Fortigate VPN SSL Hardening Guide

Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …



Fortigate Firewalls Hardware - CPU model and number, Memory (RAM) and hard disk size datasheet table

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …



Fortigate BGP cookbook of example configuration and debug commands

Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …



Fortigate cannot delete VDOM or other object in use problem solution

I file it under "feature, not a bug" category - you are trying to delete some object, say VDOM, which is NOT actually used anywhere, but the Fortigate throws an error command fail. Return code -23. Fortigate keeps reference count of all objects at all times, and if for any given …



Fortigate as DNS authoritative server with DNS database

Table of Contents Configuration Debug and diagnostics diag test application dnsproxy 8 diag test application dnsproxy 3 diagnose test app dnsproxy 2 diagnose test app dnsproxy 7 diagnose test app dnsproxy 6 diagnose test app dnsproxy 9 Windows DNS commands dnscmd server-name-or-IP /zoneinfo domain-name dnscmd server-name-or-IP /ZoneResetSecondaries domain-name dnscmd server-name-or-IP …



macOS mdfind examples cheat sheet

Table of Contents Introduction Find files with a given word in it Search for a word in file names only, not their contents Find a file with multiple keywords in its name Limit search to specific file format(s) Look up folder names Search for an exact match Search in …



tcpdump now shows interface names in its output, finally

Table of Contents Resources Actually it is not news - it happened with the new 4.99 tcpdump version starting 2 years ago. But most binary distributions still lack this version. So, I had to install it from sources even on the RHEL 9, the newest version. The steps are simple …



Fortigate end of support and end of life explained

When buying/renewing Fortigate firewalls it is important to take into account the Support/Updates life cycle. Fortinet use few terms in this regard we need to understand. End of Order Date The last date we can buy a particular model of the Fortigate. Those dates are individual for each …



Fortigate subscription expired, list of features that will continue to work

When subscription for Fortiguard-based services expires, many things will stop working, but a lot will continue to work still. Below is the full list of features in Fortigate that will continue working after the subscription expires. It also means these features work even if your Fortigate has never had the …



Fortigate buying used pre-owned firewall most frequently asked questions

Table of Contents Introduction Is it worth buying hardware Fortigate vs free VM evaluation one? Can I get a demo Fortigate appliance? Can I buy a used Fortigate from Fortinet? Is it OK/legal from the Fortinet standpoint to buy the firewall on the secondary market? Will I need a …