We have adapted our CheatSheet for FortiOS version 7.0 and added new commands. The Cheat Sheet is divided into different sections. Depending on the topic, you can find the necessary commands to display more information or find problems.
We hope that this will contribute to quick solutions of existing problems.
131 total views
Some of you may have noticed that a Fortigate – configured to use the FortiGuard DNS Servers – is not resolving some DNS names anymore.
Consequences can be that FQDN address objects can not be resolved or a configured mail server can not be used anymore.
«Fortiguard DNS servers are enforcing EDNS policies» weiterlesen64 total views, 1 views today
Today WatchGuard launched a new page where you can see the status of WatchGuard Cloud Services.
https://status.watchguard.com/
For each region, you’ll find the current status separated by products and the major features that WatchGuard provides. Every line has a simple status indicator to communicate its condition:
«WatchGuard announced new «Service Status Page»» weiterlesen13 total views, 1 views today
On Mai 2021, Let’s Encrypt issued a note about the expiration of their DST Root CA X3:
https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Now that this root certificate has expired (2021-09-30), your systems might issue a warning when connecting to sites using Let’s Encrypt certificates.
To fix this glitch on a general client, follow the instructions of the link above:
115 total views, 1 views today
For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.
«Error message: «Unable to load FortiGuard DDNS server list»» weiterlesen50 total views, 2 views today
Since last week, we observed a lot of failed SSL-VPN login events on various FortiGate setups.
Most of the administrators saw a rised number of the following log messages in the «VPN Event Log» on the FortiGate / FortiAnalyzer.
And no, there’s no spelling mistakes in the title… That’s the way the log message is named:
date=2021-08-23 time=11:22:33 logid="0101039426" type="event" subtype="vpn" level="alert" vd="root" eventtime=1629710539 logdesc="SSL VPN login fail" action="ssl-login-fail" tunneltype="ssl-web" tunnelid=0 remip=11.22.33.44 user="administrador" group="N/A" dst_host="N/A" reason="sslvpn_login_permission_denied" msg="SSL user failed to logged in"«FortiGate lots of «SSL user failed to logged in» events» weiterlesen
138 total views
In der Schweiz wurde in den letzten Jahren ein immer grösseres Augenmerk auch von politischer und staatlicher Seite auf die Cybersicherheit gelegt. So wurden die zuständigen Stellen reorganisiert und ausgebaut. Ebenfalls haben die zuständigen Stellen online Präsenzen mit vielen nützlichen Informationen geschaffen. Wir möchten euch hier die wichtigsten Info-Seiten, welche vor allem national von Interesse sind vorstellen.
«Cybercrime Informationsquellen» weiterlesen16 total views
FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.
The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient.
So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.
50 total views
Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN tagging to differentiate the traffic to different service providers.
The configuration of the FortiGate is not too complicated in those cases. It is even possible to make the whole configuration directly off the WebGUI.
«FortiGate PPPoE inside a VLAN» weiterlesen63 total views, 1 views today
Netzwerk & Security Administratoren kennen die Problematik. Um Zugriff auf eine serielle Konsole zu bekommen, benötigt es einen Adapter, da kaum mehr ein Notebook einen alten DB9 (DE-9) Anschluss hat. Kein Hersteller liefert aber ein USB Konsolenkabel direkt auf RJ45 Ports, welche heute bei praktisch allen Netzwerk & Security Devices der Standard sind.
Die nervigen Adapter und die teilweise mühsame Treiber Unterstützung hat uns bewogen, ein eigenes Boll Konsolen Kabel entwickeln zu lassen. Folgende Bilder illustrieren das schön:
Konsolen Access früher:
