Category Archives: FortiGate

Connect to both Fortigates in an HA Cluster Separately

When you configure a FortiGate in HA, normally, there is no way connect to the second box unless you ssh…

By Manny Fernandez

May 6, 2020

Syslog Filtering on FortiGate Firewall & Syslog-NG

We recommend sending FortiGate logs to a FortiAnalyzer as it produces great reports and great, usable information.  However sometimes, you…

By Manny Fernandez

April 27, 2020

Troubleshooting FortClient VPN Connectivity Issues with FortiGate

As more and more users are using remote access VPNs and probably using FortiClient, I wanted to share the errors…

By Manny Fernandez

April 23, 2020

Restricting YouTube to Specific Channels on FortiGate Firewalls

Please note that YouTube is changing the way it categorizes content to comply with COPPA (Children's Online Privacy Protection Act). …

By Manny Fernandez

April 20, 2020

Adding Elastic IPs to AWS FortiGate to be used as VIPs

Lately I have been doing some AWS.  I am looking to get certified in the short-term.  I was struggling with…

By Manny Fernandez

March 25, 2020

Deploying a FortiAP as a remote AP for remote VPN access

A friend, colleague and fellow blogger Matt Sherif wrote a great article on using the FortiAP as a remote access…

By Manny Fernandez

March 21, 2020

Debugging Fortigate GUI from the CLI

Have you ever gotten a strange failure in the Fortigate GUI?  It is sometimes unclear to see what the issue…

By Manny Fernandez

March 6, 2020

SSL VPN Realms with Custom URLs

Had a friend write up a great article on using custom URLs for realms on the Fortigate using SSL VPNs.…

By Manny Fernandez

February 10, 2020

Bridged FortiAPs and Managing Remote Switches Across the Bridge

I cannot tell you how many times we run into this.  Sometimes its a stopgap for a customer that is…

By Manny Fernandez

February 2, 2020

VX-LAN over IPSec using Fortigate Firewalls

VXLAN is a tunneling protocol that encapsulates layer 2 frames into layer 3 UDP packets.  VXLANs allow you to create…

By Manny Fernandez

January 18, 2020

Policy Disclaimer Option in FortiOS 6.2.3

Yesterday I wrote an article about some advanced policy option in FortiOS 6.2.3.  Here is another one.  In System then Feature…

By Manny Fernandez

January 17, 2020

Policy Advanced Options in FortiOS 6.2.3

FortiOS 6.2.3 Introduced some interesting new features.  One of those features is the Policy Advanced Options in which some interesting new…

By Manny Fernandez

January 17, 2020

FortiWifi with Tunnel and Bridge SSIDs

If you have a FortiWiFi using the internal radio and want to offer a guest SSID that is in "Tunnel"…

By Manny Fernandez

January 11, 2020

What Diffie-Hellman (DH) Group Should I Use

There has been a lot around Diffie-Hellman groups and which ones to use.  Some think that the bigger the DH…

By Manny Fernandez

January 7, 2020

Fortinet Ports and Protocols

If you are ever wondering what ports needs to be open for various Fortinet products to interact and struggled to…

By Manny Fernandez

January 7, 2020

FortiAnalyzer Primer

Wanted to write an article about the FortiAnalyzer also known as FAZ .  FAZ is a great solution that is "CFO…

By Manny Fernandez

January 5, 2020

Troubleshooting BGP on Fortigate Firewalls

In my previous article regarding Wrong Way I did a lot of BGP troubleshooting and thought I would write an…

By Manny Fernandez

January 1, 2020

Wrong Egress Interface when using VPN

Today I was troubleshooting a problem with a site-to-site, route-based VPN.  Here was the skinny. The Setup I created two…

By Manny Fernandez

December 31, 2019

Password Recovery Options on the Fortigate firewall

Fortigate firewalls have a process for recovering a lost admin password.  You can reset the admin password or reset to…

By Manny Fernandez

December 14, 2019

Complex Passwords for your Fortigate Firewall

Many security frameworks such as NIST, COBIT as well as regulatory bodies such as PCI DSS, SOX, GLBA, HIPAA, etc…

By Manny Fernandez

December 11, 2019

Categories

Recent posts

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story