Troubleshooting – Tech Blog

30. November 20219. Dezember 2021

Fortigate S2S-Dialup VPN – Traffic does not run through IPsec tunnel anymore

After Fortigate upgrade v6.4 > v7.0.1 (or later) the S2S-dialup VPNs did not work anymore. Tunnel negotiation is successful and phase 1 and 2 get up. Traffic from spoke is routed into the tunnel, but is seems that the traffic is not received by the hub.

23. November 202125. November 2021

CheatSheet – FortiAnalyzer & FortiManager v7.0

We have created a combined CheatSheet for the FortiAnalyzer and FortiManager OS version 7.0. We have divided sections into FortiAnalyzer Logging, FortiAnalyzer Reporting and FortiManager to find the needed commands faster.

CheatSheet FAZ FMGR 7.0 Herunterladen

We hope that this will contribute to quick solutions of existing problems.

256 total views

10. November 20217. Januar 2022

FortiGuard Servers are not reachable

Update – 10. November 2021: It seems that the server «45.75.200.89» is not in use anymore – it is «not reachable» at the moment. Please use «194.69.172.53» instead.

Blogpost – 3. November 2020:

From time to time customers noticed that the Fortigate cannot reach the Fortiguard Servers anymore.

This is displayed in the Dashboard or users are complaining that the Webfilter or DNS Filter Service is not working anymore.

5,633 total views

14. Oktober 202118. Oktober 2021

CheatSheet – FortiOS v7.0

We have adapted our CheatSheet for FortiOS version 7.0 and added new commands. The Cheat Sheet is divided into different sections. Depending on the topic, you can find the necessary commands to display more information or find problems.

CheatSheet FortiOS 7.0 v1.0 Herunterladen

We hope that this will contribute to quick solutions of existing problems.

546 total views

1. Oktober 202118. Oktober 2021

WatchGuard announced new «Service Status Page»

Today WatchGuard launched a new page where you can see the status of WatchGuard Cloud Services.

https://status.watchguard.com/

For each region, you’ll find the current status separated by products and the major features that WatchGuard provides. Every line has a simple status indicator to communicate its condition:

179 total views

22. September 202118. Oktober 2021

Error message: «Unable to load FortiGuard DDNS server list»

For some reasons Fortigates are are not able to load the FortiGuard DDNS server list. Therefore you are not able to configure DynDNS on your Fortigate anymore. In the WebUI you will see following error message under Network > DNS > FortiGuard DDNS and you are not able to list any server with the drop-down menu.

420 total views, 1 views today

23. Juni 202124. Juni 2021

BOLL Konsolenkabel

Netzwerk & Security Administratoren kennen die Problematik. Um Zugriff auf eine serielle Konsole zu bekommen, benötigt es einen Adapter, da kaum mehr ein Notebook einen alten DB9 (DE-9) Anschluss hat. Kein Hersteller liefert aber ein USB Konsolenkabel direkt auf RJ45 Ports, welche heute bei praktisch allen Netzwerk & Security Devices der Standard sind.

Die nervigen Adapter und die teilweise mühsame Treiber Unterstützung hat uns bewogen, ein eigenes Boll Konsolen Kabel entwickeln zu lassen. Folgende Bilder illustrieren das schön:

Konsolen Access früher:

24. Mai 202114. Oktober 2021

CheatSheet – FortiAnalyzer v6.4

Just like for FortiGate releases we created and publish here a collection of CLI commands for troubleshooting the FortiAnalyzer appliances.

FortiAnalyzer Version 6.4

CheatSheet-FortiAnalyzer-6.4-1 Herunterladen

3. März 202117. Mai 2021

How to transfer a FortiGate configuration to a newer model

During the lifecycle of firewalls, they are often replaced with a newer model, but you would like to keep the configuration. In this case, there are several possibilities, which we present in this blog post:

1. FortiConverter Service
2. FortiConverter Tool
3. Partial Config Transfer
4. Full Config Transfer

Den deutschen Artikel dazu finden Sie hier: So übertragen Sie eine FortiGate Konfiguration auf ein neueres Modell

2. März 20212. Mai 2021

Netzwerk Subnettierung

Öfters sehen wir Fragen oder Probleme zur korrekten Subnettierung von Netzen. Mit dem folgenden Raster kann man schnell und einfach die richtige Anzahl Host oder die Subnetzmaske herausfinden.

Die erste Adresse des Subnetz nennt man Netzadresse. Diese kann nicht für Hosts verwendet werden (Bsp. 192.168.10.0 bei einem Subnetz von 255.255.255.0 oder /24)

Ebenso die letzte Adresse des Subnetz. Diese ist die Broadcast Adresse und steht Clients nicht zur Verfügung (Bsp. 192.168.10.255 bei einem Subnetz von 255.255.255.0 oder /24)

Die verbleibenden IP Adressen können von Hosts genutzt werden (Anzahl Hosts in der Tabelle, also 256-2= 254 bei einem Subnetz von 255.255.255.0 oder /24)