If you want to configure rules for Saas services on the PaloAlto Firewall, you can do this using the App ID for the particular service, or you can use the IP addresses, Domains or URLs of the service in the policy. However, since Saas services typically do not use only…
Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958. As a known issue of this KB5003646, microsoft has noted in the release notes: “After installing this or later updates, apps…
If you are not using your account for PSAT admin access on a regular basis, your account will get locked down automatically after 92 days (this is a default value that can be adjusted). Accounts are also being locked after 5 unsuccessfull login attempts by default. To unlock your account,…
In the context of SSL VPN, we sometimes receive the question, if it’s possible to assign IP-addresses using an external DHCP server. Unfortunatly this is not possible on the FortiGate. >> Possible since FOS 7.0.6 and FOS 7.2.1.
In the last few days, more and more articles about vulnerabilities in the Wifi area have appeared. These FragAttacks (fragmentation and aggregation attacks) which is a collection of new security vulnerabilities affects Wi-Fi devices from different vendors. heise.de: FragAttacks: Neue Angriffe gefährden nahezu alle WLAN-Geräte (German article) There is a…
Just like for FortiGate releases we created and publish here a collection of CLI commands for troubleshooting the FortiAnalyzer appliances. FortiAnalyzer Version 6.4
Last update: 30.10.2025 General Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not. In the default setting of a Fortigate the SIP ALG is active.
Last update from 12.05.2021 at 09:40 Swiss local time: We have noticed an improvement in the situation. Some rare rating timeouts still show up from time to time, but the majority of requests are being answered correctly. Also the DNS servers are working as usual again. We have noticed an…
In der Vergangenheit wurde die SEPPmail häufig zwischen dem Secure E-Mail Gateway (AntiSpam) und dem Mailserver implementiert. Dieser Ansatz hat den Nachteil, dass die Inhalte (Attachements, URLs) von verschlüsselten Nachrichten nicht geprüft werden. In diesem Beitrag betrachten wir deshalb die Integration als Loop.
On some FortiGate models, you are being asked to connect a self-loopback cable on some ports during the HQIP test. This request looks like the following CLI output:
Sind Sie interessiert, den BOLL Blog als RSS Feed zu abonnieren?