Articles tagged with #Fortigate




MAC finder script

While I don't like going down to Layer 2 , recently I had to do it - I didn't know IP address of the Cisco router I wanted to connect to but I had access to the Cisco router sitting in the same network. That would be pretty easy to do #show …



Visio stencils for Cisco, Juniper, Fortinet, Checkpoint, Avaya Updated for 2020

Updated for 2020. Some links to download Microsoft Visio stencils of the most popular vendors. Juniper Cisco Avaya BlueCoat Fortinet Dell Requires registration Checkpoint happen not to have official stencils set, only Nokia appliances stuff can be found. So someone volunteered and using icons/press releases/PowerPoint presentations done by …



Fortigate BGP - configure and debug

Everyone today speaks BGP: Cisco ,Juniper and ScreenOS firewalls, Fortigate does it, even SonicWall have it as planned feature. The opportunity to see how it works on Fortinet Fortigate firewall recently presented itself and here is the sum up of how I configured and debugged Fortigate BGP set up. Task …



Difference between ebgp-multihop and ttl-security.

Once upon a time reading some CCIE paper at work I asked myself a question : “Why would someone bother to invent ttl-security and even write RFC 5082 The Generalized TTL Security Mechanism (GTSM) about it when multi-hop EBGP feature provides the same end result ?” . First some background. For some reasons …



Fortigate firewall demo free access. Also FortiManager and FortiAnalyzer

UPDATE 2019: I updated the access details below. Also, if you work for a Fortinet partner you can request access to the demo appliances via Partner's Portal. As someone said best things in life are free. Here are links to the demo Forigate firewall, ForiAnalyzer and FortiManager open to access …



Scheduled Daily Reboot of FortiGate

Recently I had to do late night restart of a Fortigate and was looking for "Reload in..." I found it, but in Fortigate it is a little different. It's called Daily Restart, and if you want to use it once you need to remember to remove this command later. config …



Ping – setting don't fragment bit in Linux/FreeBSD/Solaris/Cisco/Juniper

Ping. Many times while debugging network problems of various kinds you need to send some packets of desirable size and don’t fragment bit being set. I list below how to do it for the different equipment/OSes. Let’s start with the most popular operating system among network folks …



Failed to connect to Fortiguard servers

Today I encountered otherwise easy to diagnose misconfiguration only that Fortinet decided to 'hide' this parameter deep enough. NOTE : Fortiguard is subscription based service when your Fortigate unit periodically connects to the Fortinet servers (collectively named Fortiguard servers) to get info that enables advanced features like URL filtering by category …



You can't set duplex/speed settings of the Fortigate interfaces?

Sometimes you can't set duplex/speed settings of the Fortigate interfaces. Important FIX: depends on which interface you are trying to set! [ Thanks to Chen for pointing out ] Upon careful examination turns out that you can't set duplex/speed settings of 4-port switch interfaces only, i.e. Internal interface of …



Debug VPN in Fortigate - seeing is believing

You can't really debug VPN problems with static show commands, if VPN fails to function you HAVE to see it happening real-time. Below I list few debug commands to do just that for IPSEC site-to-site tunnels in Fortigate. Here: 192.168.168.254 - IP address on the LAN interface of …