FortiGate Local-Out Routing: Controlling the Traffic the Firewall Sends Itself
Every FortiGate is two devices wearing one chassis. One of them is a firewall: it inspects traffic that arrives on...
Read MoreThe Complete FortiGate execute Command Reference
Every FortiGate admin knows execute ping. Most know execute backup config. Almost nobody knows what else is sitting in that...
Read MoreIs your FortiGate vulnerable to Management Access when using a FortiToken Push Notification
Every few months the same question lands in my inbox. A scanner report flags TCP/4433 open on a customer's WAN...
Read MoreSecuring the Purdue Model: A FortiGate OT Reference Architecture
1. Executive Summary Objective: This guide provides a production-grade reference architecture for retrofitting Fortinet OT security controls onto an existing...
Read MoreDeep Dive QUIC Explanation
Executive Summary Objective: This guide breaks down QUIC (RFC 9000/9001/9002) at the wire-format level, showing exactly how the transport establishes...
Read MoreThe Cisco Engineer’s Guide to FortiGate: A Side-by-Side CLI Rosetta Stone for IOS Veterans Landing on FortiOS
You have twenty years of muscle memory. You type conf t before your coffee finishes brewing. Then someone hands you...
Read MoreCisco Packet Tracer equivalent in FortiGate Firewall?
I deployed thousands of ASA firewalls when I was with the different partners. One of my favorite features on the...
Read MoreUsing host file equivalent on the FortiGate Firewall
Have you ever wanted to do some testing on a FortiGate using an FQDN verses an IP address? While FortiOS...
Read MoreThe Different Types of Networks: A Practitioner’s Field Guide
Ask ten engineers to define "a network" and you will get ten answers that are all correct and none of...
Read MoreDemystifying FortiAuthenticator: Deploying FortiAuthenticator as an LDAP Server for Centralized FortiGate Authentication
1. Executive Summary Objective: This guide turns a FortiAuthenticator (FAC) appliance or VM into a standalone LDAP directory that other...
Read MoreNeed to know information about FortiBleed
DISCLAIMER: Please see link above for the official Fortinet response on "FortiBleed" as of this writing 20260703 FortiBleed, in short:...
Read MoreIs your FortiGate vulnerable to Management Access when using a Let’s Encrypt Certificate
The underlying assumption that Let’s Encrypt requires you to expose your FortiGate's management console or administrative GUI via plain HTTP...
Read MoreBuilding Custom Application Signatures on FortiGate
FortiGate ships with thousands of built-in application signatures, but eventually you will hit traffic it does not recognize: an internal...
Read MoreiTerm2 Deep-Dive Configuration Guide for macOS
A practitioner-grade reference for configuring iTerm2, with emphasis on the powerful and rarely-documented features that separate a default install from...
Read MoreDeploying FortiGate Dynamic Device and OS Identification for Network Visibility and Asset Inventory
1. Executive Summary Objective: This guide walks through enabling and operationalizing FortiGate's Dynamic Device and OS Identification (device detection) so...
Read MoreDemystifying Regular Expressions (Regex) in Fortinet Environments
A Comprehensive Deep Dive, Best Practices, and Ready-to-Use Cheat Sheet 1. Introduction to Regex in FortiOS Regular Expressions (Regex) are...
Read MoreDNS Demystified: Lookup, Caching, Zones, Records, and Security from End to End
1. Executive Summary Objective: This guide explains exactly how DNS resolves a name into an answer, what happens at every...
Read MoreMastering Routing Administrative Distance: A FortiGate and Multi-Vendor Engineering Guide
1. Title and Executive Summary Objective: This guide explains how administrative distance (AD) governs route selection when a router learns...
Read MoreFortiGate-to-FortiGate GRE Tunnel Deployment Guide
Overview A FortiGate can build a strictly GRE tunnel to another FortiGate with no IPsec involved. FortiOS implements Generic Routing...
Read MoreBlocking Scribd Uploads on FortiGate Using Built-In FortiGuard Controls
Customer asked us how to block scribd uploads. I figured I would write an article and share with everyone. Executive...
Read More