For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.
«Error message: «Unable to load FortiGuard DDNS server list»» weiterlesen50 total views, 2 views today
Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN tagging to differentiate the traffic to different service providers.
The configuration of the FortiGate is not too complicated in those cases. It is even possible to make the whole configuration directly off the WebGUI.
«FortiGate PPPoE inside a VLAN» weiterlesen63 total views, 1 views today
Netzwerk & Security Administratoren kennen die Problematik. Um Zugriff auf eine serielle Konsole zu bekommen, benötigt es einen Adapter, da kaum mehr ein Notebook einen alten DB9 (DE-9) Anschluss hat. Kein Hersteller liefert aber ein USB Konsolenkabel direkt auf RJ45 Ports, welche heute bei praktisch allen Netzwerk & Security Devices der Standard sind.
Die nervigen Adapter und die teilweise mühsame Treiber Unterstützung hat uns bewogen, ein eigenes Boll Konsolen Kabel entwickeln zu lassen. Folgende Bilder illustrieren das schön:
Konsolen Access früher:
If you want to configure rules for Saas services on the PaloAlto Firewall, you can do this using the App ID for the particular service, or you can use the IP addresses, Domains or URLs of the service in the policy.
However, since Saas services typically do not use only one IP address, domain or URL, and since these can change dynamically, it requires a dynamic list that is constantly updated automatically.
PaloAlto offers this service as «EDL hosting service». External Dynamic Lists (EDL) are dynamic lists that can contain a list of IP addresses, domains or URLs. These lists are periodically queried by the firewall and updated accordingly. These EDL lists can then be used in various policies. Due to the automatic update of the lists, they are always up to date. There is also no need to commit the configuration if the list changes.
«PaloAlto EDL Hosting Service» weiterlesen
In the context of SSL VPN, we sometimes receive the question, if it’s possible to assign IP-addresses using an external DHCP server. Unfortunatly this is not possible on the FortiGate.
«FortiGate SSL VPN: Assign IP-Addresses using an external DHCP Server» weiterlesen
Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not.
In the default setting of a Fortigate the SIP ALG is active.
«Disable the SIP ALG/Session Helper on the Fortigate» weiterlesen
In der Vergangenheit wurde die SEPPmail häufig zwischen dem Secure E-Mail Gateway (AntiSpam) und dem Mailserver implementiert. Dieser Ansatz hat den Nachteil, dass die Inhalte (Attachements, URLs) von verschlüsselten Nachrichten nicht geprüft werden. In diesem Beitrag betrachten wir deshalb die Integration als Loop.
«SEPPmail: Integration mit einem Secure E-Mail Gateway» weiterlesen
On some FortiGate models, you are being asked to connect a self-loopback cable on some ports during the HQIP test. This request looks like the following CLI output:
«DIY: FortiGate HQIP self-loopback cable or plug» weiterlesen
Unser letzter Beitrag zur Konfiguration einer Fortigate, um zuhause auch Swisscom TV durch die Fortigate zu bekommen, ist schon eine zeitlang her. Deswegen hier mal wieder ein aktueller Beitrag mit einer Fortigate auf FOS 7.0.0 (der auch mit 6.4.5 getestet wurde).
In diesem Beispiel hängt die Swisscom TV Box am DMZ Port der Fortigate und bezieht von dort eine DHCP Adresse, welche per DHCP Reservation fixiert wird:
«Fortigate und Swisscom TV – zum dritten» weiterlesen1,489 total views
One of the very powerful features of FortiGate hardware appliances is the hardware acceleration chipset included in the hardware platform. This allows to forward traffic in specific situations directly from the incoming interface to the outgoing interface without passing the CPU of the system. This can safe a huge amount of system load on your FortiGate.
In most cases, hardware acceleration is working flawlessly. But in some very rare cases, hardware acceleration may cause problems. Or the hardware acceleration is not working at all and the packets have to be handled by the CPU of your FortiGate.
This guide will lead you through the important troubleshooting steps.
«FortiGate hardware acceleration step-by-step troubleshooting» weiterlesen
