FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.
The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient.
«FortiWeb v6.4.0 and Let’s Encrypt» weiterlesen
So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.
Just like for FortiGate releases we created and publish here a collection of CLI commands for troubleshooting the FortiAnalyzer appliances.
FortiAnalyzer Version 6.4
Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not.
In the default setting of a Fortigate the SIP ALG is active.
«Disable the SIP ALG/Session Helper on the Fortigate» weiterlesen
Last update from 12.05.2021 at 09:40 Swiss local time: We have noticed an improvement in the situation. Some rare rating timeouts still show up from time to time, but the majority of requests are being answered correctly. Also the DNS servers are working as usual again.
We have noticed an increase of support requests regarding the FortiGuard DNS rating service (SDNS) today. Therefore we want to inform you about the following issue.
«FortiGuard DNS Rating Server (SDNS) unavailable» weiterlesen
One of the very powerful features of FortiGate hardware appliances is the hardware acceleration chipset included in the hardware platform. This allows to forward traffic in specific situations directly from the incoming interface to the outgoing interface without passing the CPU of the system. This can safe a huge amount of system load on your FortiGate.
In most cases, hardware acceleration is working flawlessly. But in some very rare cases, hardware acceleration may cause problems. Or the hardware acceleration is not working at all and the packets have to be handled by the CPU of your FortiGate.
This guide will lead you through the important troubleshooting steps.
«FortiGate hardware acceleration step-by-step troubleshooting» weiterlesen
SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the traffic is routed over another interface in case of an outage.
«FortiGate: Deny-Policies for SD-WAN members» weiterlesen
Spoiler Alert! – Since the release of macOS 11.0 aka Big Sur, your FortiClient VPN might not be working as expected anymore if you have already upgraded.
There’s a chance you might not have noticed it, in the case that you’re using SSL VPN only in your environment. But as soon as you also have IPsec tunnels you’d like to use, you might find yourself with a successfully established tunnel, but no traffic is reaching your remote end.
«FortiClient and macOS Big Sur – SSL top, IPsec flop» weiterlesen
The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.
Hopefully this CheatSheet will help you as well.
You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.
Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)
2,241 total views, 5 views today
From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.
This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.
«FortiGuard Servers are not reachable» weiterlesen
3,775 total views, 11 views today