Articles tagged with #Fortigate




Fortigate virtual IP server load balancing configuration and debug

The general workflow is: Facts to know: Available server types: http, https, imaps, pop3s, smtps, ssl, tcp, udp, ip Server types ssl, https and all the SSL based ones are available in Proxy inspection mode of the Fortigate only. Only starting with FortiOS 6.2.1 https load balancing supports …



Fortigate DoS/DDoS sensor/policy rules configuration and verification

Facts to know: You use Dos protection by creating Dos policy (Policy & Objects -> IPv4/Ipv6 DoS Policy) in which you enable/modify anomalies. The list of anomalies is pre-set in any policy you create. You only have the choice which ones to enable and which ones not to. All anomalies …



Fortigate BGP cookbook of example configuration and debug commands

Last updated: May 2020 BGP with two ISPs for multi-homing, each advertising default gateway and full routing table. Uses route-map, prefix list, weight Prevent our Fortigate from becoming a transit AS, do not advertise learned via eBGP routes. Uses route-map, aspath-list Force FG1 to advertise default route without having one …



Fortigate - enable e-mail as a two-factor authentication for a user and increase token timeout

I'll say outright that FortiToken (be it a mobile app or a physical token) is the most secure and preferable way today for multi-factor authentication. The other two - SMS message and e-mail message are vulnerable to many attacks, including not so technically sofisticated SMS swapping. But sometimes less secure method …



Fortigate CLI command alias to create shortcuts and save time

Fortigate CLI commands can be long, like really long. And it is no fun to get an error running a command of 6 words because of the typo! The solution to this is simple - command aliases. Coming from the Cisco world I got used to creating command aliases as a …



What GEO location database Fortinet products are using?

This is the easiest question I got asked about the Fortigate/FortiWeb/etc. The GEO location database provider for all the Fortinet products has been the same for many years - it is Maxmind.com.



Fortigate has iperf client for traffic testing built in, here are all the details

Starting with the FortiOS 5.x Fortinet have a built-in iperf3 client in Fortigate so we can load test connected lines. If new to iperf, please read more here iperf.fr. Iperf in Fortigate comes with some limitations and quirks, so let's have a better look at them: - The version …



Fortigate ssh access with certificate authentication

Entering each time username and password isn’t fun when doing it daily to the same equipment. Saving password in some automated script (Paramiko, Expect, etc) is not very secure per se. Using the SSH certificates, on the other hand, answers all the needs – easy, secure, time saving. Here is …



Disabling SSL Deep inspection proxy in Fortigate should be easier

This one can be filed under Fortinet ‘undocumented/unwanted’ feature rather than bug.The case in question: Fortigate 80C , firmware 4 something, all subscriptions are up-to-date, no crazy configurations, all looks fine... Until client adds to his LAN some back-up device that works by gathering data from clients installed on …



Finally GEO location blocking has arrived to Fortigate

It was predictable thing for Fortinet to do as everyone else has already been doing so. I haven’t verified myself but according to the informed source (can only say his name - Hen) they are using Maxmind database . So let’s see how to do it . First you create in …