FortiClient and macOS Big Sur – SSL top, IPsec flop

Spoiler Alert! – Since the release of macOS 11.0 aka Big Sur, your FortiClient VPN might not be working as expected anymore if you have already upgraded.

There’s a chance you might not have noticed it, in the case that you’re using SSL VPN only in your environment. But as soon as you also have IPsec tunnels you’d like to use, you might find yourself with a successfully established tunnel, but no traffic is reaching your remote end.

„FortiClient and macOS Big Sur – SSL top, IPsec flop“ weiterlesen

CheatSheet – FortiOS v6.4

The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.

Hopefully this CheatSheet will help you as well.

You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.

Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)

Happy troubleshooting!

 1,010 total views,  1 views today

Re-Certification Policies during COVID19

Because it’s very difficult to take exams at PearsonVUE right now, you may get in trouble regarding the timely recertification of existing certifications. Therefore some vendors have announced an extension for their recertification expiration:

PaloAltoNetworks is extending the certification expiration date by six month for Credential holders with expiration date between March 1, 2020 and July 31, 2020.

Fortinet is extending the certification expiration by one month so far. We assume that this extension will be extended again :-).
Update March 27th: Fortinet will extend the expiry dates of all existing NSE certifications by 6 months as of March 16th 2020 (the date of PV’s test center closures).

FortiClient VPN 6.2

Mit dem Release von FortiClient 6.2 wurde der bisherige Full Featured FortiClient lizenzpflichtig und setzt einen FortiClient EMS Server voraus. Im Gegenzug hat Fortinet einen separaten VPN-only Client veröffentlicht. Fortinet beschreibt den FortiClient VPN folgendermassen:

For FortiGate administrators, a free version of FortiClient VPN is available which supports basic IPsec and SSL VPN and does not require registration with EMS. This version does not include central management, technical support, or some advanced features.

Basic IPsec and SSL VPN bedeutet in diesem Zusammenhang, dass folgende Features nicht enthalten sind:

  • IKEv2 support
  • VPN auto-connect/always-up
  • on-net/off-net
  • host check features
  • Central management

Ebenfalls gibt es für die Version 6.2 kein FortiClient Configuration Tool . Um benutzerdefinierte Installationspakete zu erstellen, wird zwingend ein FortiClient EMS Server benötigt.

Der FortiClient VPN ist unter https://www.forticlient.com/downloads erhältlich. Weitere Informationen dazu gibt es im KB Limitation and features on Forticlient.

WatchGuard Fireware 12.5

Watchguard is going to release Fireware version 12.5 in the next few days / weeks. From the public beta phase some new features are already known, which I would like to introduce here:

Update: Fireware 12.5 has been released.
Please check the “ What’s New in Fireware v12.5 “ presentation for detailed information.

Reverse Proxy for the Access Portal

In the Access Portal configuration, you can now configure reverse proxy actions so remote users can connect to internal web applications and Microsoft Exchange services with an external URL. With reverse proxy actions, you can give remote teams access to internal resources without the need for a VPN. Multi-factor authentication is supported as well.

„WatchGuard Fireware 12.5“ weiterlesen

Migrate Fortigate Configurations with FortiConverter

Starting with FortiConverter 6.0, any kind of conversion requires a valid license

Fortinet has published a very nice and helpful tool for converting firewall configs from other vendors into a Fortigate configuration file. Also an old Fortigate config file can be used as the source file.

So if you are going to replace an old Fortigate model with a new one and you want use the old config file (instead of configuring the new Fortigate from the scratch) you can use the FortiConverter as an alternative to the procedure we have described in one of our former blog post „How to transfer a FortiGate configuration file to a new FortiGate unit of a different model“.

„Migrate Fortigate Configurations with FortiConverter“ weiterlesen