Fortigate BGP cookbook of example configuration and debug commands

Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …



Fortianalyzer Custom Reports from Custom Datasets Visual Guide How-to

In this short visual guide I will show how to create a custom report from your own SQL query in Fortianalyzer. Fortianalyzer comes with plethora of datasets and reports defined - more than 800. My issue with all of them - they are overly complex and are geared more towards C-level management …



Fortigate FortiOS 7.0 is out - what's new Visual Guide

On 30th of March Fortinet released FortiOS 7.0 for all the supported models (alas, many D series Fortigates like 500D, are not supported), and here is the visual walkthrough of changes that can be seen in GUI. Note All the videos below come without sound. New color themes were …



Fortigate Firewalls Hardware - CPU model and number, Memory (RAM) and hard disk size datasheet table

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …



Fortigate VM Evaluation License 15 Days Limitations Explained

Each Virtual Fortigate (VM) image comes with built-in 15 days evaluation license which starts the moment you spin this image in your virtual environment - VMWare ESXi/WorkStation, KVM, GNS3, EVE-NG. Unfortunately, it comes with some limitations you should be aware of so not to waste your time trying to debug …



Failed to connect to Fortiguard servers verification and debug

Fortiguard is a subscription based service from Fortinet, where your Fortigate queries their servers in real-time for various services: Periodic checking of Fortigate subscription/license validity for Web Filtering/AppControl/AntiVirus/AntiSpam/DNS Filtering. Real-time querying for visited by users web sites rating. Periodic signatures updates for IPS/AppControl/AntiVirus …



50,000 VPN usernames and their passwords from Fortigates around the world were leaked last week – what you can do to prevent it from happening to you

Around 50,000 Fortigate VPN accounts from around the globe were leaked to the public Internet last week. Not really news anymore, you can learn details elsewhere. What I asked myself about that was – is there anything to be done to prevent or lower the damage of such vulnerabilities? The …



Nfdump netflow/sflow cookbook of examples

Start nfcapd netflow collector in a daemon mode listening on port 5001 with all extensions enabled and saving received netflow data into the named folder NFS-cisco-rtr. Accept netflow records only coming from the sender with the IP of 13.13.13.137 Read and print all records form a single …



Using external threat feeds in FortiGate has become much easier with 6.0 and 6.2 versions

Recently I had the opportunity to configure an external threat feed as a block list for the Fortigate and was pleasantly surprised by how much simpler it has become. Task at hand: Block incoming connections sourced from IP addresses supplied as a list by a 3rd party commercial Threat Intelligence …



Fortigate guest user accounts - create, edit, delete and deploy

The guest user accounts are special in Fortigate and unlike regular local Firewall user accounts. The flow of creating them is: Let's configure it. First, you create Groups, which serve, in this case, as a template for various parameters users can/must have later: User & Device -> User Groups -> New .. -> Type …