sy – Tech Blog

22. November 202011. Dezember 2020

CheatSheet – FortiOS v6.4

The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.

Hopefully this CheatSheet will help you as well.

You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.

Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)

CheatSheet-FortiOS-6.4-v1.1 Herunterladen

Happy troubleshooting!

1,405 total views

3. November 202018. Januar 2021

FortiGuard Servers are not reachable

From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.

This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.

1,821 total views, 1 views today

30. Juni 202013. Juli 2020

Upgrade your FortiMail now!

There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.

The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.

1,339 total views

10. Juni 20207. Juli 2020

Websites are not working anymore

Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:

4,777 total views

6. Mai 202020. September 2020

Troubleshooting FortiGate SSLVPN problems

Configuring SSLVPN with FortiGate and FortiClient is pretty easy. Nevertheless problems may occur while establishing or using the SSLVPN connection.

18,911 total views, 10 views today

25. März 20207. Juli 2020

Re-Certification Policies during COVID19

Because it’s very difficult to take exams at PearsonVUE right now, you may get in trouble regarding the timely recertification of existing certifications. Therefore some vendors have announced an extension for their recertification expiration:

PaloAltoNetworks is extending the certification expiration date by six month for Credential holders with expiration date between March 1, 2020 and July 31, 2020.

Fortinet is extending the certification expiration by one month so far. We assume that this extension will be extended again :-).
Update March 27th: Fortinet will extend the expiry dates of all existing NSE certifications by 6 months as of March 16th 2020 (the date of PV’s test center closures).

21. März 202010. Juni 2020

Corona-Info: Support Links for Home-/Remote-Office and MultiFactor Authentication

Here you will find the most important support links of our vendors regarding Home-/Remote-Office, Dialup VPNs and MultiFactor Authentication:

1,322 total views

31. Juli 201922. Januar 2020

What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI

Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.

It turned out that during the update process the server certificate used for the WebUI is lost.

Config with v6.0.4 (it does not happen with «self-signed» only):

config system global
  set admin-server-cert "self-signed"
end

26. Juli 201927. Januar 2020

What’s new with FortiOS 6.2: FortiGuard Requests

FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol has changed to https.

23. Juli 20198. August 2019

New PSIRT-Advisory from Fortinet

Last week Fortinet has released a critical PSIRT-Advisory «Improper check for certificate revocation vulnerability»

Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?