Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …

Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …

Table of Contents Intro Local/Static Domain Filter Remote Category Fortiguard-based Categories Domains Feed IP addresses feed DNS Translation Applying the DNS Filter Profile on the Fortigate Interface Protecting Internal DNS Server Inspecting Encrypted DNS Traffic Debug and Verification Intro Few facts to remember: The DNS query/response traffic HAS …

Table of Contents Important facts to know Static URL Filter FortiGuard Category based Web filtering Category cache verification Action - Authenticate Allow User Override Usage Quota Custom/local Categories and Web rating Override Remote Category filter for external threat feed Search Engines Safe Search and Vimeo Rate by both IP Address …

Table of Contents Important facts Block downloading PDF and MP4 files (FortiOS up to 7.2.4) File Filter (all versions of FortiOS, no lic needed) Fortigate up to 7.2.4 Fortigate 7.2.4 or newer Block uploading/downloading documents containing SSN or/and Credit Card numbers (7 …

Table of Contents Intro Decide whether to use Wildcard user on FAZ/FMG/FGT or only specific users. RADIUS Configuration - Windows NPS Install Network Policy Role (NPS) Open NPS management console Integrate NPS with local Active Directory Create in NPS console RADIUS clients signifying each network device (FGT, FAZ, FMG …

Table of Contents Introduciton Create and save new Connection Session Change appearance - increase font etc. Send the same command to multiple open SSH sesisons Introduciton Sometimes, you have to work with the tools you were given, and while I’m adept of SecureCRT for all things SSH, recently I had …

I already wrote how to delete the default admin account from the Fortigate https://yurisk.info/2021/06/09/rename-or-delete-default-fortigate-admin-administrator-account/, and today I will show you how to do the same in Fortianalyzer, Fortimanager, and Fortigate. Video: Your browser does not support the video tag. I also write cheat sheets …

I already wrote tips for upgrading your Fortigate HA cluster https://yurisk.info/2023/06/18/tips-on-upgrading-fortigate-in-ha-cluster/ , but didn’t include screenshots of the upgrade to illustrate what actually happens. Today I fix that - below are screenshots of the cluster upgrade I did, with description. It will be helpful to …