Just like for FortiGate releases we created and publish here a collection of CLI commands for troubleshooting the FortiAnalyzer appliances.
FortiAnalyzer Version 6.4
Unser letzter Beitrag zur Konfiguration einer Fortigate, um zuhause auch Swisscom TV durch die Fortigate zu bekommen, ist schon eine zeitlang her. Deswegen hier mal wieder ein aktueller Beitrag mit einer Fortigate auf FOS 7.0.0 (der auch mit 6.4.5 getestet wurde).
In diesem Beispiel hängt die Swisscom TV Box am DMZ Port der Fortigate und bezieht von dort eine DHCP Adresse, welche per DHCP Reservation fixiert wird:«Fortigate und Swisscom TV – zum dritten» weiterlesen
1,113 total views
The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.
Hopefully this CheatSheet will help you as well.
You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.
Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)
1,918 total views, 7 views today
From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.
This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.«FortiGuard Servers are not reachable» weiterlesen
3,146 total views, 10 views today
There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.
The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.«Upgrade your FortiMail now!» weiterlesen
1,601 total views, 1 views today
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:«Websites are not working anymore» weiterlesen
4,980 total views, 2 views today
Configuring SSLVPN with FortiGate and FortiClient is pretty easy. Nevertheless problems may occur while establishing or using the SSLVPN connection.«Troubleshooting FortiGate SSLVPN problems» weiterlesen
28,606 total views, 79 views today
Because it’s very difficult to take exams at PearsonVUE right now, you may get in trouble regarding the timely recertification of existing certifications. Therefore some vendors have announced an extension for their recertification expiration:
PaloAltoNetworks is extending the certification expiration date by six month for Credential holders with expiration date between March 1, 2020 and July 31, 2020.
Fortinet is extending the certification expiration by one month so far. We assume that this extension will be extended again :-).
Update March 27th: Fortinet will extend the expiry dates of all existing NSE certifications by 6 months as of March 16th 2020 (the date of PV’s test center closures).
Here you will find the most important support links of our vendors regarding Home-/Remote-Office, Dialup VPNs and MultiFactor Authentication:«Corona-Info: Support Links for Home-/Remote-Office and MultiFactor Authentication» weiterlesen
1,434 total views, 1 views today
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with «self-signed» only):
config system global«What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI» weiterlesen
set admin-server-cert "self-signed"