Fortigate




You CAN and probably should rename/delete the default admin user on Fortigate, here is how

Many best practices in security and regulations (PCI-DSS, NIST 800-53) demand or recommend renaming/deleting the default administrative accounts that come with the equipment. And every Fortinet product comes with the admin account built-in. Some people are afraid to lose administrative access by such changes, but with the Fortinet Fortigate …



Fortigate - doing SNAT and DNAT on the same traffic in traditional and Central NAT modes how-to

When the situation requires to translate both - source and destination addresses in incoming packets , it may be not obvious how to do so. In this article I will show how to do it in either usual NAT or Central NAT modes. Translate source IP address (SNAT) and Destination IP (DNAT …



Fortigate FortiOS 7.0 is out - what's new Visual Guide

On 30th of March Fortinet released FortiOS 7.0 for all the supported models (alas, many D series Fortigates like 500D, are not supported), and here is the visual walkthrough of changes that can be seen in GUI. Note All the videos below come without sound. New color themes were …



Fortigate Firewalls Hardware - CPU model and number, Memory (RAM) and hard disk size datasheet table

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …



Fortigate VM Evaluation License 15 Days Limitations Explained

Each Fortigate Virtual Machine (VM) image comes with built-in 15 days evaluation license which starts the moment you spin this image in your virtual environment - VMWare ESXi/WorkStation, KVM, GNS3, EVE-NG. Unfortunately, it comes with some limitations you should be aware of so not to waste your time trying to …



Failed to connect to Fortiguard servers verification and debug

Fortiguard is a subscription based service from Fortinet, where your Fortigate queries their servers in real-time for various services: Periodic checking of Fortigate subscription/license validity for Web Filtering/AppControl/AntiVirus/AntiSpam/DNS Filtering. Real-time querying for visited by users web sites rating. Periodic signatures updates for IPS/AppControl/AntiVirus …



50,000 VPN usernames and their passwords from Fortigates around the world were leaked last week – what you can do to prevent it from happening to you

Around 50,000 Fortigate VPN accounts from around the globe were leaked to the public Internet last week. Not really news anymore, you can learn details elsewhere. What I asked myself about that was – is there anything to be done to prevent or lower the damage of such vulnerabilities? The …



Nfdump netflow/sflow cookbook of examples

Start nfcapd netflow collector in a daemon mode listening on port 5001 with all extensions enabled and saving received netflow data into the named folder NFS-cisco-rtr. Accept netflow records only coming from the sender with the IP of 13.13.13.137 Read and print all records form a single …



Using external threat feeds in FortiGate has become much easier with 6.0 and 6.2 versions

Recently I had the opportunity to configure an external threat feed as a block list for the Fortigate and was pleasantly surprised by how much simpler it has become. Task at hand: Block incoming connections sourced from IP addresses supplied as a list by a 3rd party commercial Threat Intelligence …



Fortigate guest user accounts - create, edit, delete and deploy

The guest user accounts are special in Fortigate and unlike regular local Firewall user accounts. The flow of creating them is: Let's configure it. First, you create Groups, which serve, in this case, as a template for various parameters users can/must have later: User & Device -> User Groups -> New .. -> Type …