Fortiweb Cookbook: Most Basic Setup - One website, HTTP only, Round Robin load balancing between two physical servers, all protections on Alert only, Host header filtration

Task: publish website yurisk.com, hosted on 2 physical servers: server1 (10.10.10.13) and server2 (10.10.10.14). The site should be available on HTTP only, no HTTPS. Apply preconfigured protection Inline Alert Only. The website's IP address visible to clients is 192.168.13.92. Solution …



Fortigate virtual IP server load balancing configuration and debug

The general workflow is: Facts to know: Available server types: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip Server types ssl, https and all the SSL based ones are available in Proxy inspection mode of the Fortigate only. Only starting with FortiOS 6.2.1 https load balancing supports …



Fortigate DoS/DDoS sensor/policy rules configuration and verification

Facts to know: You use Dos protection by creating Dos policy (Policy & Objects -> IPv4/Ipv6 DoS Policy) in which you enable/modify anomalies. The list of anomalies is pre-set in any policy you create. You only have the choice which ones to enable and which ones not to. All anomalies …



AWS cli cookbook

Get a list of all the buckets under user account Recursively list contents of a given bucket yurisk.info Recursively list contents of a given bucket printing sizes in a friendly format List contents of a bucket, add summary for number of objects and their total size Get access-list associated …



RAD ETX 203, 205, 220 debug and information commands

Carrier Ethernet Devices by RAD (ETX-203AX, ETX-203AM, ETX-203AX-T, ETX-205A, ETX-220A) are quite popular with telco companies around the world for connecting end clients to the backbone at layer 2. And while reference documentation is available, I couldn't find the debug/information commands digest on the Internet at all. This post …



Curl cookbook

Last updated: 19 December 2020 Get coronavirus/Covid-19 statistics for your country, real-time or historical Force curl not to show the progress bar Download a web page via GET request setting Chrome version 74 as the User-Agent. Download a web page via GET request setting Googlebot version 2.1 as …



Fortiweb Cookbook: content routing based on URL configuration example

I wrote this step by step walkthrough as an answer for the forum.fortinet.com here https://forum.fortinet.com/FindPost/183028 . This example uses Fortiweb 6.2.2 but the configuration is valid at least starting with 5.x. Problem: You want to route user requests according to the …



Fortigate - enable e-mail as a two-factor authentication for a user and increase token timeout

I'll say outright that FortiToken (be it a mobile app or a physical token) is the most secure and preferable way today for multi-factor authentication. The other two - SMS message and e-mail message are vulnerable to many attacks, including not so technically sofisticated SMS swapping. But sometimes less secure method …



Fortigate CLI command alias to create shortcuts and save time

Fortigate CLI commands can be long, like really long. And it is no fun to get an error running a command of 6 words because of the typo! The solution to this is simple - command aliases. Coming from the Cisco world I got used to creating command aliases as a …



What GEO location database Fortinet products are using?

This is the easiest question I got asked about the Fortigate/FortiWeb/etc. The GEO location database provider for all the Fortinet products has been the same for many years - it is Maxmind.com.