With FortiOS 6.2 a few new CLI commands have been added to the Security Fabric or Switch integration. That’s why we created a new version of the Cheat Sheet and published it here.
CheatSheet – FortiOS Version 6.2
WatchGuard Authentication fails with AuthPoint Gateway lower than version 5.1.5
What is the problem?
AuthPoint Gateway software must be updated to the latest available version, v5.1.5 before the week of 10 October 2019. If you do not update your AuthPoint Gateway before 10 October, it is likely that all authentication will fail for your AuthPoint user base.
When must I update my AuthPoint Gateway?
If
you use AuthPoint Gateway software v5.1.3.158 or lower, you must update
your Gateway software to v5.1.5 as soon as possible. If you update your
Gateway software before the dates referenced below, this issue will not
impact you.
- For AuthPoint users in the APAC cloud region – 10 October 2019
- For AuthPoint users in the EMEA cloud region – 16 October 2019
- For AuthPoint users in the AMER cloud region – 17 October 2019
Fortinet PowerPoint Icon Library
Fortinet stellt eine PowerPoint Icon Library für die Erstellung von Präsentationen zur Verfügung.
Sie können die Icon Library von unserem Doc-Server herunterladen:
August 2019
https://doc.boll.ch/virtual/1522/FTNT-IconLibrary-August-2019.zip
März 2016
http://doc.boll.ch/virtual/1221/FTNT-IconLibrary-16-08-01.ppt
März 2016
http://doc.boll.ch/virtual/1186/FTNT-IconLibrary-16-03-01-Public.pptx
FortiOS 6.2: Upgrade Notes
As with every software product, even the latest and greatest releases have some known glitches. That’s one of the reasons why you should review the release notes as part of the upgrade process.
But even then you might face a not-yet-documented issue. You’ll find some notable examples below.
FortiAPs won’t connect anymore (6.2.1)
Some customers have reported, that their FortiAPs won’t connect anymore after upgrading to FortiOS 6.2.1. Fortinet has confirmed that this is a know issue only when using trusted hosts to restrict the administrative access to the FortiGate.
The official workaround is to add the FortiAP’s IP or subnet as an additional trusted host entry on one of the admin users:
config system admin
edit "adminuser"
set trusthostx 10.33.33.3 255.255.255.255 <-- IP Address of the FortiAP
next
end
RADIUS Server behind VPN-Tunnel not working (6.2.1)
When using a RADIUS server behind an IPsec-tunnel, you most likely had to configure the source-ip in the radius configuration (normally to the internal address of the firewall). A bug in FortiOS 6.2.1 prevents this from working. As a workaround you’ll have to use an ip address owned by the outgoing interface.
config user radius
edit "nps-server"
set source-ip "192.168.101.99" <-- IP Address of the outgoing (IPsec)interface
next
end
What’s new with FortiOS 6.2: Update issue with certificate for WebUI
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with „self-signed“ only):
config system global„What’s new with FortiOS 6.2: Update issue with certificate for WebUI“ weiterlesen
set admin-server-cert "self-signed"
end
What’s new with FortiOS 6.2: FortiGuard Requests
FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol has changed to https.
New PSIRT-Advisory from Fortinet
Last week Fortinet has released a critical PSIRT-Advisory „Improper check for certificate revocation vulnerability“
Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?
„New PSIRT-Advisory from Fortinet“ weiterlesenFortinet Wireless FAQ
Die Fortinet WiFi Produkte erfreuen sich schon länger zunehmender Beliebtheit. Dies nicht zuletzt, weil die FortiAP und Controller je länger je angewandtere Technologien bieten und daher unterdessen praktisch alle vorstellbaren Einsatzszenarien abdecken.
Da mit dem Featureset zugleich auch die Komplexität der Systeme mit wächst, möchten wir ihnen mit diesem Artikel einen Überblick über die Technologie, die Funktionalität und deren Einschränkungen verschaffen.
„Fortinet Wireless FAQ“ weiterlesenWatchGuard Fireware 12.5
Watchguard is going to release Fireware version 12.5 in the next few days / weeks. From the public beta phase some new features are already known, which I would like to introduce here:
Update: Fireware 12.5 has been released.
Please check the “ What’s New in Fireware v12.5 “ presentation for detailed information.
Reverse Proxy for the Access Portal
In the Access Portal configuration, you can now configure reverse proxy actions so remote users can connect to internal web applications and Microsoft Exchange services with an external URL. With reverse proxy actions, you can give remote teams access to internal resources without the need for a VPN. Multi-factor authentication is supported as well.
„WatchGuard Fireware 12.5“ weiterlesenMigrate Fortigate Configurations with FortiConverter
Fortinet has published a very nice and helpful tool for converting firewall configs from other vendors into a Fortigate configuration file. Also an old Fortigate config file can be used as the source file.
So if you are going to replace an old Fortigate model with a new one and you want use the old config file (instead of configuring the new Fortigate from the scratch) you can use the FortiConverter as an alternative to the procedure we have described in one of our former blog post „How to transfer a FortiGate configuration file to a new FortiGate unit of a different model“.
„Migrate Fortigate Configurations with FortiConverter“ weiterlesen