FortiGuard Servers are not reachable

Update – 10. November 2021: It seems that the server «45.75.200.89» is not in use anymore – it is «not reachable» at the moment. Please use «194.69.172.53» instead.

Blogpost – 3. November 2020:

From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.

This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.

«FortiGuard Servers are not reachable» weiterlesen

 4,940 total views,  3 views today

Error message: «Unable to load FortiGuard DDNS server list»

For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.

«Error message: «Unable to load FortiGuard DDNS server list»» weiterlesen

 256 total views,  1 views today

FortiWeb v6.4.0 and Let’s Encrypt

FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.

The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient.
So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.

«FortiWeb v6.4.0 and Let’s Encrypt» weiterlesen

 262 total views

Fortigate und Swisscom TV – zum dritten

Unser letzter Beitrag zur Konfiguration einer Fortigate, um zuhause auch Swisscom TV durch die Fortigate zu bekommen, ist schon eine zeitlang her. Deswegen hier mal wieder ein aktueller Beitrag mit einer Fortigate auf FOS 7.0.0 (der auch mit 6.4.5 getestet wurde).

In diesem Beispiel hängt die Swisscom TV Box am DMZ Port der Fortigate und bezieht von dort eine DHCP Adresse, welche per DHCP Reservation fixiert wird:

«Fortigate und Swisscom TV – zum dritten» weiterlesen

 1,669 total views,  3 views today

CheatSheet – FortiOS v6.4

The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.

Hopefully this CheatSheet will help you as well.

You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.

Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)

Happy troubleshooting!

 2,637 total views,  1 views today

Upgrade your FortiMail now!

There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.

The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.

«Upgrade your FortiMail now!» weiterlesen

 2,027 total views,  1 views today