Category Archives: FortiGate

UPDATED – Certificate Pinning you SSL VPN with Microsoft CA and Fortigate Forticlient Using ‘user’ certificates

Customer wanted to ONLY allow devices that are trusted devices (owned by the customer) to connect using the ‘Full Access”…

By Manny Fernandez

May 15, 2019

Creating SPAN port on Fortigate By: Brent Klespies

Here is a blog post from a friend and colleague Brent Klespies I had a customer wondering how to create…

By Manny Fernandez

May 8, 2019

Troubleshooting NAT on Fortigate Firewall

When you want to validate that the Fortigate is doing NAT properly, there are a few things you can do.…

By Manny Fernandez

May 3, 2019

Fortigate / Scrutinizer NetFlow Deployment

Today I had a customer talking to me about Netflow and the Fortigate.  To demonstrate the functionality, I decided to…

By Manny Fernandez

May 2, 2019

Writting Custom IPS Signatures on Fortigate

Yesterday, I was playing around and wanted to create some custom IPS signatures.   Defining the signature Use Case -…

By Manny Fernandez

April 30, 2019

Secure LDAP and AD Password Change via Forticlient

First of all, I wanted to give credit to a good friend of mine (Brian Modlin) that hit me up…

By Manny Fernandez

April 20, 2019

Disabling Weak Ciphers on Fortigate Firewalls

A customer of mine sent me an email after having a vulnerability assessment done against his environment.  He got back…

By Manny Fernandez

April 14, 2019

Configuring LDAP Authentication for Remote Access VPN

The Fortigate platform allows for multiple authentication options for VPNs.  In the past, I used a lot of Cisco ASA…

By Manny Fernandez

April 9, 2019

Using OpenSSL for your SSL Decryption and distributing the cert via GPO

I have another post from a while back that uses Microsoft CA services which I will be updating in the…

By Manny Fernandez

April 7, 2019

Central NAT vs Policy NAT

In the past, Fortigate used what was known as 'Policy NAT' where the outbound NAT was defined in the policy.…

By Manny Fernandez

April 5, 2019

FortiAPs in Bridge Mode

A good friend and colleague of mine wrote a great Bridged AP configuration blog post using FortiAPs and I wanted…

By Manny Fernandez

March 27, 2019

Fortigate in One-Arm Sniffer Mode

Not sure if you got the 'Featured Image' (One Arm and the nose as the 'sniffer') OK.  I am done…

By Manny Fernandez

March 21, 2019

FortiView Capabilities

A few years ago, I worked for a reseller of networking and security.  I created their managed security services practice.…

By Manny Fernandez

March 18, 2019

Understanding Fortigate Logging

In this blog post, we are going to analyze some log files from my Fortigate to describe the different sections…

By Manny Fernandez

March 13, 2019

Configuring OSPF on Fortigate

The Fortigate is capable of doing OSPF, BGP, and RIP from a dynamic routing protocol perspective. It is pretty straight…

By Manny Fernandez

March 9, 2019

Fortigate FGCP vs FGSP for High Availability

Fortigate Clustering Protocol (FGCP) I have been working on Fortinet Fortigates for over two years now. Most customer that do…

By Manny Fernandez

March 6, 2019

Fortitoken with Active Directory on Fortigate

Yesterday I wrote a blogpost about two-factor authentication using Duo, Active Directory, Duo Proxy Auth and Fortigate. I mentioned that…

By Manny Fernandez

February 20, 2019

Duo Security 2FA with Fortigate Firewalls

Although Fortinet has a great 2FA solution (FortiToken) which is simple to use and does not require anything extra, there…

By Manny Fernandez

February 19, 2019

Gateway IP and interface conflict with Static Route 1

Fortigate 6.0.3 has a bug that will give you the "Gateway IP and interface conflict with Static Route 1” This…

By Manny Fernandez

February 12, 2019

Using Tags on the Fortigate Firewall

Tags are something that I have adopted into my workflow on most applications. I use Tags in Evernote, OmniFocus, macOS,…

By Manny Fernandez

February 12, 2019

Categories

Recent posts

  • Have you ever ordered a bunch of Fortinet gear... Full Story

  • Had a customer with over 200 static routes on... Full Story

  • This is a work in progress, I will be... Full Story