FortiWeb v6.4.0 and Let’s Encrypt

FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates.

The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient.
So we tried to give some more information on how to configure FortiWeb to obtain a server certificate from Let’s encrypt and how to use them in the server policy.

«FortiWeb v6.4.0 and Let’s Encrypt» weiterlesen

FortiGuard DNS Rating Server (SDNS) unavailable

Last update from 12.05.2021 at 09:40 Swiss local time: We have noticed an improvement in the situation. Some rare rating timeouts still show up from time to time, but the majority of requests are being answered correctly. Also the DNS servers are working as usual again.

We have noticed an increase of support requests regarding the FortiGuard DNS rating service (SDNS) today. Therefore we want to inform you about the following issue.

«FortiGuard DNS Rating Server (SDNS) unavailable» weiterlesen

FortiGate hardware acceleration step-by-step troubleshooting

One of the very powerful features of FortiGate hardware appliances is the hardware acceleration chipset included in the hardware platform. This allows to forward traffic in specific situations directly from the incoming interface to the outgoing interface without passing the CPU of the system. This can safe a huge amount of system load on your FortiGate.

In most cases, hardware acceleration is working flawlessly. But in some very rare cases, hardware acceleration may cause problems. Or the hardware acceleration is not working at all and the packets have to be handled by the CPU of your FortiGate.

This guide will lead you through the important troubleshooting steps.

«FortiGate hardware acceleration step-by-step troubleshooting» weiterlesen

FortiGate: Deny-Policies for SD-WAN members

SD-WAN is a cool feature to configure redundant internet access. But it was designed with load-balancing in mind and this brings some challenges to specific use cases. As an example, while you can use SD-WAN rules to define the preferred path for a specific application/system, it won’t prevent that the traffic is routed over another interface in case of an outage.

«FortiGate: Deny-Policies for SD-WAN members» weiterlesen

FortiClient and macOS Big Sur – SSL top, IPsec flop

Spoiler Alert! – Since the release of macOS 11.0 aka Big Sur, your FortiClient VPN might not be working as expected anymore if you have already upgraded.

There’s a chance you might not have noticed it, in the case that you’re using SSL VPN only in your environment. But as soon as you also have IPsec tunnels you’d like to use, you might find yourself with a successfully established tunnel, but no traffic is reaching your remote end.

«FortiClient and macOS Big Sur – SSL top, IPsec flop» weiterlesen

CheatSheet – FortiOS v6.4

The System Engineers of BOLL Engineering have been supporting Fortigate devices for 18 years. This year, FortiOS v6.4 was released and we have again gathered all the troubleshooting commands that we use regularly in our new CheatSheet.

Hopefully this CheatSheet will help you as well.

You will find the most important commands on the first page. The second page contains troubleshooting commands for problems with firewall policies and security profiles, followed by the third page with commands for network problems. The last page covers system and hardware commands and general information.

Updated to v1.1 (addition and correction for FortiToken, 11.12.2020)

Happy troubleshooting!

 2,241 total views,  5 views today