A short word about this blog: There's a lot I could say, and some of it would actually be interesting, but the vast majority falls under one of two categories - Can't or Shouldn't. What appears here falls under the "everything else" category.

Buying cheap network hardware on Ebay

Been looking for a new broadband firewall forever now to replace my Linksys BEFSR41. Since I had to become a pseudo-sysadmin in a previous life, a relatively high-end hardware box is what I had in mind. Could have gone linux box w/iptables, but I don't have a lifetime to devote to this. Executive decision - it has to be appliance.

Okay, so I watch ebay forever and eventually come across an enterprise class appliance at a good price. Google the device and it seems to be something around $1,000 msrp. The vendor is an ebay aggregator (nameless for now) with a %100 rating over 2000 transactions. Looks good. I snipe in and get it at a steal - a real steal.

Fast forward past the 8 days it takes Fedex to deliver the damn thing. The box is here. Crank it up, reset to factory defaults, plug in to the management console, login with the factory default admin pw, so far so good. Setup an IP address, plug in the laptop, go to the web admin screen - oh, so sad, the admin login doesn't get you in. Syslog output claims that I've logged in correctly, but trying to run the setup wizard claims that I don't have the right permissions.

Okay, fart around for a long while to no effect. Remembering that routers/firewalls are typically (especially cisco) are locked down at multiple levels I decide to believe the setup wizard - I don't have the right permissions. So I shoot off a note to tech support basically asking for help. They get right back to me with the backdoor login that allows me to reset the administrator password. This is a fixed username and a password that is a fixed string plus the device serial number.

Okay - fire away - I plop in the specified strings at the console login and, surpise-surprise, no login. I find this puzzling, since the backdoor instructions are definitive, and the serial number is also unequivocally printed on a label on the back of the device. Then I look at the device. For one thing, the model number on the serial label isn't quite right, there should be a "GT" on the end. Okay, possibly trouble. Then I look at the device and realize that the cover's been removed - more than once as some of the screws are almost stripped.

Still, the device does respond appropriately to all CLI instructions, changes IP address on all interfaces appropriately. So what's the deal? I can think of X possibilities:

The damn thing is broken.
The damn thing is stolen.
The damn thing works and I just have to figure out the serial number.

I still think the thing probably works, and just has a "checkered" past. So I google the thing again, and quickly discover that this is actually a $7,000 device that I picked up for a LOT less than that. Hmmm. "Stolen" just moved up a few notches on the list of possibilities.

Okay, so now to push the issue. I haven't done anything wrong, yet, and although I'll try to avoid it, I can afford to lose the entire purchase price if the thing turns out to be hot or broken. So off we go to Fortinet Tech Support to see if they'll help somebody who doesn't have a support contract and DIDN'T PAY RETAIL. Tune in later ...