Fortigate Firewalls Hardware - CPU model and number, Memory (RAM) and hard disk size datasheet table

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …



Fortigate BGP cookbook of example configuration and debug commands

Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …



Network MTU maximum size path discovery (PMTU) testing with ping

MTU (MAximum Transmit Unit) plays central role in available throughput. And while with the Internet the maximum size isn’t going to surpass 1500 bytes, on MPLS/IPL/etc lines, owned by 1 provider, it is possible to get better MTU. THe easiest way to test for the maximum size …



Fortigate free VM Evaluation License is now permanent, not limited to 15 days, here is how to get it.

Starting with FortiOS 7.2.1, Fortinet removed built-in 15 days free evaluation license from the Fortigate VM images. It was replaced with the permanent evaluation license, still free. The steps to get it have changed - you now have to create a free Forticare/FortiCloud account, and use it inside …



GNU tar archive tool reference by example

Table of Contents Archive and gzip-compress the current folder with tar Archive and gzip-compress the current folder using maximal compression possible Set compression level as the GZIP environmental variable for gzip Set compression level by piping tar output to the gzip Use -I option for modern versions of tar Archive …



Fortigate Local-in policy configuration examples for VPN IPSec, VPN SSL, BGP and more

Table of Contents Introduction Allow VPN IPSec port 500, 4500, and protocol ESP access to specific IP addresses only Allow only to specific BGP peers to connect to the port 179 TCP SSL VPN - limit access to the port 10443 to a specific country, Israel in this example Deny all …



Aruba and HP switches debug and diagnostics commands cheat sheet

Table of Contents General Health Logs Interfaces VLANs Daemons Real-Time Debug Spanning Tree Protocol (STP) Routing Info Static BGP OSPF LLDP & MAC & CDP PoE DHCP NTP VSF (Virtual Switching Framework) Note All commands were tested on HP/Aruba 5400 switches (specifically 5406Rzl2), but will work on any model with recent …



How to downgrade Fortigate Fortios version without losing the configuration

Upgrading Fortigate Fortios version is easy: Find the correct upgrade path for the model you have https://docs.fortinet.com/upgrade-tool Back up the current configuration: Admin → Configuration → Backup If your Fortigate has an active subscription - upgrade directly from the Fortiguard servers, and if not - upload each Fortios image as …



FortiOS 7.2 New - diagnose debug flow in the GUI

One of the most helpful additions - 𝐝𝐢𝐚 𝐝𝐞𝐛𝐮𝐠 𝐟𝐥𝐨𝐰 is accessible in the GUI now. This can help when saving the trace for later analysis, or attaching it to the TAC case, or instructing someone less technical to do it. The usual CLI diaganose debug flow is there and not …



FortiOS 7.2 New - improved packet sniffer in the GUI

𝐅𝐨𝐫𝐭𝐢𝐎𝐒 7.2 𝐍𝐞𝐰: 𝐈𝐦𝐩𝐫𝐨𝐯𝐞𝐝 𝐩𝐚𝐜𝐤𝐞𝐭 𝐬𝐧𝐢𝐟𝐟𝐞𝐫 𝐢𝐧 𝐭𝐡𝐞 𝐆𝐔𝐈. This episode is about improved/re-worked packet sniffer in GUI. Most notable improvement is that we can see captured packets payload directly in the GUI! Video has no sound. Your browser does not support the video tag. Follow me on …