Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …

Last updated: August 2020 BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned via eBGP routes. Uses route-map, aspath-list Force FG1 to advertise default route without having one …

Table of Contents Introduction Case 1: OSPF Adjacency Forming but no routes are exchanged due to Mismatched Network Types Case 2: OSPF Adjacency Not Forming due to Mismatched Hello and/or Dead Intervals Mismatched Dead interval only Case 3: OSPF Adjacency Not Forming due to Mismatched MTU Case 4: Mismatched …

Fortinet changed the license/usage terms for FortiToken Mobile (FTM) and FTMs bought starting 4th of August 2025 will NOT be transferable anymore except for RMA cases. This affects both - Fortigate and FortiAuthenticator registered FTMs. This means if you want to move FTM tokens bought after that day to another …

Table of Contents Introduction Initial Setup SLB Configuration Case 1: 2 HTTP port 80 real servers, Round-robin load balancing, HTTP Status healthcheck, Layer 7 Case 2: Same servers as above, but in addition make vpn.yurisk.com available only in the hours 08:00-20:30 and make Health Checks check …

Table of Contents Intro Local/Static Domain Filter Remote Category Fortiguard-based Categories Domains Feed IP addresses feed DNS Translation Applying the DNS Filter Profile on the Fortigate Interface Protecting Internal DNS Server Inspecting Encrypted DNS Traffic Debug and Verification Intro Few facts to remember: The DNS query/response traffic HAS …

Table of Contents Important facts to know Static URL Filter FortiGuard Category based Web filtering Category cache verification Action - Authenticate Allow User Override Usage Quota Custom/local Categories and Web rating Override Remote Category filter for external threat feed Search Engines Safe Search and Vimeo Rate by both IP Address …

Table of Contents Important facts Block downloading PDF and MP4 files (FortiOS up to 7.2.4) File Filter (all versions of FortiOS, no lic needed) Fortigate up to 7.2.4 Fortigate 7.2.4 or newer Block uploading/downloading documents containing SSN or/and Credit Card numbers (7 …

Table of Contents Intro Decide whether to use Wildcard user on FAZ/FMG/FGT or only specific users. RADIUS Configuration - Windows NPS Install Network Policy Role (NPS) Open NPS management console Integrate NPS with local Active Directory Create in NPS console RADIUS clients signifying each network device (FGT, FAZ, FMG …