sy – Tech Blog

30. Juni 202013. Juli 2020

Upgrade your FortiMail now!

There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.

The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.

748 total views, 6 views today

10. Juni 20207. Juli 2020

Websites are not working anymore

Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:

1,787 total views, 16 views today

6. Mai 202020. September 2020

Troubleshooting FortiGate SSLVPN problems

Configuring SSLVPN with FortiGate and FortiClient is pretty easy. Nevertheless problems may occur while establishing or using the SSLVPN connection.

6,623 total views, 102 views today

25. März 20207. Juli 2020

Re-Certification Policies during COVID19

Because it’s very difficult to take exams at PearsonVUE right now, you may get in trouble regarding the timely recertification of existing certifications. Therefore some vendors have announced an extension for their recertification expiration:

PaloAltoNetworks is extending the certification expiration date by six month for Credential holders with expiration date between March 1, 2020 and July 31, 2020.

Fortinet is extending the certification expiration by one month so far. We assume that this extension will be extended again :-).
Update March 27th: Fortinet will extend the expiry dates of all existing NSE certifications by 6 months as of March 16th 2020 (the date of PV’s test center closures).

21. März 202010. Juni 2020

Corona-Info: Support Links for Home-/Remote-Office and MultiFactor Authentication

Here you will find the most important support links of our vendors regarding Home-/Remote-Office, Dialup VPNs and MultiFactor Authentication:

1,019 total views, 2 views today

31. Juli 201922. Januar 2020

What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI

Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.

It turned out that during the update process the server certificate used for the WebUI is lost.

Config with v6.0.4 (it does not happen with „self-signed“ only):

config system global
  set admin-server-cert "self-signed"
end

26. Juli 201927. Januar 2020

What’s new with FortiOS 6.2: FortiGuard Requests

FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol has changed to https.

23. Juli 20198. August 2019

New PSIRT-Advisory from Fortinet

Last week Fortinet has released a critical PSIRT-Advisory „Improper check for certificate revocation vulnerability“

Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?

13. Juni 201918. Juni 2020

Migrate Fortigate Configurations with FortiConverter

Starting with FortiConverter 6.0, any kind of conversion requires a valid license

Fortinet has published a very nice and helpful tool for converting firewall configs from other vendors into a Fortigate configuration file. Also an old Fortigate config file can be used as the source file.

So if you are going to replace an old Fortigate model with a new one and you want use the old config file (instead of configuring the new Fortigate from the scratch) you can use the FortiConverter as an alternative to the procedure we have described in one of our former blog post „How to transfer a FortiGate configuration file to a new FortiGate unit of a different model“.

17. September 20188. August 2019

CheatSheet – FortiOS v6.0

This week we start with the update of the cheatsheet for version 6.0.

The Tech-Team of BOLL Engineering wishes you happy troubleshooting!