Category Archives: VPN

TCP Encpsulation of ESP Packets for VPN Tunnels

Have you ever worked with international customers that have governments that block IPsec traffic on the standard UDP 500 and…

By Manny Fernandez

July 30, 2024

Direct Access through Split Tunnel VPN

Use case:  Customer has a Split Tunnel Enabled but wants to route certain FQDN or IP addresses via the local…

By Manny Fernandez

April 3, 2023

Removing “Launch FortiClient” from FortiGate Web Portal VPN

I had a customer that had configured a Web Portal VPN and he did not want anyone using FortiClient since…

By Manny Fernandez

October 4, 2021

Dynamic DNS Split-Tunneling for FortiGate VPN

Today I had a partner reach out to me about Cisco's Dynamic Split Tunneling using AnyConnect.  Apparently this is a…

By Manny Fernandez

August 7, 2020

Decreasing Fail-Over Time for Multi-Homed VPNs using DPD.

Use case: Customer has two ISP connections at both sites. Two VPNs configured. ISP1 to ISP1 and ISP2 to ISP2.…

By Manny Fernandez

July 1, 2020

Deploying SSL VPNs Using Multiple Realms

Realms are a feature on the FortiGate that I have written about in the past, but I never really did…

By Manny Fernandez

May 26, 2020

FortiClient CLI for Linux using Realms

Last year I wrote an article about installing FortiClient on a Linux machine.  There were two options; CLI and GUI.  Today…

By Manny Fernandez

May 18, 2020

Limiting Protocols in FortiGate Web Access Portal VPN

When you connect to a FortiGate in Web Portal mode, by default, you are able to create bookmarks using HTTP/HTTPS,…

By Manny Fernandez

May 12, 2020

2-Factor Auth Using Email on FortiGate

Putting together a presentation I am giving to some customers and decided I wanted to put together an article with…

By Manny Fernandez

April 26, 2020

IPSec Remote Access VPN Naming Limitations on FortiGate

There is a 15 character limit on the interface names in FortiOS.  When using IPSec for remote access VPNs, it…

By Manny Fernandez

April 25, 2020

Troubleshooting FortClient VPN Connectivity Issues with FortiGate

As more and more users are using remote access VPNs and probably using FortiClient, I wanted to share the errors…

By Manny Fernandez

April 23, 2020

Running Post VPN Login Script

I have been getting asked this question since this coronavirus thing started.  I decided I would address it with an…

By Manny Fernandez

April 7, 2020

Create Custom Install Packages for FortiClient

When you are deploying FortiClient without EMS and you want to create an installation package with pre-configured VPN connections, here…

By Manny Fernandez

March 24, 2020

SSL VPN Realms with Custom URLs

Had a friend write up a great article on using custom URLs for realms on the Fortigate using SSL VPNs.…

By Manny Fernandez

February 10, 2020

VX-LAN over IPSec using Fortigate Firewalls

VXLAN is a tunneling protocol that encapsulates layer 2 frames into layer 3 UDP packets.  VXLANs allow you to create…

By Manny Fernandez

January 18, 2020

What Diffie-Hellman (DH) Group Should I Use

There has been a lot around Diffie-Hellman groups and which ones to use.  Some think that the bigger the DH…

By Manny Fernandez

January 7, 2020

Wrong Egress Interface when using VPN

Today I was troubleshooting a problem with a site-to-site, route-based VPN.  Here was the skinny. The Setup I created two…

By Manny Fernandez

December 31, 2019

Site-to-Site VPN with Checkpoint Stand-Alone

A colleague wanted to test VPNs to multiple platforms.  I set up a Checkpoint 1450, PAN 200, and an ASA…

By Manny Fernandez

November 15, 2019

Troubleshooting IPSec VPNs on Fortigate Firewalls

Lets start with a little primer on IPSec.  I am going to describe some concepts of IPSec VPNs. IPSec Primer…

By Manny Fernandez

November 12, 2019

Route-Based VPN between Cisco Router and Fortigate Firewall using OSPF

Earlier, I wrote an article showing how to do a VTI (Virtual Tunnel Interface) from a Cisco ASA to a…

By Manny Fernandez

November 10, 2019

Categories

Recent posts

  • Had a customer with over 200 static routes on... Full Story

  • This is a work in progress, I will be... Full Story

  • I have been playing with the free version of... Full Story