We have adapted our CheatSheet for FortiOS version 7.0 and added new commands. The Cheat Sheet is divided into different sections. Depending on the topic, you can find the necessary commands to display more information or find problems.
For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.
FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.
The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient. So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.
Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN tagging to differentiate the traffic to different service providers.
The configuration of the FortiGate is not too complicated in those cases. It is even possible to make the whole configuration directly off the WebGUI.
Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958.
As a known issue of this KB5003646, microsoft has noted in the release notes: «After installing this or later updates, apps accessing event logs on remote devices might be unable to connect.»
This is exactly what is happening on Fortinet FSSO (FSSO with FortiGate, as well as FSSO over the FortiAuthenticator) and Palo Alto Networks User-ID Agent. They are not working anymore after the installation of Update KB5003646.