Fortiguard is a subscription based service from Fortinet, where your Fortigate queries their servers in real-time for various services: Periodic checking of Fortigate subscription/license validity for Web Filtering/AppControl/AntiVirus/AntiSpam/DNS Filtering. Real-time querying for visited by users web sites rating. Periodic signatures updates for IPS/AppControl/AntiVirus …

Around 50,000 Fortigate VPN accounts from around the globe were leaked to the public Internet last week. Not really news anymore, you can learn details elsewhere. What I asked myself about that was – is there anything to be done to prevent or lower the damage of such vulnerabilities? The …

Table of Contents Introduction Start nfcapd netflow collector in a daemon mode listening on port 5001 with all extensions enabled and saving received netflow data into the named folder NFS-cisco-rtr. Accept netflow records only coming from the sender with the IP of 13.13.13.137 Read and print all …

Recently I had the opportunity to configure an external threat feed as a block list for the Fortigate and was pleasantly surprised by how much simpler it has become. Task at hand: Block incoming connections sourced from IP addresses supplied as a list by a 3rd party commercial Threat Intelligence …

The guest user accounts are special in Fortigate and unlike regular local Firewall user accounts. The flow of creating them is: Let's configure it. First, you create Groups, which serve, in this case, as a template for various parameters users can/must have later: User & Device -> User Groups -> New .. -> Type …

Is your IPS actually doing what you expect? You have to test your configurations, especially with the Intrusion Prevention System, which demands not only On/Off switch, but also tuning or it may become useless. With AntiVirus we have Eicar fake virus on eicar.org to download. With IPS there …

When the policy install fails on Fortimanager, it may mean many things as the process is quite complex with database/policy verification. But frequently, it happens because the communication tunnel between Fortimanager and Fortigate is down. The tunnel works on port 541, is encrypted (so we cannot see the contents …

Task: Taking the basic setup a step further, let's enable HTTPS protocol between clients and Fortiweb for the yurisk.com. Solution. Step 1. Create certificate signing request (CSR) to use in issuing the SSL certificate. I will use Ubuntu server. It does not have to be a server actually hosting …

Task: Continuing the Basic setup, we want to protect access to some pages, namely the root document "/" and "/treasure" with username and password. For this we want 2 kinds of users: local created on the Fortiweb, and remote residing in the Active Directory of the company. Even though it is …

Fortigate comes with some services allowed in incoming direction, even without any configuration done by you. Important to note is that in such pre-configured security rules the destination is mostly the Fortigate itself, sometimes its specific interfaces, sometimes all of the interfaces. That is, this does not allow access though …