒出掉 下午盤就會GG

當沖基本上就是早盤收盤要平倉，但有時後就是來不及，然後沒沖掉，就放到下午盤繼續等，但每次這樣子，就只會虧更多，唉!!!真的要照著計劃走，不能凹。

選擇權做賣方要買保險

 做了幾個月的選擇權賣方，一直都記得做賣方要保險，不然遇到一次爆漲或爆跌，就會GG。

所以就一直做雙賣，想說至少有一邊能補一下，而且都做日盤當沖，頂多就價外1~2檔的位置，也流動性也還不錯，做的比較安心。

如果價格往其中一邊衝太多，還是會虧損，所以還是會設停損。

下單的策略並不是完全中立，是會先抓今天偏多或空，就會順勢往價外一兩檔做雙賣。

就算方向對了，賺的速度會比賠的快，所以還是會賺，但行情衝過頭，賠的速度就會比賺的快，反而會開始賠錢，等於是獲利有限，虧損無限大。

所以需要在好好想想，這策略應該要調整一下。

Forti VPN連不上-- 'The server you want to connect to requests identification. Please choose a certificate and try again ( -5)'

 原本很舊的Forti防火牆升級後，有一些人的VPN就無法連線了，本來以為跟client端的vpn程式版本有關，因為公司內有4、5、6、7四種版本。

但後來發現這4個版本也都有不同的使用者可連上VPN，所以不是這個問題。

所以就用就錯誤訊息去查

後來是直接去IE的網際網路選項中，在進階設定裡把TLS1.1跟1.2打勾，就可以解決這個問題了。

Forti VPN cannot connect - 'The server you want to connect to requests identification. Please choose a certificate and try again (-5)'.

After upgrading an outdated Forti firewall, some people were unable to connect to the VPN. Initially, I thought it might be related to different versions of the VPN client software (versions 4, 5, 6, and 7) used within the company.

However, I later discovered that users with all four versions were able to connect to the VPN, so that wasn't the issue.

To troubleshoot, I investigated the error message further.

Eventually, I found that the solution was to go to the Internet Options in Internet Explorer and enable TLS 1.1 and 1.2 in the advanced settings. This resolved the problem.

卡巴斯基安全管理中心資料備份和還原程式 無法備份

 在升級卡巴斯基安全管理中心前，官方文件建議要用內建的資料備份和還原程式(Program Files (x86) Kaspersky Lab Kaspersky Security Center klbackup .exe)先做備份。

但在按下備份時，程式就會直接關閉，無法備份，沒任何訊息。

然後在事件檢視器裡，就找到一個相關的錯誤訊，原因是因為在執行備份時，會需要連上db，但目前登入的帳號是網域帳號，但當初安裝時是用本機帳號，所以會連不上db做備份，這時只要改用原本安裝的帳號來執行就可以備份了。

Before upgrading the Kaspersky Security Center, the official documentation recommends using the built-in data backup and restore program (Program Files (x86) Kaspersky Lab Kaspersky Security Center klbackup.exe) to perform a backup.

However, when pressing the backup button, the program immediately shuts down without any error message, making it impossible to create a backup.

Upon checking the Event Viewer, an error message related to the issue was found. The reason for this error is that during the backup process, a connection to the database (db) is required. However, the current logged-in account is a domain account, while the initial installation was performed using a local account. As a result, the backup process fails to establish a connection to the database. To resolve this issue, it is necessary to execute the backup using the original account used during installation.

卡巴斯基防毒的相關文件

 http://i-services.info/kaspersky/

代理商有個網站上面有相關的教學分享，不錯用。

Fortigate 免費的2個token刪除後無法加回..無法存取forti care

 Fortigate 本身就有含兩個token授權，可以指派其兩個帳號，做雙因子驗證使用。

在測試時，設備本身有簽維護，但版本很舊，在設定時發生一些狀況，後來就把它給刪了，想說應該可以重新加回來，上網找了一下，可以用全都是0的預設設號匯入就行了。

結果~不行，然後有一個按鈕是寫重新下載授權，按下去就跳出無法存取forti care，一整個搞不定。

明明就有維護，還不給我存取，最後就依廠商建議，系統太舊原廠不支援，升級到最新試試，就可以了。

After deleting the two free tokens on FortiGate, I couldn't add them back, and I couldn't access FortiCare.

FortiGate itself comes with two token licenses, allowing for the assignment of two accounts for two-factor authentication purposes.

During testing, the device had an existing maintenance agreement, but it was running on a very outdated version. While configuring it, some issues occurred, so I decided to delete it, thinking that I could add it back later. I searched online and found that I could import a default configuration with all zeros.

However, it didn't work. There was a button labeled "Re-download License," but when I clicked it, it showed an error message saying it couldn't access FortiCare. It was quite frustrating.

Despite having an active maintenance agreement, I was denied access. Finally, following the vendor's suggestion, I upgraded the system to the latest version, and that resolved the issue.

連兩週結算日翻船啊

 連續兩周的OP週結算都來個V轉，本來當週都有機會賺錢，最後都賠了。

結算日雙賣，做錯邊，基本上就跟做小台差不多的賺賠啊。

選擇權下單真是亂啊

 選擇權不像股票或期貨，今天你買了一張，如果又賣一張，帳戶就是0庫存。

但選擇權是可以同時存在買跟賣，所以下單前要先確認好現在是新倉還是平倉的選項，三不五時就會因為這個事情下錯單，真的很不爽，會因此產生不必要的虧損。

還有結算日時，明明要下結算日的合約，有時也會不小心下到新合約。

有時後就是因為這樣，原本當天要小賺的，就變小賠，白做工，真的要小心一點才行。