Table of Contents Introduction Change the default SSL VPN port 10443/443 to anything else Do not use local users for authentication, and if using - keep passwords elsewhere or/and enable MFA Enable Multi-Factor Authentication for VPN users Limit access to VPN SSL portal to specific IP addresses Move VPN …
Note The data is gathered via get hardware stat command. Note If you have access to the Fortigate model not listed here, please consider sending me output of get hardware stat to be included in the table to yuri@yurisk.info for the benefit of all of us. Note It …
Last updated: August 2020 PDF version of this post: Fortigate BGP cookbook of example configuration and debug commands.pdf BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned …
I already wrote how to delete the default admin account from the Fortigate https://yurisk.info/2021/06/09/rename-or-delete-default-fortigate-admin-administrator-account/, and today I will show you how to do the same in Fortianalyzer, Fortimanager, and Fortigate. Video: Your browser does not support the video tag. I also write cheat sheets …
I already wrote tips for upgrading your Fortigate HA cluster https://yurisk.info/2023/06/18/tips-on-upgrading-fortigate-in-ha-cluster/ , but didn’t include screenshots of the upgrade to illustrate what actually happens. Today I fix that - below are screenshots of the cluster upgrade I did, with description. It will be helpful to …
Not technical, but (hopefully) helpful list of tips learned the hard way by myself or from others before me. Color code your Terminal/CLI sessions. All terminals have this feature, I use SecureCRT and change background of the saved sessions according to the importance - backbone black, production - gray, lab - light …
Every technical field has its own jargon/abbreviations and it is true for the Fortinet world as well. The picture below lists major products with their code names as used by the community. I also write cheat sheets/scripts/guides to help in daily work, so make sure to check …
Table of Contents Sending test mail from FAZ Enable real-time debug Restart fazmaild mail daemon on FAZ Sending mails via default Frotinet servers Sending test mail from FAZ FAZ has a command to actually send a test mail that checks if sending mails to/via the configured mail server works …
Why did I do such report? Some of our clients are using VM Fortianalyzer (FAZ) which comes with the volume licensing of received logs, and so alerts frequently on logs intake exceeding this license. Other than buying additional license, I can drill down with the FAZ help on top policies …
Table of Contents Introduction Step by step instructions for CLI Instructions for GUI Introduction I want to talk today about the safety switch the Fortigate has for us when changing its configuration and something goes wrong. Most reputable vendors have such rollback-if-sh*t-happens - Juniper has commit confirmed , Cisco routers …