Displaying posts written in

June 2009

Jun
20
2009

Don't rely on SmartViewTracker only – it may lie

Funny case of WYSIWYG misleading the uninitiated. The case involved a seemingly normally functioning firewall Checkpoint which after a client created rule to allow FTP from any to his server in DMZ (no Nat involved) refused to allow connections though. The client being quite experienced himself entered SmartViewTracker did filter on the rule (here rule [...]

Jun
19
2009

Failed to connect to Fortiguard servers

Today encountered otherwise easy to diagnose misconfiguration only that Fortinet decided to ‘hide’ this parameter deep enough so that it got on my nerves until I fixed it.
NOTE : Fortiguard is subscription based service when your Fortigate unit periodically
connects to the Fortinet servers (collectively named Fortiguard servers) to get info that enables advanced
feautures [...]

Jun
12
2009

Website/malware categorization in eSafe

If some website gets blocked by eSafe for being categorized wrongly you
may fix it actually very simple. You enter the link below and change the website category; this takes some time , usually from few hours up to a day,for the change to take effect. If website has no category already then [...]

Jun
10
2009

You can't set duplex/speed settings of the Fortigate interfaces?

You can’t set duplex/speed settings of the Fortigate interfaces.
Important FIX: depends on which interface you are trying to set! [ Thanks to Chen for pointing out ]
Upon careful reexamination turns out that you can’t set duplex/speed settings of 4-port switch interfaces only, i.e. Internal interface of Fortigate 60, 60M, 100A, 200A, [...]