Category Archives: FortiGate

Fortimanager – Dynamic Interfaces and how to use them

Fortimanager is a centralized configuration and management solution for Fortinet devices.  Although the ENTIRE line of Fortinet product are not…

By Manny Fernandez

June 20, 2019

Useful Fortiswitch CLI commands and settings

So I "grew up" on the Cisco CLI.  Later moved to Linux and loved it.  I am now on a…

By Manny Fernandez

June 8, 2019

Fortigate DHCP and Microsoft Dynamic DNS

Remote branches that utilize Fortigate's DHCP do not update Microsoft DNS servers automagically.  Fortinet does not have a syncing feature…

By Manny Fernandez

May 22, 2019

Administering the Fortigate Firewall with LDAP Credentials

I am a big fan of having a centralized directory of users.  This makes it easy when that serial, crazy…

By Manny Fernandez

May 21, 2019

Route-Map on Fortigate

Often times you need to create a route map on a device to control what routes the device is advertising.…

By Manny Fernandez

May 20, 2019

UPDATED – Certificate Pinning you SSL VPN with Microsoft CA and Fortigate Forticlient Using ‘user’ certificates

Customer wanted to ONLY allow devices that are trusted devices (owned by the customer) to connect using the ‘Full Access”…

By Manny Fernandez

May 15, 2019

Creating SPAN port on Fortigate By: Brent Klespies

Here is a blog post from a friend and colleague Brent Klespies I had a customer wondering how to create…

By Manny Fernandez

May 8, 2019

Troubleshooting NAT on Fortigate Firewall

When you want to validate that the Fortigate is doing NAT properly, there are a few things you can do.…

By Manny Fernandez

May 3, 2019

Fortigate / Scrutinizer NetFlow Deployment

Today I had a customer talking to me about Netflow and the Fortigate.  To demonstrate the functionality, I decided to…

By Manny Fernandez

May 2, 2019

Writting Custom IPS Signatures on Fortigate

Yesterday, I was playing around and wanted to create some custom IPS signatures.   Defining the signature Use Case -…

By Manny Fernandez

April 30, 2019

Secure LDAP and AD Password Change via Forticlient

First of all, I wanted to give credit to a good friend of mine (Brian Modlin) that hit me up…

By Manny Fernandez

April 20, 2019

Disabling Weak Ciphers on Fortigate Firewalls

A customer of mine sent me an email after having a vulnerability assessment done against his environment.  He got back…

By Manny Fernandez

April 14, 2019

Configuring LDAP Authentication for Remote Access VPN

The Fortigate platform allows for multiple authentication options for VPNs.  In the past, I used a lot of Cisco ASA…

By Manny Fernandez

April 9, 2019

Using OpenSSL for your SSL Decryption and distributing the cert via GPO

I have another post from a while back that uses Microsoft CA services which I will be updating in the…

By Manny Fernandez

April 7, 2019

Central NAT vs Policy NAT

In the past, Fortigate used what was known as 'Policy NAT' where the outbound NAT was defined in the policy.…

By Manny Fernandez

April 5, 2019

FortiAPs in Bridge Mode

A good friend and colleague of mine wrote a great Bridged AP configuration blog post using FortiAPs and I wanted…

By Manny Fernandez

March 27, 2019

Fortigate in One-Arm Sniffer Mode

Not sure if you got the 'Featured Image' (One Arm and the nose as the 'sniffer') OK.  I am done…

By Manny Fernandez

March 21, 2019

FortiView Capabilities

A few years ago, I worked for a reseller of networking and security.  I created their managed security services practice.…

By Manny Fernandez

March 18, 2019

Understanding Fortigate Logging

In this blog post, we are going to analyze some log files from my Fortigate to describe the different sections…

By Manny Fernandez

March 13, 2019

Configuring OSPF on Fortigate

The Fortigate is capable of doing OSPF, BGP, and RIP from a dynamic routing protocol perspective. It is pretty straight…

By Manny Fernandez

March 9, 2019

Categories

Recent posts

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story