banner
img

FortiGate Local-Out Routing: Controlling the Traffic the Firewall Sends Itself

Manny Fernandez

Every FortiGate is two devices wearing one chassis. One of them is a firewall: it inspects traffic that arrives on...

Read More
img

The Complete FortiGate execute Command Reference

Manny Fernandez

Every FortiGate admin knows execute ping. Most know execute backup config. Almost nobody knows what else is sitting in that...

Read More
img

Is your FortiGate vulnerable to Management Access when using a FortiToken Push Notification

Manny Fernandez

Every few months the same question lands in my inbox. A scanner report flags TCP/4433 open on a customer's WAN...

Read More
img

Securing the Purdue Model: A FortiGate OT Reference Architecture

Manny Fernandez

1. Executive Summary Objective: This guide provides a production-grade reference architecture for retrofitting Fortinet OT security controls onto an existing...

Read More
img

Deep Dive QUIC Explanation

Manny Fernandez

Executive Summary Objective: This guide breaks down QUIC (RFC 9000/9001/9002) at the wire-format level, showing exactly how the transport establishes...

Read More
img

The Cisco Engineer’s Guide to FortiGate: A Side-by-Side CLI Rosetta Stone for IOS Veterans Landing on FortiOS

Manny Fernandez

You have twenty years of muscle memory. You type conf t before your coffee finishes brewing. Then someone hands you...

Read More
img

Cisco Packet Tracer equivalent in FortiGate Firewall?

Manny Fernandez

I deployed thousands of ASA firewalls when I was with the different partners.  One of my favorite features on the...

Read More
img

Using host file equivalent on the FortiGate Firewall

Manny Fernandez

Have you ever wanted to do some testing on a FortiGate using an FQDN verses an IP address?   While FortiOS...

Read More
img

The Different Types of Networks: A Practitioner’s Field Guide

Manny Fernandez

Ask ten engineers to define "a network" and you will get ten answers that are all correct and none of...

Read More
img

Demystifying FortiAuthenticator: Deploying FortiAuthenticator as an LDAP Server for Centralized FortiGate Authentication

Manny Fernandez

 1. Executive Summary Objective: This guide turns a FortiAuthenticator (FAC) appliance or VM into a standalone LDAP directory that other...

Read More
img

Need to know information about FortiBleed

Manny Fernandez

DISCLAIMER:  Please see link above for the official Fortinet response on "FortiBleed" as of this writing  20260703 FortiBleed, in short:...

Read More
img

Is your FortiGate vulnerable to Management Access when using a Let’s Encrypt Certificate

Manny Fernandez

The underlying assumption that Let’s Encrypt requires you to expose your FortiGate's management console or administrative GUI via plain HTTP...

Read More
img

Building Custom Application Signatures on FortiGate

Manny Fernandez

FortiGate ships with thousands of built-in application signatures, but eventually you will hit traffic it does not recognize: an internal...

Read More
img

iTerm2 Deep-Dive Configuration Guide for macOS

Manny Fernandez

A practitioner-grade reference for configuring iTerm2, with emphasis on the powerful and rarely-documented features that separate a default install from...

Read More
img

Deploying FortiGate Dynamic Device and OS Identification for Network Visibility and Asset Inventory

Manny Fernandez

1. Executive Summary Objective: This guide walks through enabling and operationalizing FortiGate's Dynamic Device and OS Identification (device detection) so...

Read More
img

Demystifying Regular Expressions (Regex) in Fortinet Environments

Manny Fernandez

A Comprehensive Deep Dive, Best Practices, and Ready-to-Use Cheat Sheet 1. Introduction to Regex in FortiOS Regular Expressions (Regex) are...

Read More
img

DNS Demystified: Lookup, Caching, Zones, Records, and Security from End to End

Manny Fernandez

1. Executive Summary Objective: This guide explains exactly how DNS resolves a name into an answer, what happens at every...

Read More
img

Mastering Routing Administrative Distance: A FortiGate and Multi-Vendor Engineering Guide

Manny Fernandez

1. Title and Executive Summary Objective: This guide explains how administrative distance (AD) governs route selection when a router learns...

Read More
img

FortiGate-to-FortiGate GRE Tunnel Deployment Guide

Manny Fernandez

Overview A FortiGate can build a strictly GRE tunnel to another FortiGate with no IPsec involved. FortiOS implements Generic Routing...

Read More
img

Blocking Scribd Uploads on FortiGate Using Built-In FortiGuard Controls

Manny Fernandez

Customer asked us how to block scribd uploads.  I figured I would write an article and share with everyone. Executive...

Read More