Motivation As a distributor we offer various security products from different vendors. On the one hand these are FortiGate and PaloAltoNetworks NGFW firewalls to make the perimeter more secure, on the other hand products & services from Kaspersky. Kaspersky offers various threat feeds that can be used in other products….
FortiGate Memory and CPU Troubleshooting
From time to time we face performance problems on FortiGate units in our daily support life. Most often the impacts of performance problems on the FortiGate are not typical. Or let’s say “not as an admin that is not familiar with FortiGates would expect”. The expectations vary from high delay…
New FortiOS firmware patches released
Maybe you have already noticed (or maybe you have been informed by our Fortinet Firmware Update mailing list) that Fortinet has released of some new FortiOS patches on Feb. 7, 2024. To be more precise – all Fortinet minor and major versions that are running on Fortigate models that are…
10 FortiGate Configurations That Can Cause Slow Performance
In this post we want to share some of the most seen reasons for slow performance on FortiGate appliances with you. This are experiences we’ve made in our support department and is not a concluding list. Traffic shapers Traffic shaping is an evergreen topic. We have already written two blog…
Upgrading a Fortigate without support contract to FortiOS 7.4.2
Maybe you have read in the “New Features” Guide for 7.4 about this new feature: “Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release”. Here it is explained that you cannot upgrade your Fortigate to a higher major or minor version (eg. upgrading…
FortiGate remote-management over FortiGateCloud: This FortiCloud account (“user.name@domain.com”) is not authorized to sign in on this FortiGate
Since FortiOS 7.4.2 it is possible to log into your FortiGate WebAdmin locally or via the remote management feature in the FortiGate Cloud using the FortiCloud IAM credentials. The configuration procedure is quite simple and documented in this Fortinet KB article. A very important detail from this article is the…
FortiGate: Deny-Policies for SD-WAN members
SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the…
CheatSheet FortiOS v7.4
We are happy to present you the new cheat sheet for FortiOS version 7.4.If you have an idea for the cheat sheet, please let us know in the comments. We wish you good luck with troubleshooting.
FortiOS 7.4.1 is released
Last Friday the first patch for FortiOS 7.4 has been released. As always with a brand new minor or major FortiOS version a lot of issues have been resolved and a lot of new features have been introduced. No Security Fabric root for FG60E/F anymore Interestingly, however, we found an…
CVE-2023-27997 – FortiOS & FortiProxy – Heap buffer overflow in sslvpn pre-authentication
Please note the vulnerabilities in Fortinet products published in June. In particular, we would like to mention the vulnerability in FortiOS, which affects SSLVPN access and poses a major threat with a CVSSv3 score of 9.2. Fortinet PSIRT: https://www.fortiguard.com/psirt/FG-IR-23-097CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27997 Affected are FortiOS versions 6.0 to 7.2. Fortinet has already…