Error message: «Unable to load FortiGuard DDNS server list»

For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.

«Error message: «Unable to load FortiGuard DDNS server list»» weiterlesen

 0 total views

FortiWeb v6.4.0 and Let’s Encrypt

FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.

The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient.
So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.

«FortiWeb v6.4.0 and Let’s Encrypt» weiterlesen

 2 total views,  2 views today

FortiGate PPPoE inside a VLAN

Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN tagging to differentiate the traffic to different service providers.

The configuration of the FortiGate is not too complicated in those cases. It is even possible to make the whole configuration directly off the WebGUI.

«FortiGate PPPoE inside a VLAN» weiterlesen

 3 total views,  3 views today

Windows update breaks SSO event log readers (FSSO, PAN UIA, WG ELM)

Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958.

As a known issue of this KB5003646, microsoft has noted in the release notes: «After installing this or later updates, apps accessing event logs on remote devices might be unable to connect.»

This is exactly what is happening on Fortinet FSSO (FSSO with FortiGate, as well as FSSO over the FortiAuthenticator) and Palo Alto Networks User-ID Agent. They are not working anymore after the installation of Update KB5003646.

«Windows update breaks SSO event log readers (FSSO, PAN UIA, WG ELM)» weiterlesen