Fortigate VPN SSL Hardening Guide

Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …



Fortigate Firewalls Hardware - CPU model and number, Memory (RAM) and hard disk size datasheet table

Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …



Fortigate BGP cookbook of example configuration and debug commands

Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …



Fortigate - revert configuration as a safety measure, analog to Cisco reload in, or Juniper commit confirmed

Table of Contents Introduction Step by step instructions for CLI Instructions for GUI Introduction I want to talk today about the safety switch the Fortigate has for us when changing its configuration and something goes wrong. Most reputable vendors have such rollback-if-sh*t-happens - Juniper has commit confirmed , Cisco routers …



Fortigate fnsysctl command options with examples

Table of Contents fnsysctl ifconfig fnsysctl ls fnsysctl cat fnsysctl date fnsysctl df fnsysctl du fnsysctl pwd fnsysctl ps fnsysctl kill fnsysctl killall fnsysctl mv fnsysctl printenv fnsysctl grep Important facts about fnsysctl command: You have to log in with a user having super_admin profile. For VM Fortigate, it has …



Fortigate - set filters on logs exported to Fortianalyzer or Syslog

Table of Contents Some Facts Why Some Facts Free-style filtering is per category, so any filter you configure is for a specific category of logs only, e.g. Events, UTM. You can filter on ANY field in the raw log Value for the filter allows wildcard * which matches anything. Behavior …



Fortigate - switch from NAT to transparent mode error fix

When trying to switch a Fortigate from NAT mode to the Transparent one, we get an error about Fortilink interface being used. The official docs just say to delete Fortilink from all used settings, but not how. This article shows where and how. The error: config sys settings set opmode …



Fortinet-related blogs to read

Blogs and other resources to read on Fortinet products - Fortigate, Fortianalyzers, Fortimanager and such Here are some Fortinet-related technical blogs I read. If you have additional blogs/sites to recommend - send me to add. https://www.ultraviolet.network/blog Matt Sherif’s blog. Matt is a System Engineer at Fortinet …



Send logs from non-Fortinet devices to Fortianalyzer via Syslog

Can we send logs from non-Fortinet devices to the Fortianalyzer? This question pops up from time to time and the short answer is yes, for sure - any device that can send its logs in syslog format (read any device of Enterprise level today), can also send the logs to Fortianalyzer …



Collection of Fortigate Automation Stitches

Table of Contents Collection Important facts All about email alerts Debug Automation Stitches Collection Collection I collected some Fortigate automation stitches I use in production systems to either alert me in real time on outstanding events, or run debug/maintenance action without manual intervention. The collection is here https://github …