Category Archives: FortiGate

TCP Encpsulation of ESP Packets for VPN Tunnels

Have you ever worked with international customers that have governments that block IPsec traffic on the standard UDP 500 and…

By Manny Fernandez

July 30, 2024

Virtual Patching – Local-In management interface

Fortinet has a 1,000+ FortiGuard Labs team on cyber security professionals and because they ship twice as many devices than…

By Manny Fernandez

July 29, 2024

My FortiGate FortiOS CLI Bible’ish

General Recon get system status # Gather helpful info version, SN, etc. Debug WebUI activity diag debug cli 8 diag…

By Manny Fernandez

May 27, 2024

Cisco Wildcard Objects in FortiOS

Recently, I was working with a customer that had a lot of Cisco wildcard addresses in access-lists they were using…

By Manny Fernandez

May 26, 2024

FortiOS Link-Monitor Gotcha

When using link-monitor on FortiGate, there is a gotcha you may run into.  Link-monitor will allow you to ping (…

By Manny Fernandez

May 22, 2024

Multiple GUI Packet Captures at the same time

In FortiOS 7.4, Fortinet enhanced the ability to do multiple packet captures from the GUI.  This is very useful when…

By Manny Fernandez

May 7, 2024

Converting FortiGate CLI packet debug to PCAP file on macOS

Years ago, when I started using FortiGates, I had a Windows VM where I could run some utilities and so…

By Manny Fernandez

May 7, 2024

FortiGate Troubleshooting Sessions

There are many options when troubleshooting in FortiGate firewalls.  I am a BIG sniffer guy.  Anyone that knows me or…

By Manny Fernandez

April 6, 2023

FortiGate IPS IP Exemption

Have you ever had an IPS signature that continues to trigger falsely?  In case you did not know, we call…

By Manny Fernandez

April 4, 2023

Direct Access through Split Tunnel VPN

Use case:  Customer has a Split Tunnel Enabled but wants to route certain FQDN or IP addresses via the local…

By Manny Fernandez

April 3, 2023

Security Profile Groups

Have you ever configured a bunch of policies that use the same security profiles in FortiGate but suffer from click…

By Manny Fernandez

March 26, 2023

Fortinet SD WAN Packet Duplication

Fortinet dominates the SD WAN space.  I have worked with many SD WAN solutions as well as WAN OP solutions. …

By Manny Fernandez

March 23, 2023

Geo-Blocking with Local In Policy

Sometimes when you set up a standard policy to geo block some countries, you will still see attacks from certain…

By Manny Fernandez

February 10, 2022

FortiWiFi as WiFi Client

Recently, I had a customer come to me and wanted to know if there was a way to use a…

By Manny Fernandez

February 4, 2022

Quick Tip – Controlling Source Interface Traffic

In version 7.x of FortiOS there is now a GUI based option that can allow you to choose what interface…

By Manny Fernandez

October 10, 2021

Quick-Tip – Checking your Fortigate DB versions

By default, the FortiGate will reach out to FortiGuard Labs every 2 hours.  It will upgrade the various DB automatically. …

By Manny Fernandez

September 30, 2021

DNS Doctoring on FortiGate

Sometimes, you have a scenario where your internal servers or devices are using external DNS servers (e.g. 8.8.8.8 or 4.2.2.2…

By Manny Fernandez

August 2, 2021

Quick-Tip – Geography-Based Internet Services Databases

Sometimes you want to use the awesome feature of Internet Services Database from Fortinet.  The Internet Services Database is an…

By Manny Fernandez

March 16, 2021

Troubleshooting SIP on FortiGate Firewalls

Since I replaced my lab FortiGate firewall from a 300E to a 601E, I ended up breaking my FortiVoice system. …

By Manny Fernandez

March 8, 2021

FortiGate AD Polling with Windows Server 2003

Today, I was helping a customer set up Active Directory polling from a FortiGate firewall using the External Connector which…

By Manny Fernandez

February 22, 2021

Categories

Recent posts