Articles tagged with #Fortigate




Disabling SSL Deep inspection proxy in Fortigate should be easier

This one can be filed under Fortinet ‘undocumented/unwanted’ feature rather than bug.The case in question: Fortigate 80C , firmware 4 something, all subscriptions are up-to-date, no crazy configurations, all looks fine... Until client adds to his LAN some back-up device that works by gathering data from clients installed on …



Finally GEO location blocking has arrived to Fortigate

It was predictable thing for Fortinet to do as everyone else has already been doing so. I haven’t verified myself but according to the informed source (can only say his name - Hen) they are using Maxmind database . So let’s see how to do it . First you create in …



Convert Fortigate diagnose sniffer packet output into tcpdump format understood by Wireshark

Running diagnose sniffer packet on Fortinet Fortigate unit outputs human-readable packet information and packet data . Only that sometimes you would like to have the traffic sniffed at Fortigate in Wireshark-readable format so that it can be analyzed by all powerful Wireshark. For this case Fortinet came up with the script …



Limit maximum size of scanned files in Fortigate firmware 4

Today I had to lower scanned files size on FOrtigate 80C. In the past it was a matter of few clicks in the good old version 3 via management GUI but in version 4 I spent some 20 minutes digging its GUI high and low and then finally opened Command …



Best open source Netflow/sFlow analyzing software

People ask me frequently what software I would recommend for Netflow analysis , especially with security implementations in mind. I made my choice a long ago and haven't been complaining so far - Nfsen graphical frontend that has Nfdump as its data processing backend . It provides most flexibility, configurability; its filter syntax …



Do not miss the long awaited addition to the Fortigate 4 MR2 – sFlow data export

Great news – now Fortigate supports exporting data flows statistics to an external server using sFlow protocol (twin of Netflow from the Cisco world). I configured it in about a minute and it just works. To collect the sFlow data I use nfdump/Nfsen , that I found to be the most …



Break free from the GUI dependency – checking Fortigate logs on the cli.

Fortinet are doing a lot to keep us away from the command line. And that’s ok in 95% of the cases. But sooner or later you come to meet the 5% of the bad and the ugly when you have no access to the GUI at all. One late …



MAC finder script

While I don't like going down to Layer 2 , recently I had to do it - I didn't know IP address of the Cisco router I wanted to connect to but I had access to the Cisco router sitting in the same network. That would be pretty easy to do #show …



Visio stencils for Cisco, Juniper, Fortinet, Checkpoint, Avaya

Some links to download Microsoft Visio stencils of the most popular vendors. Juniper Cisco Avaya BlueCoat Fortinet Dell Requires registration Checkpoint happen not to have official stencils set, only Nokia appliances stuff can be found. So someone volunteered and using icons/press releases/PowerPoint presentations done by the Checkpoint turned …



Fortigate BGP - configure and debug

Everyone today speaks BGP: Cisco ,Juniper and ScreenOS firewalls, Fortigate does it, even SonicWall have it as planned feature. The opportunity to see how it works on Fortinet Fortigate firewall recently presented itself and here is the sum up of how I configured and debugged Fortigate BGP set up. Task …