Running diagnose sniffer packet on Fortinet Fortigate unit outputs human-readable packet information and packet data . Only that sometimes you would like to have the traffic sniffed at Fortigate in Wireshark-readable format so that it can be analyzed by all powerful Wireshark. For this case Fortinet came up with the script …
Today I had to lower scanned files size on FOrtigate 80C. In the past it was a matter of few clicks in the good old version 3 via management GUI but in version 4 I spent some 20 minutes digging its GUI high and low and then finally opened Command …
Great news – now Fortigate supports exporting data flows statistics to an external server using sFlow protocol (twin of Netflow from the Cisco world). I configured it in about a minute and it just works. To collect the sFlow data I use nfdump/Nfsen , that I found to be the most …
Fortinet are doing a lot to keep us away from the command line. And that’s ok in 95% of the cases. But sooner or later you come to meet the 5% of the bad and the ugly when you have no access to the GUI at all. One late …
Everyone today speaks BGP: Cisco ,Juniper and ScreenOS firewalls, Fortigate does it, even SonicWall have it as planned feature. The opportunity to see how it works on Fortinet Fortigate firewall recently presented itself and here is the sum up of how I configured and debugged Fortigate BGP set up. Task …
UPDATE 2019: I updated the access details below. Also, if you work for a Fortinet partner you can request access to the demo appliances via Partner's Portal. As someone said best things in life are free. Here are links to the demo Forigate firewall, ForiAnalyzer and FortiManager open to access …
Recently I had to do late night restart of a Fortigate and was looking for "Reload in..." I found it, but in Fortigate it is a little different. It's called Daily Restart, and if you want to use it once you need to remember to remove this command later. config …
Note: This post was written for FortiOS version 2.8 and 3.x so some commands have changed, for updated debug steps please read Failed to connect to Fortiguard servers verification and debug updated Today I encountered otherwise easy to diagnose misconfiguration only that Fortinet decided to 'hide' this parameter …
Sometimes you can't set duplex/speed settings of the Fortigate interfaces. Important note: depends on which interface you are trying to set!. Upon careful examination turns out that you can't set duplex/speed settings of 4-port switch interfaces only, i.e. Internal interface of Fortigate 60, 60M, 100A, 200A, and …
Updated: 2022 You can't really debug VPN problems with static show commands, if VPN fails to function you HAVE to see it happening real-time. Below I list few debug commands to do just that for IPSEC site-to-site tunnels in Fortigate. Here: 192.168.168.254 - IP address on the LAN …