Fortigate VPN SSL Hardening Guide

Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …



Fortigate Firewalls Hardware - CPU model and number, Memory (RAM) and hard disk size datasheet table

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …



Fortigate BGP cookbook of example configuration and debug commands

Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …



My networks talk to prisoner - help.

Help, my networks talk to prisoner. This was a funny one - client saw lots of DNS queries passing the Fortigate addressed at the prisoner.iana.org and was worried what this was about. No worry - it just means (misconfigured) clients in the LAN are trying to get PTR records for …



sFlow in Fortigate disables Hardware Acceleration

Do not use sFlow in Fortigate - use Netflow instead I was approached last month by 2 unrelated Fortigate admins with the same problem - slow performance of otherwise very beafy Fortigate models. After some digging in the configuration the culprit was found - there was enabled on WAN interface sFlow. sflow collects …



Fortinet products Fortigate Fortiweb Fortimail and others online demo access details

Be it to learn the interface or preparing for NSE 5, 6, 7 exams, having the access to the real device is the best way to retain the information. Fortinet make available online access to all of their products for demo purposes, all for free. If not mentioned otherwise, the …



Transfer FortiTokens Mobile (FTM) between Fortigates - visual guide.

Table of Contents Introduction Steps in transferring the tokens Steps in transferring the tokens with screenshots Open a ticket to the Customer Service Once CS in the ticket confirm the license was transferred Debug Resources Introduction You may need to transfer Mobile FortiTokens from the failed Fortigate, on which you …



Tips on Upgrading Fortigate in HA Cluster

Table of Contents Upgrade - what actually happens Tips on HA upgrades About rollback/downgrade Troubleshooting tips Upgrade - what actually happens When upgrading a Fortigate HA Cluster the following happens: Admin uploads new FortiOS image via GUI to the Active member. Active Fortigate verifies validity of the image (tampered/broken image …



Fortinet Support - Tips on opening tickets with their TAC to make them more effective

Table of Contents Introduction There are 2 ways to open a ticket - via phone, and on the web, use both of them, if needed. Have someone NSE 4 certified to open the ticket - gets you straight to the Level 2 Support. Ongoing communication - phone or email? If you work for …



Fortigate cannot delete VDOM or other object in use problem solution

I file it under "feature, not a bug" category - you are trying to delete some object, say VDOM, which is NOT actually used anywhere, but the Fortigate throws an error command fail. Return code -23. Fortigate keeps reference count of all objects at all times, and if for any given …