The general workflow is: Facts to know: Available server types: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip Server types ssl, https and all the SSL based ones are available in Proxy inspection mode of the Fortigate only. Only starting with FortiOS 6.2.1 https load balancing supports …

Facts to know: You use Dos protection by creating Dos policy (Policy & Objects -> IPv4/Ipv6 DoS Policy) in which you enable/modify anomalies. The list of anomalies is pre-set in any policy you create. You only have the choice which ones to enable and which ones not to. All anomalies …

Last updated: August 2020 BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned via eBGP routes. Uses route-map, aspath-list Force FG1 to advertise default route without having one …

Get a list of all the buckets under user account Recursively list contents of a given bucket yurisk.info Recursively list contents of a given bucket printing sizes in a friendly format List contents of a bucket, add summary for number of objects and their total size Get access-list associated …

Table of Contents Cheat sheet of debug commands Examples show configure port summary show config port eth 4/2 status show config port eth 4/1 statistics Measuring the traffic rate passing the interface Run ping between 2 ETXes show config system system-date show configure flows summary brief show configure …

Last updated: 19 December 2020 Get coronavirus/Covid-19 statistics for your country, real-time or historical Force curl not to show the progress bar Download a web page via GET request setting Chrome version 74 as the User-Agent. Download a web page via GET request setting Googlebot version 2.1 as …

I wrote this step by step walkthrough as an answer for the forum.fortinet.com here https://forum.fortinet.com/FindPost/183028 . This example uses Fortiweb 6.2.2 but the configuration is valid at least starting with 5.x. Problem: You want to route user requests according to the …

I'll say outright that FortiToken (be it a mobile app or a physical token) is the most secure and preferable way today for multi-factor authentication. The other two - SMS message and e-mail message are vulnerable to many attacks, including not so technically sofisticated SIM swapping. But sometimes less secure method …

Fortigate CLI commands can be long, like really long. And it is no fun to get an error running a command of 6 words because of the typo! The solution to this is simple - command aliases. Coming from the Cisco world I got used to creating command aliases as a …

This is the easiest question I got asked about the Fortigate/FortiWeb/etc. The GEO location database provider for all the Fortinet products has been the same for many years - it is Maxmind.com. Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on …