Category Archives: FortiGate

Deploying FortiAIOps in my ProxMox Lab

Pre-installation Requirements Ensure that the following requirements are met before proceeding with the installation. Supported Environments Supported environments include: -…

By Manny Fernandez

February 14, 2026

Host Header Based NAT’ng

Use Case Well, its not 100% Network Address Translation, although it does do just that. The Use Case is as…

By Manny Fernandez

January 30, 2026

InfoSec Monkey Lab – Update

Getting a new server and setting up the new lab.  I will be creating a detailed post and possibly a…

By Manny Fernandez

January 26, 2026

Convert FortiGate Sniffer Packet Capture to PCAP

In 2024, I wrote an article about converting a diag sniffer packet capture with a verbosity of 3,5 or 6…

By Manny Fernandez

January 25, 2026

MAC Sticky Ports on FortiSwitch

I have a customer that is using point-of-sale devices that are connected via wired Ethernet connections.  One of the counter-measures…

By Manny Fernandez

January 18, 2026

Mass Create Objects in FortiGate with Python

Had a customer with over 200 static routes on their Cisco Nexus core switch.  We are deploying FortiGates as Internal…

By Manny Fernandez

April 28, 2025

TCP Encpsulation of ESP Packets for VPN Tunnels

Have you ever worked with international customers that have governments that block IPsec traffic on the standard UDP 500 and…

By Manny Fernandez

July 30, 2024

Virtual Patching – Local-In management interface

Fortinet has a 1,000+ FortiGuard Labs team on cyber security professionals and because they ship twice as many devices than…

By Manny Fernandez

July 29, 2024

My FortiGate FortiOS CLI Bible’ish

General Recon get system status # Gather helpful info version, SN, etc. Debug WebUI activity diag debug cli 8 diag…

By Manny Fernandez

May 27, 2024

Cisco Wildcard Objects in FortiOS

Recently, I was working with a customer that had a lot of Cisco wildcard addresses in access-lists they were using…

By Manny Fernandez

May 26, 2024

FortiOS Link-Monitor Gotcha

When using link-monitor on FortiGate, there is a gotcha you may run into.  Link-monitor will allow you to ping (…

By Manny Fernandez

May 22, 2024

Multiple GUI Packet Captures at the same time

In FortiOS 7.4, Fortinet enhanced the ability to do multiple packet captures from the GUI.  This is very useful when…

By Manny Fernandez

May 7, 2024

Converting FortiGate CLI packet debug to PCAP file on macOS

Years ago, when I started using FortiGates, I had a Windows VM where I could run some utilities and so…

By Manny Fernandez

May 7, 2024

FortiGate Troubleshooting Sessions

There are many options when troubleshooting in FortiGate firewalls.  I am a BIG sniffer guy.  Anyone that knows me or…

By Manny Fernandez

April 6, 2023

FortiGate IPS IP Exemption

Have you ever had an IPS signature that continues to trigger falsely?  In case you did not know, we call…

By Manny Fernandez

April 4, 2023

Direct Access through Split Tunnel VPN

Use case:  Customer has a Split Tunnel Enabled but wants to route certain FQDN or IP addresses via the local…

By Manny Fernandez

April 3, 2023

Security Profile Groups

Have you ever configured a bunch of policies that use the same security profiles in FortiGate but suffer from click…

By Manny Fernandez

March 26, 2023

Fortinet SD WAN Packet Duplication

Fortinet dominates the SD WAN space.  I have worked with many SD WAN solutions as well as WAN OP solutions. …

By Manny Fernandez

March 23, 2023

Geo-Blocking with Local In Policy

Sometimes when you set up a standard policy to geo block some countries, you will still see attacks from certain…

By Manny Fernandez

February 10, 2022

FortiWiFi as WiFi Client

Recently, I had a customer come to me and wanted to know if there was a way to use a…

By Manny Fernandez

February 4, 2022

Categories

Recent posts

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story