After Fortigate upgrade v6.4 > v7.0.1 (or later) the S2S-dialup VPNs did not work anymore. Tunnel negotiation is successful and phase 1 and 2 get up. Traffic from spoke is routed into the tunnel, but is seems that the traffic is not received by the hub.
We have created a combined CheatSheet for the FortiAnalyzer and FortiManager OS version 7.0. We have divided sections into FortiAnalyzer Logging, FortiAnalyzer Reporting and FortiManager to find the needed commands faster. CheatSheet FAZ FMGR 7.0 v1.2 We hope that this will contribute to quick solutions of existing problems.
We have adapted our CheatSheet for FortiOS version 7.0 and added new commands. The Cheat Sheet is divided into different sections. Depending on the topic, you can find the necessary commands to display more information or find problems. We hope that this will contribute to quick solutions of existing problems.
Some of you may have noticed that a Fortigate – configured to use the FortiGuard DNS Servers – is not resolving some DNS names anymore. Consequences can be that FQDN address objects can not be resolved or a configured mail server can not be used anymore.
On Mai 2021, Let’s Encrypt issued a note about the expiration of their DST Root CA X3:https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/ Now that this root certificate has expired (2021-09-30), your systems might issue a warning when connecting to sites using Let’s Encrypt certificates. To fix this glitch on a general client, follow the instructions…
FortiWeb v6.4 starts to support the integration with Let’s Encrypt. This allows you to automatically generate server certificates alleviating the need to upload private certificates. The administration guide gives you some information on how to request those Let’s Encrypt certificates but in our opinion the configuration guidelines are not sufficient….
Some providers (like init7.ch which already uses the Swisscom XGS-PON) do encapsulate their PPPoE traffic into a VLAN Tag (802.1Q or Q-Tagged). The reason for this is, that in the majority of the cases the provider is using a layer 2 network (last mile) of another provider, which uses VLAN…
Microsoft has released KB5003646 on the 6th of June 2021. Part of this update is a security hardening measurement to align with recommendations as a conclusion out of CVE-2021-31958. As a known issue of this KB5003646, microsoft has noted in the release notes: “After installing this or later updates, apps…
Last update from 12.05.2021 at 09:40 Swiss local time: We have noticed an improvement in the situation. Some rare rating timeouts still show up from time to time, but the majority of requests are being answered correctly. Also the DNS servers are working as usual again. We have noticed an…
Update, Nov 2020: More than a year after Fortinet described this SSLVPN vulnerability, it gets new attention. A few days ago a list of IPs and domain names of vulnerable Fortigates was published. This list is dated November 2019 and one can only hope that many of these systems have…
Sind Sie interessiert, den BOLL Blog als RSS Feed zu abonnieren?