Since a while, the most recent macOS versions the system do report the use of „legacy system extensions“ which is often triggered by modules or plugins of low-level software like VPN Clients, AV software etc.„FortiClient/PaloAlto Support for Catalina – „legacy system extensions“ error“ weiterlesen
Did you know, that on the FortiAP FAP-C24JE, the VLAN ID’s 898 and 899 are reserved for system use?
Or that the FortiAP models FAP-S221E, FAP-S223E, FAP-221E, FAP-222E, FAP-223E and FAP-224E can not work with VLAN ID 97 and 98? I’m sure you already guessed it: These ID’s are reserved for system use.„FortiAP and VLAN ID 97 or 98“ weiterlesen
There seems to be a vulnerarbility in some FortiMail versions, that allow an unauthenticated remote attacker to access the system by requesting a password change. Please refer to the FortiGuard PSIRT article.
The problem here is not only the unauthorized access to the system, but also the change of the password of all configured administrative accounts. Also, the maintainer functionality to reset the administrator password over a serial console of the FortiMail is being disabled from the attacker.„Upgrade your FortiMail now!“ weiterlesen
158 total views, 18 views today
Since June 1st you may notice that some websites (https) are not working anymore when Fortigate or the Palo Alto Networks Firewall is doing decryption or certificate inspection. Typically you are getting one of the following error messages:„Websites are not working anymore“ weiterlesen
364 total views, 6 views today
Due to several known issues, we do not yet recommend FortiOS 6.2 in productive environments.„FortiOS 6.2: Upgrade Notes“ weiterlesen
Recently we have had a few support cases where a customer was unable to log in to the firewall via WebUI after the firmware update. But SSH access worked fine.
It turned out that during the update process the server certificate used for the WebUI is lost.
Config with v6.0.4 (it does not happen with „self-signed“ only):
config system global„What’s new with FortiOS 6.2/6.0.8: Update issue with certificate for WebUI“ weiterlesen
set admin-server-cert "self-signed"
FortiOS v6.2 has been released in March this year and we are still gaining experience with this version. In this article we would like to draw you attention to the protocol which is used for FortiGuard service communication. Up to v6.0 udp has been used, with 6.2 the default protocol has changed to https.„What’s new with FortiOS 6.2: FortiGuard Requests“ weiterlesen
Last week Fortinet has released a critical PSIRT-Advisory „Improper check for certificate revocation vulnerability“
Unfortunately the article does not give exact information regarding the background or the solution and we couldn’t find further information about the issue, either. Maybe you have more information?„New PSIRT-Advisory from Fortinet“ weiterlesen
Die Fortinet WiFi Produkte erfreuen sich schon länger zunehmender Beliebtheit. Dies nicht zuletzt, weil die FortiAP und Controller je länger je angewandtere Technologien bieten und daher unterdessen praktisch alle vorstellbaren Einsatzszenarien abdecken.
Da mit dem Featureset zugleich auch die Komplexität der Systeme mit wächst, möchten wir ihnen mit diesem Artikel einen Überblick über die Technologie, die Funktionalität und deren Einschränkungen verschaffen.„Fortinet Wireless FAQ“ weiterlesen
Starting with FortiConverter 6.0, any kind of conversion requires a valid license
Fortinet has published a very nice and helpful tool for converting firewall configs from other vendors into a Fortigate configuration file. Also an old Fortigate config file can be used as the source file.
So if you are going to replace an old Fortigate model with a new one and you want use the old config file (instead of configuring the new Fortigate from the scratch) you can use the FortiConverter as an alternative to the procedure we have described in one of our former blog post „How to transfer a FortiGate configuration file to a new FortiGate unit of a different model“.„Migrate Fortigate Configurations with FortiConverter“ weiterlesen