FortiGate: Deny-Policies for SD-WAN members

SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the…

Loading

read more

CVE-2022-40684 – Fortinet: Authentication bypass on administrative interface (HTTP/HTTPS) (Deutsch)

Englische Version: CVE-2022-40684 – Fortinet Authentication bypass on administrative interface (HTTP/HTTPS) (English) Sie haben sicherlich (und hoffentlich) die Informationen über die veröffentlichte Fortigate-Schwachstelle beim Zugriff auf die Administration gelesen und die entsprechenden Patches installiert. Wir haben alle Informationen hier noch einmal für Sie zusammengestellt.

Loading

read more

FortiGate VM License Troubleshooting

When you setup a new FortiGate VM, sometimes the licensing process is not working as expected. To simplify the process of licensing a FortiGate VM for you, we have created this guide. Let’s first have a look into the licensing process on the FortiGate VM, before we discuss the Troubleshooting….

Loading

read more

Fortigate: L2TP over IPsec configuration needs to be manually updated after upgrading from 6.4.x or 7.0.x

Fortinet has added a special note in the release notes of FortiOS 7.0 as follow: Source:https://docs.fortinet.com/document/fortigate/7.0.6/fortios-release-notes/927994/l2tp-over-ipsec-configuration-needs-to-be-manually-updated-after-upgrading-from-6-4-x-or-7-0-0-to-7-0-1-and-later Unfortunately the second point does not clearly state which policy exactly needs to be changed.Here is a screenshot of the changed policy: As you can see, the policy from the l2tp client to the…

Loading

read more

FortiGate Custom Language

If you want to use custom languages on FortiGate generated websites, like the SSL VPN page, you can add additional self-made translation files to the FortiGate. Note at the beginning: This is a new feature under FortiOS 6.4.5 . It was available before but was not working. First you need…

Loading

read more

SEPPmail: SwissSign S/MIME Zertifikate müssen neu ausgestellt werden

SwissSign hat am Montag, 25. April 2022 mehrere Kunden angeschrieben*, dass aufgrund regulatorischer Vorgaben bestimmte E-Mail S/MIME Zertifikate kurzfristig revoziert und ersetzt werden müssen. Die genauen Details und eine Liste dieser Zertifikate erhalten die betroffenen Kunden von SwissSign per IncaMail mitgeteilt. SEPPmail hat am 28. April 2022 die Version 12.1.9 veröffentlicht….

Loading

read more