Fortigate




Tips on Upgrading Fortigate in HA Cluster

Table of Contents Upgrade - what actually happens Tips on HA upgrades About rollback/downgrade Troubleshooting tips Upgrade - what actually happens When upgrading a Fortigate HA Cluster the following happens: Admin uploads new FortiOS image via GUI to the Active member. Active Fortigate verifies validity of the image (tampered/broken image …



Fortinet Support - Tips on opening tickets with their TAC to make them more effective

Table of Contents Introduction There are 2 ways to open a ticket - via phone, and on the web, use both of them, if needed. Have someone NSE 4 certified to open the ticket - gets you straight to the Level 2 Support. Ongoing communication - phone or email? If you work for …



Fortigate cannot delete VDOM or other object in use problem solution

I file it under "feature, not a bug" category - you are trying to delete some object, say VDOM, which is NOT actually used anywhere, but the Fortigate throws an error command fail. Return code -23. Fortigate keeps reference count of all objects at all times, and if for any given …



Fortigate as DNS authoritative server with DNS database

Table of Contents Configuration Debug and diagnostics diag test application dnsproxy 8 diag test application dnsproxy 3 diagnose test app dnsproxy 2 diagnose test app dnsproxy 7 diagnose test app dnsproxy 6 diagnose test app dnsproxy 9 Windows DNS commands dnscmd server-name-or-IP /zoneinfo domain-name dnscmd server-name-or-IP /ZoneResetSecondaries domain-name dnscmd server-name-or-IP …



Fortigate VPN SSL Hardening Guide

Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …



Fortigate end of support and end of life explained

When buying/renewing Fortigate firewalls it is important to take into account the Support/Updates life cycle. Fortinet use few terms in this regard we need to understand. End of Order Date The last date we can buy a particular model of the Fortigate. Those dates are individual for each …



Fortigate subscription expired, list of features that will continue to work

When subscription for Fortiguard-based services expires, many things will stop working, but a lot will continue to work still. Below is the full list of features in Fortigate that will continue working after the subscription expires. It also means these features work even if your Fortigate has never had the …



Fortigate buying used pre-owned firewall most frequently asked questions

Table of Contents Introduction Is it worth buying hardware Fortigate vs free VM evaluation one? Can I get a demo Fortigate appliance? Can I buy a used Fortigate from Fortinet? Is it OK/legal from the Fortinet standpoint to buy the firewall on the secondary market? Will I need a …



Fortigate administrator GUI authentication bypass critical vulnerability CVE-2022-40684 found

On 6th of October 2022, the Fortinet started circulating internally and to their clients preliminary alert that admin GUI vulnerability had been found. They released more details by now, but the whole picture regarding the exploitation path is not known yet. The vulnerability was assigned severity 9.6 (very high …



Fortigate free VM Evaluation License is now permanent, not limited to 15 days, here is how to get it.

Starting with FortiOS 7.2.1, Fortinet removed built-in 15 days free evaluation license from the Fortigate VM images. It was replaced with the permanent evaluation license, still free. The steps to get it have changed - you now have to create a free Forticare/FortiCloud account, and use it inside …