I'll say outright that FortiToken (be it a mobile app or a physical token) is the most secure and preferable way today for multi-factor authentication. The other two - SMS message and e-mail message are vulnerable to many attacks, including not so technically sofisticated SIM swapping. But sometimes less secure method …
Fortigate CLI commands can be long, like really long. And it is no fun to get an error running a command of 6 words because of the typo! The solution to this is simple - command aliases. Coming from the Cisco world I got used to creating command aliases as a …
This is the easiest question I got asked about the Fortigate/FortiWeb/etc. The GEO location database provider for all the Fortinet products has been the same for many years - it is Maxmind.com. Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on …
Starting with the FortiOS 5.x Fortinet have a built-in iperf3 client in Fortigate so we can load test connected lines. If new to iperf, please read more here iperf.fr. iperf in Fortigate comes with some limitations and quirks, so let's have a better look at them: - The version …
Entering each time username and password isn’t fun when doing it daily to the same equipment. Saving password in some automated script (Paramiko, Expect, etc) is not very secure per se. Using the SSH private/public key pair, on the other hand, answers all the needs – easy, secure, time …
This one can be filed under Fortinet ‘undocumented/unwanted’ feature rather than bug.The case in question: Fortigate 80C , firmware 4 something, all subscriptions are up-to-date, no crazy configurations, all looks fine... Until client adds to his LAN some back-up device that works by gathering data from clients installed on …
It was predictable thing for Fortinet to do as everyone else has already been doing so. I haven’t verified myself but according to the informed source (can only say his name - Hen) they are using Maxmind database . So let’s see how to do it . First you create in …
Running diagnose sniffer packet on Fortinet Fortigate unit outputs human-readable packet information and packet data . Only that sometimes you would like to have the traffic sniffed at Fortigate in Wireshark-readable format so that it can be analyzed by all powerful Wireshark. For this case Fortinet came up with the script …
Today I had to lower scanned files size on FOrtigate 80C. In the past it was a matter of few clicks in the good old version 3 via management GUI but in version 4 I spent some 20 minutes digging its GUI high and low and then finally opened Command …
Great news – now Fortigate supports exporting data flows statistics to an external server using sFlow protocol (twin of Netflow from the Cisco world). I configured it in about a minute and it just works. To collect the sFlow data I use nfdump/Nfsen , that I found to be the most …